Netfilter and iptables extension for FULLCONENAT target ported to OpenWrt.
# cd to OpenWrt source path
# Clone this repo
git clone -b master --single-branch https://github.com/LGA1150/openwrt-fullconenat package/fullconenat
# Select Network -> Firewall -> iptables-mod-fullconenat
make menuconfig
# Compile
make V=s
You can apply this patch to OpenWrt's Firewall3 (Recommended).
Or manually add the following rules to /etc/firewall.user
iptables -t nat -A zone_wan_prerouting -j FULLCONENAT
iptables -t nat -A zone_wan_postrouting -j FULLCONENAT
This module uses conntrack events to register a callback function. In the same netns, only one callback method can be registered, that causes conflicts with nf_conntrack_netlink
, which also uses conntrack events. Qualcomm Shortcut FE has introduced a patch to allow multiple callbacks to be registered. To apply, put this patch into target/linux/generic/hack-<kernel-version>
.