Endpoint-Independent NAT with Linux Netfilter.
Well, kindof. It just creates DNAT mappings when doing NAT hole punching with STUN servers on ports 3478, 19302.
I.e. lan_ip:54321 -> wan_ip:12345 -> stun_server_ip:3478 will create mapping wan_ip:12345 -> lan_ip:54321.
The mappings have 5 minutes expiry time that refreshes on packet sent on those ports.
nft add table ip einat
| /* | |
| * Asterisk Module to rewrite contact for outbound registrations. | |
| * On successful registration the contact's host and port will be updated to match "received" and "rport" params from the response "Via" header. | |
| * Outbound registration's "contact_user" param needs to be set for proper contact rewrites in INVITEs too. | |
| * | |
| * Copy to the "res/" folder and compile asterisk. | |
| */ | |
| /*** MODULEINFO | |
| <depend>pjproject</depend> |
| #!/bin/sh | |
| # Rewrite 104.21.0.69 - 104.21.95.255 to 172.64.41.0 | |
| # https://community.cloudflare.com/t/routing-loop-to-cloudflare-ips/618854 | |
| nft add table cf_fix | |
| nft add map cf_fix ct_daddr '{ typeof ct id : ip daddr; flags dynamic; timeout 10s; }' | |
| # I have no idea how to convert mark value to addr. | |
| nft add map cf_fix mark_to_daddr '{ typeof mark : ip daddr; flags dynamic; timeout 10s; }' |
| package main | |
| import ( | |
| "bytes" | |
| "encoding/binary" | |
| "fmt" | |
| "net" | |
| "os" | |
| "time" |
A dumb idea to serve mkvs over HTTP with auto m3u8 playlist generation and bloat material 2 UI.
systemd service example to start natmap before qbittorrent-nox service.
See qbittorrent/qBittorrent#19487
Original idea: https://github.com/Mythologyli/qBittorrent-NAT-TCP-Hole-Punching
nftables-qb.sh to /usr/local/binnatmap-qb@.service to /etc/systemd/systemsystemctl enable natmap-qb@