#重置
sudo rm /etc/NetworkManager/system-connections/enp1s0.nmconnection
sudo rm /etc/NetworkManager/system-connections/enp3s0.nmconnection
sudo nmcli connection reload
#创建wan
sudo nmcli connection add type ethernet con-name "WAN" ifname enp1s0
# 1. 为 enp3s0 创建一个新连接
sudo nmcli connection add type ethernet con-name "LAN-PC" ifname enp3s0
# 2. 配置 IPv4 (手动,不运行 DHCP 服务以保持隐身)
sudo nmcli con mod "LAN-PC" ipv4.method manual ipv4.addresses 192.168.100.1/24
# 3. 配置 IPv6 (使用 ULA 本地地址,同样手动)
sudo nmcli con mod "LAN-PC" ipv6.method manual ipv6.addresses fd00:100::1/64
# 4. 启动这个连接
sudo nmcli con up "LAN-PC"
*iptables实现nat*
# 1. 永久开启 IPv4 和 IPv6 转发
sudo bash -c 'cat <<EOF > /etc/sysctl.d/99-nat-forward.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
EOF'
sudo sysctl -p /etc/sysctl.d/99-nat-forward.conf
# 2. 添加 IPv4 NAT (地址伪装)
sudo iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -o enp1s0 -j MASQUERADE
# 3. 添加 IPv6 NAT (地址伪装)
sudo ip6tables -t nat -A POSTROUTING -s fd00:100::/64 -o enp1s0 -j MASQUERADE
# (可选) 4. 保存 iptables 规则 (确保重启不丢失,方法因系统而异,
# 使用 iptables-persistent 是个好办法)
# sudo apt-get install iptables-persistent
# sudo netfilter-persistent save
# 1. 允许来自 LAN-PC(enp3s0) 的流量转发到 WAN(enp1s0)
sudo ufw route allow in on enp3s0 out on enp1s0
# 2. 允许相关的返回流量
sudo ufw route allow in on enp1s0 out on enp3s0 from any to any state RELATED,ESTABLISHED
