Share - NAT Controller

Introduction

Chinese network is usually too slow to work efficiently. So I wrote this utility months ago to fasten my digital life.

It’s similar to HAProxy, if only consider the function of traffic transfer.

The difference is that my tool support UDP so that significantly elivate your experience on internet.

Install it by this command:
wget https://raw.githubusercontent.com/haodong/hdility/master/NATctl -O /usr/local/bin

Usage

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
> NATctl -h
This script can help you handle Traffic Transfer through iptables.
Usage: iptNAT [-c $cmd] [-i #ID] [-f @IP] [-p #Port] [-t @IP] [-b #Port] [-u]
-c: Give a command to implement. Available commands are:
add: Add new rules.
-i: Insert on the #IDth line of chain.
-f: From the IP. By default use 'dig' function to detect its public IP. Must be specified if the host has multiple public IPs.
-p: From the Port.
-t: To the IP, namely the target IP address.
-b: To the Port, namely the target port.
-u: With UDP mode. By default use TCP only.
list: List your NAT iptables(PREROUTING and POSTROUTING).
reset: Reset the two iptables, cleaning all added Traffic Transfer rules.


The code was written by Hao Dong under GPL-3.0 License.

Example

Scenerio A

You want to access a host C (2.2.2.2), but your local host (0.0.0.0) has a weak route toward C. Both A and C have a fast traffic with B (1.1.1.1). So you can access C by passing B.
Suppose originally, you’re using ssh [email protected] -p 22 on A. Now build a NAT route for B and C. Run the following command at host B.

1
2
3
> NATctl -c add -f 1.1.1.1 -p 8022 -t 2.2.2.2 -b 22
Adding TCP rules ...
Done.

Then Run the command ssh [email protected] -p 8022 at host A in order to enter host C.

Scenerio B

A progrom on your local machine A have to access remote host C through both TCP and UDP tunnels, but the route between A and C is as bad as Scnerio A. Now you find a good hub B. Run the following command.

1
2
3
4
> NATctl -c add -f 1.1.1.1 -p 1234 -t 2.2.2.2 -b 1234 -u
Adding TCP rules ...
Adding UDP rules ...
Done.

Now you only need to switch the target IP address of the program on your machine from C’s 2.2.2.2 to B’s 1.1.1.1 .

Tips

  • You can ignore argument -f because my tool already included a function to detect your public IP address.
  • If you’re not so sure about whether a route had been built, use -c list to view.
  • Don’t use -c reset command unless you know what you’re really doing.
0%