table ip nat { chain VYOS_PRE_SNAT_HOOK { type nat hook postrouting priority srcnat - 1; policy accept; return } } table inet mangle { chain FORWARD { type filter hook forward priority mangle; policy accept; } } table ip raw { ct helper rpc_tcp { type "rpc" protocol tcp l3proto ip } ct helper rpc_udp { type "rpc" protocol udp l3proto ip } ct helper tns_tcp { type "tns" protocol tcp l3proto ip } chain VYOS_TCP_MSS { type filter hook forward priority raw; policy accept; } chain PREROUTING { type filter hook prerouting priority -200; policy accept; counter packets 20790 bytes 3125089 jump VYOS_CT_IGNORE counter packets 20790 bytes 3125089 jump VYOS_CT_HELPER counter packets 20790 bytes 3125089 jump VYOS_CT_TIMEOUT counter packets 20790 bytes 3125089 jump VYOS_CT_PREROUTING_HOOK counter packets 20790 bytes 3125089 jump NAT_CONNTRACK counter packets 0 bytes 0 jump FW_CONNTRACK notrack } chain OUTPUT { type filter hook output priority -200; policy accept; counter packets 4611 bytes 242622 jump VYOS_CT_IGNORE counter packets 4611 bytes 242622 jump VYOS_CT_HELPER counter packets 4611 bytes 242622 jump VYOS_CT_TIMEOUT counter packets 4611 bytes 242622 jump VYOS_CT_OUTPUT_HOOK counter packets 4611 bytes 242622 jump NAT_CONNTRACK counter packets 0 bytes 0 jump FW_CONNTRACK notrack } chain VYOS_CT_HELPER { ct helper set "tns_tcp" tcp dport { 1521, 1525, 1536 } return ct helper set "rpc_udp" udp dport 111 return ct helper set "rpc_tcp" tcp dport 111 return return } chain VYOS_CT_IGNORE { return } chain VYOS_CT_TIMEOUT { return } chain VYOS_CT_PREROUTING_HOOK { return } chain VYOS_CT_OUTPUT_HOOK { return } chain FW_CONNTRACK { accept } chain NAT_CONNTRACK { counter packets 25401 bytes 3367711 accept } } table ip6 raw { chain VYOS_TCP_MSS { type filter hook forward priority raw; policy accept; } chain PREROUTING { type filter hook prerouting priority raw; policy accept; counter packets 3006 bytes 595136 jump VYOS_CT_PREROUTING_HOOK counter packets 3006 bytes 595136 jump FW_CONNTRACK notrack } chain OUTPUT { type filter hook output priority raw; policy accept; counter packets 260 bytes 21550 jump VYOS_CT_OUTPUT_HOOK counter packets 260 bytes 21550 jump FW_CONNTRACK notrack } chain VYOS_CT_PREROUTING_HOOK { return } chain VYOS_CT_OUTPUT_HOOK { return } chain FW_CONNTRACK { accept } } table ip vyos_nat { chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; counter packets 15365 bytes 2241070 jump VYOS_PRE_DNAT_HOOK iifname "eth1" tcp dport 21 counter packets 6 bytes 296 dnat to 192.168.22.44 comment "DST-NAT-26" } chain POSTROUTING { type nat hook postrouting priority srcnat; policy accept; counter packets 193 bytes 12958 jump VYOS_PRE_SNAT_HOOK oifname "eth1" counter packets 119 bytes 7776 masquerade comment "SRC-NAT-10" } chain VYOS_PRE_DNAT_HOOK { return } chain VYOS_PRE_SNAT_HOOK { return } } table ip vyos_static_nat { chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; } chain POSTROUTING { type nat hook postrouting priority srcnat; policy accept; } }