Ubuntu 20 启用 iptables fullconenat
安装编译所需依赖程序
安装依赖程序
apt install git gcc autoconf autogen libtool pkg-config libgmp3-dev build-essential autoconf bison flex libnftnl-dev libmnl-dev -y安装内核头文件
apt install linux-headers-$(uname -r)
克隆程序源码并进行编译
创建目录并克隆源码
mkdir /tmp/fullcone
cd /tmp/fullcone
git clone git://git.netfilter.org/libmnl
git clone git://git.netfilter.org/libnftnl.git
git clone git://git.netfilter.org/iptables.git
git clone https://github.com/Chion82/netfilter-full-cone-nat.git编译
libmnlcd /tmp/fullcone/libmnl
sh autogen.sh
./configure
make
make install编译
libnftnlcd /tmp/fullcone/libnftnl
sh autogen.sh
./configure
make
make install编译并临时启用
netfilter-full-cone-natcd /tmp/fullcone/netfilter-full-cone-nat
make
modprobe nf_nat
insmod xt_FULLCONENAT.ko编译并替换
iptablescd /tmp/fullcone/iptables
git checkout 54c262605c54a18a1c30cd41d47decaca5e7182e
cp /tmp/fullcone/netfilter-full-cone-nat/libipt_FULLCONENAT.c /tmp/fullcone/iptables/extensions/
./autogen.sh
./configure
make
make install
cp /usr/local/sbin/iptables /sbin/
cp /usr/local/sbin/iptables-restore /sbin/
cp /usr/local/sbin/iptables-save /sbin/
检测结果
检查
xt_FULLCONENAT模块是否已加载lsmod | grep xt_FULLCONENAT测试
fullconenat是否能正常使用iptables -A POSTROUTING -t nat -o eth0 -j FULLCONENAT
iptables -D POSTROUTING -t nat -o eth0 -j FULLCONENAT
配置开机自动加载模块
- 在
/etc/modules-load.d/fullconenat.conf文件中添加相关内容echo "xt_FULLCONENAT" >> /etc/modules-load.d/fullconenat.conf - 复制相关库文件到指定目录
mv /tmp/fullcone/netfilter-full-cone-nat/xt_FULLCONENAT.ko /lib/modules/$(uname -r)/