From ed8cc7de3c38d09e8f69807d89ea504ee01e848a Mon Sep 17 00:00:00 2001
From: Xiao Pan <xyz@flylightning.xyz>
Date: Fri, 25 Jul 2025 01:13:44 +0800
Subject: swgp go through phantun, more see vc notes

---
 etc/nftables.conf | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'etc/nftables.conf')

diff --git a/etc/nftables.conf b/etc/nftables.conf
index 1ec682d9..1fec22e2 100644
--- a/etc/nftables.conf
+++ b/etc/nftables.conf
@@ -39,6 +39,10 @@ table inet my_table {
 		type filter hook forward priority filter
 		policy drop
 		# Drop everything forwarded to us. We do not forward. That is routers job.
+
+		# needed for phantun
+		iifname pt0 accept
+		oifname pt0 accept
 	}
 
 	chain my_output {
@@ -47,3 +51,14 @@ table inet my_table {
 		# Accept every outbound connection
 	}
 }
+
+table inet nat {
+	# needed for phantun https://github.com/dndx/phantun
+	# note here is postrouting not prerouting, server side phantun config is prerouting instead
+	chain postrouting {
+		type nat hook postrouting priority srcnat
+		policy accept
+		iifname pt0 oif enp3s0 masquerade
+		iifname pt0 oif wlp2s0 masquerade
+	}
+}
-- 
cgit v1.2.3-70-g09d2