Henrik_er's questions

I want to make post- and prerouting rules to allow the following: I have an ssh server running on the internal network at port 22 that I want to make available externally on say port 2200. How would I proceed to make this possible?

I have the following prerouting rule, but I suspect I need to somehow counter the port 22 data from the internal IP and send it to 170 on the firewall (192.168.0.1), while still making it available internally on 22 port using postrouting. I tried the below at no luck.

Prerouting:
tcp dport 2200 dnat to 192.168.0.2:22

Postrouting (does not work!)
ip saddr 192.168.0.2:22 ip daddr != 192.168.0.1/24 tcp dport 22 counter dnat to 192.168.0.1:2200

Any help is greatly appreciated!

I have been searching, but cannot seem to find an answer to my specific issue. I have the following rule today under prerouting: iifname "br0" udp dport 53 counter dnat to 192.168.22.5:53

However, I have one issue, the IP address 192.168.22.5 is also on "br0". So the question at hand is, how can I make nftables ignore this IP and allow it access port 53 on the net (this is my pihole), but redirect all other port 53 udp data to it?

Appreciate your replies!