SOLVED

The following works !

I guess one of my others rules was blocking

table ip Tip {
        chain prerouting {
                type nat hook prerouting priority -100; policy accept;
                ip daddr 192.168.y.2 log prefix "forwarded " dnat to 192.168.y.3
        }
        chain postrouting {
                type nat hook postrouting priority 100; policy accept;
                masquerade
        }
        chain INPUT {
                type filter hook input priority filter; policy accept;
        }
        chain FORWARD {
                type filter hook forward priority filter; policy accept;
        }
        chain OUTPUT {
                type filter hook output priority filter; policy accept;
        }
}

Hi, Thank to all of you.

I made a test environment with the following.

• Machine A: 192.168.Y.1
• Machine B: 192.168.Y.2
• Machine C: 192.168.Y.3

The goal is to send a ping A to B, B forward to C

So ping -4c 1 192.168.y.2 from A, should ping B fw C

I’ve set the following rule in /etc/nftables.conf

table ip Tip {
        chain prerouting {
                type nat hook prerouting priority dstnat; policy accept;
                iif "eth0" ip protocol icmp dnat to 192.168.y.3
        }
        chain postrouting {
                type nat hook postrouting priority 100; policy accept;
                ip saddr 192.168.y.3 masquerade
        }
}

but is not working :'(

I see B receive the package

preroute: IN=eth0 OUT= MAC=▒▒ SRC=192.168.y.1 DST=192.168.y.2 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=21398 DF PROTO=ICMP TYPE=8 CODE=0 ID=17950 SEQ=1

but it seem C receive nothing…

Any ideas ?

As I want the system to be quite ( not sending data ) I was suspected the output hook to be the one. what are you suggesting ?

Obviously, but I’m anyway wondering why it doesn’t blocking like it should
I hope nftables do not let other pass like this…

Thank you very much all, for your inputs !

I’ve did

root: file /boot/broadcom/initrd.gz
initrd.gz: Zstandard compressed data ....

root: unmkinitramfs /boot/broadcom/initrd.gz Extracted/
# data where extracted to Extracted/
# but I go few error like:
# cpio: cannot link usr/sbin/vconfig to usr/sbin/watchdog: Operation not permitted

Extracted//
|-- conf/
|   |-- arch.conf*
|   |-- conf.d/
|   `-- initramfs.conf*
|-- etc/
|   |-- fstab*
|   |-- ld.so.cache*
|   |-- ld.so.conf*
|   |-- ld.so.conf.d/
|   |-- modprobe.d/
|   `-- udev/
|-- init*
|-- run/
|-- scripts/
|   |-- functions*
|   |-- init-bottom/
|   |-- init-top/
|   |-- local*
|   |-- local-bottom/
|   |-- local-premount/
|   `-- nfs*
`-- usr/
    |-- bin/
    |-- lib/
    `-- sbin/

So it tend to confirm that even if the file is named initrd.gz it’s actually an initramfs method… ( damn this is so misleading )

So I guess I can follow preparing-linux from the guide and overwrite the initrd.gz ?

Thanks @[email protected]

I suppose the file linux/arch/Kconfig is the base the menuconfig to know which option is available ? right ?

Thanks.

Thanks, how can we verify this ?