swgp go through phantun, more see vc notes

author: Xiao Pan <xyz@flylightning.xyz> 2025-07-25 01:13:44 +0800
committer: Xiao Pan <xyz@flylightning.xyz> 2025-07-25 01:13:44 +0800
commit: ed8cc7de3c38d09e8f69807d89ea504ee01e848a (patch)
tree: c946280957e8a30b8f51a9e292dead58b92f12b9 /etc/nftables.conf
parent: cf5de133f1b474d8de5a694029d8551d6dd1729e (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/etc/nftables.conf b/etc/nftables.conf
index 1ec682d9..1fec22e2 100644
--- a/etc/nftables.conf
+++ b/etc/nftables.conf
@@ -39,6 +39,10 @@ table inet my_table {
 		type filter hook forward priority filter
 		policy drop
 		# Drop everything forwarded to us. We do not forward. That is routers job.
+
+		# needed for phantun
+		iifname pt0 accept
+		oifname pt0 accept
 	}
 
 	chain my_output {
@@ -47,3 +51,14 @@ table inet my_table {
 		# Accept every outbound connection
 	}
 }
+
+table inet nat {
+	# needed for phantun https://github.com/dndx/phantun
+	# note here is postrouting not prerouting, server side phantun config is prerouting instead
+	chain postrouting {
+		type nat hook postrouting priority srcnat
+		policy accept
+		iifname pt0 oif enp3s0 masquerade
+		iifname pt0 oif wlp2s0 masquerade
+	}
+}
author	Xiao Pan <xyz@flylightning.xyz>	2025-07-25 01:13:44 +0800
committer	Xiao Pan <xyz@flylightning.xyz>	2025-07-25 01:13:44 +0800
commit	ed8cc7de3c38d09e8f69807d89ea504ee01e848a (patch)
tree	c946280957e8a30b8f51a9e292dead58b92f12b9 /etc/nftables.conf
parent	cf5de133f1b474d8de5a694029d8551d6dd1729e (diff)