From d6d8c888da1519f630c13231682f49f0c18b2a75 Mon Sep 17 00:00:00 2001
From: Xiao Pan <xyz@flylightning.xyz>
Date: Thu, 24 Jul 2025 18:01:35 +0000
Subject: swgp go through phantun, more see vc notes

---
 etc/nftables.conf                   | 12 ++++++++++--
 home/xyz/.config/myconf/pacman_Qqme |  1 +
 home/xyz/.config/myconf/pacman_Qqne |  1 +
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/etc/nftables.conf b/etc/nftables.conf
index d20d2605..52bacd38 100644
--- a/etc/nftables.conf
+++ b/etc/nftables.conf
@@ -27,10 +27,12 @@ table inet my_table {
 		meta l4proto ipv6-icmp accept
 
 		tcp dport ssh accept
-		#tcp dport iperf3 accept
+		tcp dport iperf3 accept
 		udp dport wireguard accept
 		udp dport swgp accept
 		tcp dport monerod-p2p accept
+		# phantun
+		tcp dport 59083 accept
 
 		pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited
 		counter comment "count any other traffic"
@@ -46,6 +48,9 @@ table inet my_table {
 		#iifname $pub_iface oifname $wg_iface accept
 		iifname $wg_iface accept
 		oifname $wg_iface accept
+		# needed for phantun?
+		iifname pt0 accept
+		oifname pt0 accept
 	}
 
 	chain my_output {
@@ -63,12 +68,15 @@ table inet nat {
 	# also vice versa, no need `chain postrouting` if has `chain prerouting`
 	# more see https://www.procustodibus.com/blog/2021/11/wireguard-nftables/
 	chain prerouting {
-		type nat hook prerouting priority -100
+		type nat hook prerouting priority dstnat
 		policy accept
 		# port forwarding from client
 		# https://www.procustodibus.com/blog/2022/09/wireguard-port-forward-from-internet
 		iifname $pub_iface tcp dport monerod-p2p dnat ip to 10.0.0.1:monerod-p2p
 		iifname $pub_iface tcp dport monerod-p2p dnat ip6 to [fdc9:281f:04d7:9ee9::1]:monerod-p2p
+		# needed for phantun
+		iif $pub_iface tcp dport 59083 dnat ip to 10.0.2.2
+		iif $pub_iface tcp dport 59083 dnat ip6 to fdc9:281f:04d7:9eeb::2
 	}
 	# for all packets to $pub_iface, after routing, replace source address with primary IP of $pub_iface interface
 	chain postrouting {
diff --git a/home/xyz/.config/myconf/pacman_Qqme b/home/xyz/.config/myconf/pacman_Qqme
index d93ec650..9b979180 100644
--- a/home/xyz/.config/myconf/pacman_Qqme
+++ b/home/xyz/.config/myconf/pacman_Qqme
@@ -7,6 +7,7 @@ htop-vim
 librespeed-cli-bin
 neovim-plug
 paru-bin
+phantun-git
 pipdeptree
 swgp-go
 task-spooler
diff --git a/home/xyz/.config/myconf/pacman_Qqne b/home/xyz/.config/myconf/pacman_Qqne
index b9844fb3..d8967f36 100644
--- a/home/xyz/.config/myconf/pacman_Qqne
+++ b/home/xyz/.config/myconf/pacman_Qqne
@@ -34,6 +34,7 @@ posix-xsi
 python-pip
 rebuild-detector
 reflector
+rustup
 shellcheck
 speedtest-cli
 strace
-- 
cgit v1.2.3-70-g09d2