2020-11-19 17:30
老哥,我是七云博客站长,域名出了点问题要换域名现在还在备案,原域名现在不是我的
WireGuard的NAT类型依赖于宿主机的NAT,对于Linux来说,默认的就是对称NAT,这对我们打游戏来说并不友好,下文将解释如何增加内核模块以便开启FullCone
总体思路来自: https://kotori.net/2020/01/08/%E7%AE%80%E5%8D%95%E6%93%8D%E4%BD%9C%E4%BD%BF-centos-%E6%94%AF%E6%8C%81-fullcone-nat/
增加少许依赖解决部分坑等
这里直接上到最新内核
- rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
- yum -y install epel-release
- yum -y install https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
- yum --enablerepo=elrepo-kernel install kernel-ml kernel-ml-headers kernel-ml-devel kernel-ml-tools kernel-ml-tools-libs
- grub2-set-default 0
- reboot
安装内核过程中可能会出现各种各样奇奇怪怪的冲突依赖等问题...
各位自行解决
之后使用 uname -a 查看是否已经更换新内核成功
netfilter-full-cone-nat也对gcc等版本提出了要求,C7自带的古董gcc4.8.5是无法编译通过的,上gcc8
- yum install gcc gcc-c++ autoconf autogen libmnl libmnl-devel libtool-devel libtool -y
- yum install centos-release-scl -y
- yum install devtoolset-8-gcc* -y
- scl enable devtoolset-8 bash
这步做过的同学就不用再做了
- systemctl disable firewalld
- systemctl stop firewalld
- yum -y install iptables-services
- systemctl enable iptables
- iptables -P INPUT ACCEPT
- iptables -P OUTPUT ACCEPT
- service iptables save
- systemctl start iptables
- cd /root/
- git clone git://git.netfilter.org/libnftnl.git
- git clone git://git.netfilter.org/iptables.git
- git clone https://github.com/Chion82/netfilter-full-cone-nat.git
注意有没有报错
- yum install libmnl-devel -y
- cd libnftnl
- git checkout a71599dc0ae1a808e970e96850ea83d77f452994
- sh autogen.sh
- ./configure
- make
- make install
要是还缺依赖就自行安装
- cd /root/netfilter-full-cone-nat
- make
- modprobe nf_nat
- insmod xt_FULLCONENAT.ko
- cp /root/netfilter-full-cone-nat/libipt_FULLCONENAT.c /root/iptables/extensions/
- cd /root/iptables
- git checkout 2b506c6681c7b01803f06b258a39e9da9012e5c5
- ln -sfv /usr/sbin/xtables-multi /usr/bin/iptables-xml
- ./autogen.sh
- PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
- export PKG_CONFIG_PATH
- ./configure
- make
- make install
要是还缺依赖就自行安装
- #先关闭iptables
- systemctl stop iptables
- #删除原来的iptables
- rm -rf /sbin/iptables
- rm -rf /sbin/iptables-restore
- rm -rf /sbin/iptables-save
- #复制你自己编译的iptables
- cd /usr/local/sbin
- cp /usr/local/sbin/iptables /sbin/
- cp /usr/local/sbin/iptables-restore /sbin/
- cp /usr/local/sbin/iptables-save /sbin/
- #检验iptables版本
- iptables -V
- kernel=`uname -r`
- cp /root/netfilter-full-cone-nat/xt_FULLCONENAT.ko /lib/modules/$kernel/
- depmod
- echo "modprobe xt_FULLCONENAT" > /etc/sysconfig/modules/xt_FULLCONENAT.modules
- chmod 755 /etc/sysconfig/modules/xt_FULLCONENAT.modules
- reboot
- lsmod | grep xt_FULLCONENAT
如果有输出类似于:
- xt_FULLCONENAT 40960 2
- nf_nat 45056 2 xt_FULLCONENAT,iptable_nat
- nf_conntrack 155648 2 nf_nat,xt_FULLCONENAT
则成功
- iptables -t nat -A POSTROUTING -o eth0 -j FULLCONENAT #same as MASQUERADE
- iptables -t nat -A PREROUTING -i eth0 -j FULLCONENAT #automatically restore NAT for inbound packets
- service iptables save
连接上检查NAT类型
本文作者:卖女孩的小火柴 - 搬砖中
本文链接:https://www.shinenet.cn/archives/153.html
最后修改时间:2020-10-21 22:48:51
本站未注明转载的文章均为原创,并采用 CC BY-NC-SA 4.0 授权协议,转载请注明来源,谢谢!