diff options
| author |  Chion Tang <sdspeedonion@gmail.com>
| 2018-05-08 03:28:02 +0800 |
|---|---|---|
| committer | Chion Tang <sdspeedonion@gmail.com>
| 2018-05-08 03:28:02 +0800 |
| commit | 36e9ce122efb91973c2c9ee688e64abeb1f39c69 (patch) | |
| tree | bce6847d9decb29b7c06e68fd95a8e332fe9f6cf | |
| parent | Merge pull request #9 from Chion82/hotfix/event_cb_deadlock (diff) | |
| download | netfilter-full-cone-nat-36e9ce122efb91973c2c9ee688e64abeb1f39c69.tar.gz netfilter-full-cone-nat-36e9ce122efb91973c2c9ee688e64abeb1f39c69.tar.bz2 netfilter-full-cone-nat-36e9ce122efb91973c2c9ee688e64abeb1f39c69.zip | |
modify README
| -rw-r--r-- | README.md | 10 |
1 files changed, 9 insertions, 1 deletions
@@ -12,7 +12,7 @@ Build ====== Prerequisites: * kernel source -* iptables source (git://git.netfilter.org/iptables.git) +* iptables source ( git://git.netfilter.org/iptables.git ) Confirm the kernel configuration option `CONFIG_NF_CONNTRACK_EVENTS` is enabled. If this option is disabled on your system, enable it and rebuild your netfilter modules. @@ -101,3 +101,11 @@ iptables -t nat -A POSTROUTING -o eth0 -p udp -j FULLCONENAT --to-ports 40000-60 iptables -t nat -A PREROUTING -i eth0 -p udp -m multiport --dports 40000:60000 -j FULLCONENAT ``` + +Hairpin NAT (Assuming eth1 is LAN interface and IP range for LAN is 192.168.100.0/24): +``` +iptables -t nat -A POSTROUTING -o eth0 -j FULLCONENAT +iptables -t nat -A POSTROUTING -o eth1 -s 192.168.100.0/24 -j MASQUERADE +iptables -t nat -A PREROUTING -i eth0 -j FULLCONENAT +iptables -t nat -A PREROUTING -i eth1 -j FULLCONENAT +``` |