[网络]给Debian11开启Full Cone NAT支持

由于Linux默认的NAT是Symmetric NAT,对于臭打游戏的我是完全不能接受的事情,由于不是所有游戏都能走代理,所以在三层做一下Full Cone NAT是不错的选择。本文以Debian 11为例,简要概述下过程。

环境准备

首先安装依赖

apt -y install cmake gcc g++ make libncurses5-dev libssl-dev libsodium-dev libreadline-dev zlib1g-dev git libmnl-dev libnftnl-dev linux-headers-amd64

编译模块

git clone https://github.com/llccd/netfilter-full-cone-nat/
cd ~/netfilter-full-cone-nat
make
modprobe nf_nat
insmod xt_FULLCONENAT.ko

编译IPTables

git clone git://git.netfilter.org/iptables.git
cp ~/netfilter-full-cone-nat/libipt_FULLCONENAT.c ~/iptables/extensions/
cp ~/netfilter-full-cone-nat/libip6t_FULLCONENAT.c ~/iptables/extensions/
cd ~/iptables
ln -sfv /usr/sbin/xtables-multi /usr/bin/iptables-xml
PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
export PKG_CONFIG_PATH
./configure
make
make install

部署模块

cp ~/netfilter-full-cone-nat/xt_FULLCONENAT.ko  /lib/modules/$(uname -r)/
depmod
echo "modprobe xt_FULLCONENAT" >> /etc/modules-load.d/fullconenat.conf

验证

输入lsmod | grep xt_FULLCONENAT有类似以下输出即可

root@cola:~# lsmod | grep xt_FULLCONENAT
xt_FULLCONENAT         40960  0
nf_nat                 53248  1 xt_FULLCONENAT
nf_conntrack          176128  2 nf_nat,xt_FULLCONENAT
x_tables               53248  2 xt_FULLCONENAT,ip_tables

使用

iptables -t nat -A POSTROUTING -o eth0 -j FULLCONENAT #same as MASQUERADE  
iptables -t nat -A PREROUTING -i eth0 -j FULLCONENAT  #automatically restore NAT for inbound packets
ip6tables -t nat -A POSTROUTING -o eth0 -j FULLCONENAT #same as MASQUERADE
ip6tables -t nat -A PREROUTING -i eth0 -j FULLCONENAT #automatically restore NAT for inbound packets

副作用

哎,什么时候有内核级支持啊,每次升级内核记得重新编译,并部署内核

cd ~/netfilter-full-cone-nat
make
cp ~/netfilter-full-cone-nat/xt_FULLCONENAT.ko /lib/modules/$(uname -r)/
modprobe xt_FULLCONENAT
[网络]给Debian11开启Full Cone NAT支持

[网络]给Debian11开启Full Cone NAT支持”上有 1 条回复;

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注

滚动到顶部