实现Full Cone NAT的iptables要如何设置

[liamcos]

首先感谢开发者。之前自行将xray1.1.4替换了Netch里的v2ray，NAT等级由udpblocked提升到了NAT2，这次更新至1.2.1后NAT2又提升至了NAT1，但有一个问题，服务器设置了iptables规则，NAT等级就会由NAT1(Full Cone NAT)降为NAT4(Symmetric NAT)，现在只好在游戏前先开放端口，游戏完后再去恢复规则。请问Full Cone NAT和iptables两者可以兼顾吗？如果可以要怎样设置规则？

[RPRX]

@liamcos 我记得 Linux 的 iptables 都是 Symmetric，不支持 FullCone

另外 VLESS 和 VMess 暂时只能 NAT 4，怎么测出 NAT 1 的（误测也最多 NAT 2）

[liamcos]

用的Trojan协议测出来是NAT 1，设置了iptables规则再测就NAT 4了，VLESS 和 VMess没测。

[KazamaSion]

You can patch the iptables and kernel by using Chion82/netfilter-full-cone-nat.
FYI, if using the patch mentioned above, even the proxy protocol itself technically not supporting FULLCONE, some FULLCONE detectors, including Netch and tindy2013/stairspeedtest-reborn, the detector will return "type: FULLCONE" as the result. The developer claims that this is the false report due to software design error.
According to the statement given by the developer, which means the detector itself might not work correctly, I can not say the solution above can help you achieve your goal, because the detector will always say FULLCONE even actually not if applying this patch. I only suggest that you can have a try.

[liamcos]

暂时找到一个办法，发现商家提供了一个外置的防火墙可供设置，不设置iptables改用这个经测试依旧可以达到NAT1，楼上说的补丁就不试了。

[badO1a5A90]

已加入文档 FAQ