备份规则

mkdir ~/full-cone-nat && cd ~/full-cone-nat
mkdir rules
iptables-save > rules/iptables-rule.old
systemctl stop firewalld ufw

安装依赖

apt update
apt install cmake gcc g++ make git autoconf libtool libncurses5-dev libssl-dev libsodium-dev libreadline-dev zlib1g-dev libmnl-dev libnftnl-dev libxtables-dev

克隆仓库

mkdir repos
git clone https://github.com/llccd/netfilter-full-cone-nat repos/netfilter-full-cone-nat
git clone git://git.netfilter.org/iptables repos/iptables

编译安装

cd repos/netfilter-full-cone-nat
make
modprobe nf_nat
insmod xt_FULLCONENAT.ko
cd ..
cp repos/netfilter-full-cone-nat/libipt_FULLCONENAT.c repos/iptables/extensions
cp repos/netfilter-full-cone-nat/libip6t_FULLCONENAT.c repos/iptables/extensions
cd repos/iptables
ln -sfv /usr/sbin/xtables-multi /usr/bin/iptables-xml
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
./autogen.sh
./configure
make
make install
cp repos/netfilter-full-cone-nat/xt_FULLCONENAT.ko  /lib/modules/$(uname -r)/
depmod
grep "xt_FULLCONENAT" /etc/modules-load.d/fullconenat.conf

恢复规则

cd ..
iptables-restore < rules/iptables-rule.old

添加规则

iptables -t nat -A POSTROUTING -o eth0 -j FULLCONENAT
iptables -t nat -A PREROUTING -i eth0 -j FULLCONENAT

开机自启

iptables-save > rules/iptables-rule.new
[[ -f /etc/rc.local ]] || echo '#!/bin/sh -e' > /etc/rc.local
echo "iptables-restore < $(readlink -f rules/iptables-rule.new)" >> /etc/rc.local
chmod +x /etc/rc.local
systemctl enable rc-local --now

源码地址

https://github.com/llccd/netfilter-full-cone-nathttps://git.netfilter.org/iptables