mirrors/netfilter-full-cone-nat
1
0
Fork 0
mirror of https://github.com/llccd/netfilter-full-cone-nat synced 2024-11-21 15:25:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

modify README

Browse Source
This commit is contained in:
Chion Tang 2018-05-08 03:28:02 +08:00
parent 8be5fe3f8c
commit 36e9ce122e
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -12,7 +12,7 @@ Build
======
Prerequisites:
* kernel source
* iptables source (git://git.netfilter.org/iptables.git)
* iptables source ( git://git.netfilter.org/iptables.git )
Confirm the kernel configuration option `CONFIG_NF_CONNTRACK_EVENTS` is enabled. If this option is disabled on your system, enable it and rebuild your netfilter modules.
@ -101,3 +101,11 @@ iptables -t nat -A POSTROUTING -o eth0 -p udp -j FULLCONENAT --to-ports 40000-60
iptables -t nat -A PREROUTING -i eth0 -p udp -m multiport --dports 40000:60000 -j FULLCONENAT
```
Hairpin NAT (Assuming eth1 is LAN interface and IP range for LAN is 192.168.100.0/24):
```
iptables -t nat -A POSTROUTING -o eth0 -j FULLCONENAT
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.100.0/24 -j MASQUERADE
iptables -t nat -A PREROUTING -i eth0 -j FULLCONENAT
iptables -t nat -A PREROUTING -i eth1 -j FULLCONENAT
```