# nftables: NAT for LAN (eth1 + extra IPs + eth1.40) so clients use WAN (eth0) for internet.
# Load with: nft -f /etc/nftables.d/nat-lan.conf
# When using setup-network-boot-on-lxc.sh, the primary subnet is from lan-subnet.conf (LAN_CIDR).
# Extra subnets: 192.168.30.0/24, 192.168.127.0/24 (eth1), 192.168.0.0/24 (eth1.40 VLAN).

table ip nat {
	chain postrouting {
		type nat hook postrouting priority srcnat; policy accept;
		ip saddr 10.20.50.0/24 oifname "eth0" masquerade
		ip saddr 192.168.30.0/24 oifname "eth0" masquerade
		ip saddr 192.168.127.0/24 oifname "eth0" masquerade
		ip saddr 192.168.0.0/24 oifname "eth0" masquerade
	}
}