My router(debian 11) have two ethernet interfaces, eth0 and eth1.
Eth0(as outside interface) has address 10.10.193.2/28, and next-hop is 10.10.193.1/28. Eth1(as lan interface) has address 10.10.0.1/18. Router provices dhcp service, dhcp pool is 10.10.0.0/18.
Router's static route is: 0.0.0.0/0 via 10.10.193.1 dev eth0(without nat or address masquerade).
I want to redirect the packets(marked with 2) use nft, however it fails.
nft add table inet mangle
nft 'add chain inet mangle janusnat { type nat hook prerouting priority -130; }'
nft add inet mangle janusnat meta mark 2 tcp dport 80 counter redirect to 2061
If the router do source nat: 0.0.0.0/0 via 10.10.193.1 dev eth0 with address masquerade.
The nft could make the packets with mark 2 to be redirected to 2061.
What should I do, if I want to do packets redirect without nat or address masquerade?