This is set up instructions on now to build netfilter-full-cone-nat for Ubuntu 18.
Tested on Ubuntu 18.04.5 LTS. Kernel used: 4.15. You might need to apt install build-essential, before starting.
Confirm the kernel configuration option CONFIG_NF_CONNTRACK_EVENTS is enabled (If this option is disabled on your system, enable it and rebuild your netfilter modules):
# cat /boot/config-`uname -r` | grep CONFIG_NF_CONNTRACK_EVENTS
CONFIG_NF_CONNTRACK_EVENTS=y
Download and compile netfilter-full-cone-nat kernel module:
# cd
# git clone https://github.com/Chion82/netfilter-full-cone-nat.git
# cd netfilter-full-cone-nat/
# make
Check that module is started (If not, run insmod xt_FULLCONENAT.ko):
# lsmod | grep xt_FULLCONENAT
xt_FULLCONENAT 36864 0
Install libmnl:
# cd
# git clone git://git.netfilter.org/libmnl
# cd libmnl
# ./autogen.sh
# ./configure
# make
# make install
Install libnftnl:
# cd
# git clone git://git.netfilter.org/libnftnl
# cd libnftnl
# ./autogen.sh
# ./configure
# make
# make install
Install iptables modules:
# cd
# git clone git://git.netfilter.org/iptables.git
# cp netfilter-full-cone-nat/libipt_FULLCONENAT.c iptables/extensions/
# cd iptables
# ./autogen.sh
# ./configure
# make
# make install
Apply FULLCONENAT iptables rules on WAN interface:
# iptables -t nat -A POSTROUTING -o eth0 -j FULLCONENAT
# iptables -t nat -A PREROUTING -i eth0 -j FULLCONENAT
Verify rules are applied:
# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
FULLCONENAT all -- anywhere anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
FULLCONENAT all -- anywhere anywhere