Update README to include incoming interface (-i tun0) in client NAT commands

dndx / phantun

Transforms UDP stream into (fake) TCP streams that can go through Layer 3 & Layer 4 (NAPT) firewalls/NATs.

Apache License 2.0

1.71k stars 137 forks source link

Update README to include incoming interface (-i tun0) in client NAT commands #163

Closed RPallas92 closed 3 months ago

RPallas92 commented 3 months ago

This PR updates the README to include the -i tun0 option in iptables and ip6tables commands. The change ensures NAT rules apply only to traffic from the tun0 interface on the Phantun client host.

Updated Commands:

iptables -t nat -A POSTROUTING -o eth0 -i tun0 -j MASQUERADE
ip6tables -t nat -A POSTROUTING -o eth0 -i tun0 -j MASQUERADE

dndx commented 3 months ago

Thank you @RPallas92 .

0xb8 commented 3 months ago

This doesn't seem to be correct — I get the following error:

iptables v1.8.10 (legacy): Can't use -i with POSTROUTING

The manual page for iptables also states:

[!] -i, --in-interface name
    Name of an interface via which a packet was received (only
    for packets entering the INPUT, FORWARD and PREROUTING
    chains).  [...]

So I think this change should be reverted to avoid further confusion.

dndx commented 3 months ago

@0xb8 Yes, I did a test and this also failed on my machine. So reverting the change.

@RPallas92 Maybe you can use source IP for masking, but -i does not appears to work.