From 36e9ce122efb91973c2c9ee688e64abeb1f39c69 Mon Sep 17 00:00:00 2001
From: Chion Tang <sdspeedonion@gmail.com>
Date: Tue, 8 May 2018 03:28:02 +0800
Subject: modify README

---
 README.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index d27b0cf..07f49b7 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@ Build
 ======
 Prerequisites: 
 * kernel source  
-* iptables source (git://git.netfilter.org/iptables.git) 
+* iptables source ( git://git.netfilter.org/iptables.git ) 
 
 Confirm the kernel configuration option `CONFIG_NF_CONNTRACK_EVENTS` is enabled. If this option is disabled on your system, enable it and rebuild your netfilter modules.
 
@@ -101,3 +101,11 @@ iptables -t nat -A POSTROUTING -o eth0 -p udp -j FULLCONENAT --to-ports 40000-60
 
 iptables -t nat -A PREROUTING -i eth0 -p udp -m multiport --dports 40000:60000 -j FULLCONENAT
 ```
+
+Hairpin NAT (Assuming eth1 is LAN interface and IP range for LAN is 192.168.100.0/24):
+```
+iptables -t nat -A POSTROUTING -o eth0 -j FULLCONENAT
+iptables -t nat -A POSTROUTING -o eth1 -s 192.168.100.0/24 -j MASQUERADE
+iptables -t nat -A PREROUTING -i eth0 -j FULLCONENAT
+iptables -t nat -A PREROUTING -i eth1 -j FULLCONENAT
+```
-- 
cgit v1.2.3