From 1a48642e5f1c2b3606ccf3780e474cafcfcd8459 Mon Sep 17 00:00:00 2001 From: Xiao Pan Date: Wed, 30 Jul 2025 22:37:34 +0800 Subject: remove phantun, because I switched to mimic --- etc/nftables.conf | 15 --------------- etc/sysctl.d/99-sysctl.conf | 7 ------- 2 files changed, 22 deletions(-) delete mode 100644 etc/sysctl.d/99-sysctl.conf (limited to 'etc') diff --git a/etc/nftables.conf b/etc/nftables.conf index de1a28b4..6bd80b22 100644 --- a/etc/nftables.conf +++ b/etc/nftables.conf @@ -41,10 +41,6 @@ table inet my_table { type filter hook forward priority filter policy drop # Drop everything forwarded to us. We do not forward. That is routers job. - - # needed for phantun - iifname pt0 accept - oifname pt0 accept } chain my_output { @@ -53,14 +49,3 @@ table inet my_table { # Accept every outbound connection } } - -table inet nat { - # needed for phantun https://github.com/dndx/phantun - # note here is postrouting not prerouting, server side phantun config is prerouting instead - chain postrouting { - type nat hook postrouting priority srcnat - policy accept - iifname pt0 oif enp3s0 masquerade - iifname pt0 oif wlp2s0 masquerade - } -} diff --git a/etc/sysctl.d/99-sysctl.conf b/etc/sysctl.d/99-sysctl.conf deleted file mode 100644 index b9677c02..00000000 --- a/etc/sysctl.d/99-sysctl.conf +++ /dev/null @@ -1,7 +0,0 @@ -# at least `net.ipv4.ip_forward = 1` is needed for wireguard masquerade? to work. Without will result into can't ping ips, can't curl websites, browser can't visit websites -# ka seems has this as default, maybe arch linux cloud-init image has this as default? -# https://forums.rockylinux.org/t/wireguard-masquerade-wont-work/7752 -# https://wiki.archlinux.org/title/Nftables#NAT_with_port_forwarding -# https://github.com/teddysun/across/blob/acef6b00a6ad062c0e99286ea136d1a246def644/wireguard.sh#L514-L522 -net.ipv4.ip_forward = 1 -net.ipv6.conf.all.forwarding = 1 -- cgit v1.2.3-70-g09d2