https://github.com/getlantern/gonat
Go library for NAT'ing of TCP and UDP traffic
https://github.com/getlantern/gonat
Last synced: 8 months ago
JSON representation
Go library for NAT'ing of TCP and UDP traffic
- Host: GitHub
- URL: https://github.com/getlantern/gonat
- Owner: getlantern
- License: apache-2.0
- Created: 2019-05-11T19:42:33.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2020-10-01T14:57:27.000Z (over 5 years ago)
- Last Synced: 2024-06-19T13:47:37.913Z (almost 2 years ago)
- Language: Go
- Size: 98.6 KB
- Stars: 9
- Watchers: 14
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
gonat [](http://godoc.org/github.com/getlantern/gonat) [](https://drone.lantern.io/getlantern/gonat) [](https://coveralls.io/github/getlantern/gonat)
==========
This library only works on Linux.
Dependencies are managed using Go modules. If using a version of Go prior to 1.13, use the environment
variable `GO111MODULE=on` to enable use of modules.
In order to work, this library needs to be able to open raw sockets and update the conntrack table
via netlink. You can give the binary the correct capabilities with:
`sudo setcap CAP_NET_RAW,CAP_NET_ADMIN+ep `
This library requires the nf_conntrack module to be installed at runtime.
```
modprobe nf_conntrack
modprobe nf_conntrack_ipv4
```
iptables needs to be configured to drop the outbound RST packets that the kernel would usually create in response to SYN/ACK
packets responding to our raw TCP connections. We do this only for tcp connections that are already in ESTABLISHED in conntrack.
The library manually adds these to conntrack since we're using raw sockets.
`sudo iptables -I OUTPUT -p tcp -m conntrack --ctstate ESTABLISHED --ctdir ORIGINAL --tcp-flags RST RST -j DROP`
To undo this, run the same command, but replace the `-I` flag with the `-D` flag.
To run the unit tests, you need to have root permissions. It's also useful to enable tracing while running the tests.
```
GO111MODULE=on go test -c && TRACE=true sudo -E ./gonat.test
```