GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → andrsharaev → xt_NAT

andrsharaev / xt_NAT

Licence: GPL-2.0 license
Full Cone NAT module for Linux iptables

Programming Languages

c
50402 projects - #5 most used programming language
Makefile
30231 projects

Labels

natiptablescgn

Projects that are alternatives of or similar to xt NAT

Docker Host
A docker sidecar container to forward all traffic to local docker host or any other host
Stars: ✭ 769 (+1083.08%)
Mutual labels:  nat, iptables
k8s-custom-iptables
How to add custom iptables rules to a Kubernetes cluster
Stars: ✭ 52 (-20%)
Mutual labels:  nat, iptables
Polycube
eBPF/XDP-based software framework for fast network services running in the Linux kernel.
Stars: ✭ 217 (+233.85%)
Mutual labels:  nat, iptables
Miniupnp
UPnP IGD implementation
Stars: ✭ 974 (+1398.46%)
Mutual labels:  nat, iptables
Internet Hosting Tool
Enable Moonlight streaming from your PC over the Internet with no configuration required
Stars: ✭ 205 (+215.38%)
Mutual labels:  nat
Gnb
GNB is open source de-centralized VPN to achieve layer3 network via p2p with the ultimate capability of NAT Traversal.GNB是一个开源的去中心化的具有极致内网穿透能力的通过P2P进行三层网络交换的VPN。
Stars: ✭ 225 (+246.15%)
Mutual labels:  nat
Frpc Android
Android,安卓版frpc,一个快速反向代理,可帮助您将NAT或防火墙后面的本地服务器暴露给Internet。
Stars: ✭ 205 (+215.38%)
Mutual labels:  nat
Inlets Pro
Secure TCP and HTTP tunnels that work anywhere
Stars: ✭ 179 (+175.38%)
Mutual labels:  nat
lwip nat arduino
lwip library with NAT feature for Arduino environment
Stars: ✭ 55 (-15.38%)
Mutual labels:  nat
cfn-cheapest-nat
Cheapest AWS VPC NAT.
Stars: ✭ 38 (-41.54%)
Mutual labels:  nat
go-libp2p-autonat
DEPRECATED: NAT Autodiscovery
Stars: ✭ 53 (-18.46%)
Mutual labels:  nat
bridgeap
Automagically bridge any live interface to any idle interface using NATS, DHCP, and HostAP where applicable
Stars: ✭ 52 (-20%)
Mutual labels:  nat
nat-tunnel
NAT Tunnel: to effortlessly serve from behind NAT
Stars: ✭ 75 (+15.38%)
Mutual labels:  nat
GateWay
🥗OpenIoTHub Gateway for mobile(网关移动应用)
Stars: ✭ 25 (-61.54%)
Mutual labels:  nat
dog
A firewall management system.
Stars: ✭ 67 (+3.08%)
Mutual labels:  iptables
Tuntox
Tunnel TCP connections over the Tox protocol
Stars: ✭ 251 (+286.15%)
Mutual labels:  nat
Xfrps
xfrps fork from frp but mainly use its server side feature and cooperate with xfrp
Stars: ✭ 179 (+175.38%)
Mutual labels:  nat
Fasttunnel
NAT 内网穿透 远程内网计算机 域名访问内网站点 反向代理内网服务 花生壳 端口转发 http代理 微信 小程序 expose a local server behind a NAT or firewall to the internet like ngrok and frp. NAT ssh proxy tunnel reverse-proxy
Stars: ✭ 248 (+281.54%)
Mutual labels:  nat
gcpnatha
How to set up multiple NAT gateways with Equal Cost Multi-Path (ECMP) routing and autohealing enabled for a more resilient and high-bandwidth deployment using Deployment Manager.
Stars: ✭ 16 (-75.38%)
Mutual labels:  nat
UnboundBL
🛑 DNSBL (adblock) on OPNsense with UnboundBL & Unbound DNS
Stars: ✭ 63 (-3.08%)
Mutual labels:  iptables
View All Similar Projects ➔

xt_NAT

Description

This Full Cone NAT xtables module was developed as a replace for the conntrack NAT to provide Assymetric NAT features on Linux systems that can be used as a Carrier Grade NAT in small ISP networks.

It allows to have 40Gbps NAT on commodity servers like 2*Xeon E5-2698 v3 @ 2.30GHz (2 x 16 Cores) with Intel X710/XL710/X540 10G adapters.

Compatibility tested with Linux Kernel 3.18 and 4.1

Features

  • PAT/NAPT work mode - translates many users into a single NAT IP
  • Assymetric (Full Cone) NAT - allows inbound connections from any source IP address and any source port, as long as the NAT rule exists
  • Support of TCP/UDP/ICMP/Generic IP protocols
  • IP Pooling Paired mode - the same NAT IP is used for all sessions of a subscriber
  • Endpoint Independent Mapping - the same NAT_IP:NAT_Port mapping is used for traffic sent from same subscriber IP address and port to any external IP address and port
  • Hairpinning - allows communication between two internal subscribers or internal hosts using the NAT IP
  • User quotas support. Default value is 1000 max connections for each user (for each protocol independly)
  • No ALGs for FTP/SIP/PPTP are implemented
  • NAT events export using Netflow v5
  • NAT statistics via /proc interface

Installation

$ make
$ sudo make install
$ sudo depmod -a

Usage

NAT functionality

  • Define NAT Pool for the xt_NAT module:
$ sudo modprobe xt_NAT nat_pool=<Start IP>-<End IP>
  • Disable conntrack for the traffic that handled by the xt_NAT module:
$ sudo iptables -t raw -A PREROUTING -s <Users Net> -j CT --notrack
$ sudo iptables -t raw -A PREROUTING -d <NAT Pool Net> -j CT --notrack
  • Add iptables rule to use xt_NAT module for User's traffic (from Internet to Users):
$ sudo iptables -t raw -A PREROUTING -d <NAT Pool Net>  -j NAT --dnat
$ sudo iptables -A FORWARD -d <Users Net> -i <Uplink iface> -o <Downlink iface> -j ACCEPT
  • Add iptables rule to use xt_NAT module for User's traffic (from Internet to Users):
$ sudo iptables -A FORWARD -s <Users Net> -i <Downlink iface> -o <Uplink iface> -j NAT –snat

NAT Events Export

Just add nf_dest option with a list of the Netflow v5 collectors to the xt_NAT module parameters:

$ sudo modprobe xt_NAT nat_pool=<Start IP>-<End IP> nf_dest=127.0.0.1:2055

NAT Statistics

NAT statistics are available via the /proc/net/NAT/* directory:

  • /proc/net/NAT/sessions - NAT sessions for all users
  • /proc/net/NAT/users - NAT users with their NAT IPs
  • /proc/net/NAT/statistics - internal counters
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].