I two 10gb NICs(eth1,eth2) in one card configured as bridge(br0), and PC( with ubuntu 22.04)'s own nic(eth0) for accessing it, only. I am making this a transparent bridge for filtering undesired packets using nftables, with good result (just learning it, too).
I need to make portforward too. something like:
chain nat {
type nat hook prerouting priority -199; policy accept;
meta nftrace set 1
iif eth1 ip daddr a.b.c.d tcp dport x counter dnat to e.f.g.h:y
}
I know that it is not a network standard within a bridge, bridge nat is about modifying destination mac. I read about nft has not bridge l3 ip capabilities for now.
Anyway I am asking is there any workaround, two step operations with preferably with nft. At last, if it is not possbile with nft, can I do it with xdp/bpf or something else ? I could not prefer this, compiling a c code for every new/modify entry with many other complications.
Thank in advance
