网络

Tap/Tun

sudo modprobe tun

sudo mkdir -p /dev/net
sudo mknod /dev/net/tun c 10 200
# or
sudo ip tuntap add name tun0 mode tun user $USER
sudo ip link set tun0 up
sudo ip addr add 10.0.0.1 peer 10.0.0.2 dev tun0

sudo iptables -t nat -A POSTROUTING -s 10.0.0.2 -j MASQUERADE
sudo iptables -A FORWARD -i tun0 -s 10.0.0.2 -j ACCEPT
sudo iptables -A FORWARD -o tun0 -d 10.0.0.2 -j ACCEPT

Netfilter

Netfilter Travering

Packet flow in Netfilter and General Networking
Traversing of tables and chains
Linux-IP Diagrams

Iptables

Tables

filter
nat
mangle
security
raw

Chain

PREROUTING
INPUT
FORWARD
OUTPUT
POSTROUTING

NAT

Modes(RFC3489)
- Full Cone
- Restricted Cone
- Port Restricted Cone
- Symmetric
Example

sysctl -w net.ipv4.ip_forward=1
iptables -t filter -I FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -t filter -I FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -t nat -I POSTROUTING -i eth1 -o eth1 -j MASQUERADE

Disable IPv6

Example

sysctl -w net.ipv6.conf.all.disable_ipv6=1

网络

Tap/Tun​

Netfilter​

Netfilter Travering​

Iptables​

Tables​

Chain​

NAT​

Disable IPv6​

Tap/Tun

Netfilter

Netfilter Travering

Iptables

Tables

Chain

NAT

Disable IPv6