never-afk.de

DNAT:

table ip nat {
  map IPV4-DNAT {
    # daddr . protocol . port -> daddr . port
    type ipv4_addr . inet_proto . inet_service : ipv4_addr . inet_service
    elements = {
        192.0.2.1 . tcp . 80 : 192.168.0.1 . 80,
        192.0.2.2 . udp . 53 : 192.168.0.2 . 53,
        192.0.2.3 . tcp . 8080 : 192.168.0.3 . 80,
        192.0.2.4 . udp . 27015 : 192.168.0.4 . 27015,
    }
  }

  # dNAT for ipv4
  chain prerouting {
      type nat hook prerouting priority -100;
      dnat to ip daddr . ip protocol . th dport map @IPV4-DNAT
  }
}

SNAT:

table ip nat {
  map IPV4-SNAT {
    type ipv4_addr : ipv4_addr;
    elements = {
        192.168.0.1 : 192.0.2.1
    }
  }
    # NAT for ipv4
  chain postrouting {
      type nat hook postrouting priority 100; policy accept;
      oif wan snat to ip saddr map @IPV4-SNAT
  }
}