Aha! Thanks for those tips @fernando . With some tinkering, I arrived at:
nat {
destination {
rule 5 {
destination {
address !192.168.98.0/24
port 80
}
inbound-interface eth1
protocol tcp
source {
}
translation {
address 192.168.98.1
port 6502
}
}
rule 6 {
destination {
address !192.168.98.0/24
port 443
}
inbound-interface eth1
protocol tcp
translation {
address 192.168.98.1
port 6510
}
}
}
Which produces the following nftables rules in table nat, chain PREROUTING:
iifname "eth1" ip daddr != 192.168.98.0/24 tcp dport { 80 } counter packets 6 bytes 312 dnat to 192.168.98.1:6502 comment "DST-NAT-5"
iifname "eth1" ip daddr != 192.168.98.0/24 tcp dport { 443 } counter packets 21 bytes 1092 dnat to 192.168.98.1:6510 comment "DST-NAT-6"
This is very close to what I’m wanting above in my original post. The main difference is that
here we’re applying an action of
dnat to 192.168.98.1:<port>
rather than my original post where we simply
redirect to :<port>
Functionally, it’s looking like this dnat action mentioned above is doing what I want it to, however, the purist in me would like to know: Is it possible to invoke the “cleaner” redirect action from the VyOS CLI?