pub-r

main-r

site1-r

site2-r

pubsrv

pubclient

pubroot

intsrv

intclient

dmzsrv

site1srv

site2srv

main-r

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf

vi /etc/nftables.conf

table ip nat {
	chain prerouting {
		type nat hook prerouting priority 0;
		iif ens33 ip daddr 100.0.0.1 tcp dport { 53, 80, 443 } dnat to 10.0.1.1
		iif ens33 ip daddr 100.0.0.1 udp dport { 53 } dnat to 10.0.1.1
	}
	chain postrouting {
		type nat hook postrouting priority 0;
		oif ens33 snat to 100.0.0.1
	}
}

systemctl enable nftables --now

pub-r

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf

site1srv

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf

site2srv