From b2d61f3b0bab6c0693c7a868fc465f8fcf320b6a Mon Sep 17 00:00:00 2001
From: Viktor Liu <viktor@netbird.io>
Date: Mon, 4 May 2026 12:29:14 +0200
Subject: [PATCH] Use nat table for PREROUTING chain in xtables DNAT fallback

---
 client/firewall/nftables/router_linux.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/client/firewall/nftables/router_linux.go b/client/firewall/nftables/router_linux.go
index c11cd3635..4214455a9 100644
--- a/client/firewall/nftables/router_linux.go
+++ b/client/firewall/nftables/router_linux.go
@@ -1715,14 +1715,15 @@ func (r *router) addXTablesRedirect(dnatExprs []expr.Any, ruleKey string, rule f
 		},
 	)
 
+	natTable := &nftables.Table{
+		Name:   tableNat,
+		Family: r.af.tableFamily,
+	}
 	dnatRule := &nftables.Rule{
-		Table: &nftables.Table{
-			Name:   tableNat,
-			Family: r.af.tableFamily,
-		},
+		Table: natTable,
 		Chain: &nftables.Chain{
 			Name:     chainNameNatPrerouting,
-			Table:    r.filterTable,
+			Table:    natTable,
 			Type:     nftables.ChainTypeNAT,
 			Hooknum:  nftables.ChainHookPrerouting,
 			Priority: nftables.ChainPriorityNATDest,