NATMap
[](https://github.com/heiher/natmap)
[](https://t.me/hellonatter)
This project is used to establish a TCP/UDP port mapping from an ISP NAT public address to local private address. If all layers of NAT are full cones (NAT-1), any host can access internal services through the mapped public address. In bind mode, all traffic does not go through this program. 此项目用于从 ISP NAT 公共建立 TCP/UDP 端口映射 address 设置为本地私有地址。如果 NAT 的所有层都是全锥体 (NAT-1),则 任何主机都可以通过映射的公网地址访问内部服务。绑定 模式,则所有流量都不会通过此程序。
中文文档 [中文文档](https://github.com/heiher/natmap/wiki)
How to Build ## 如何构建
git clone --recursive https://github.com/heiher/natmap.git
cd natmap
make
'''猛击
git clone --递归 https://github.com/heiher/natmap.git
CD NATMAP
做
# statically link
make ENABLE_STATIC=1
# 静态链接
使 ENABLE_STATIC=1
# cross compile
make CROSS_PREFIX=${cross-toolchain}/bin/x86_64-unknown-linux-
# 交叉编译
make CROSS_PREFIX=${cross-toolchain}/bin/x86_64-unknown-linux-
# android
mkdir natmap
cd natmap
git clone --recursive https://github.com/heiher/natmap.git jni
ndk-build
安卓
mkdir natmap CD NATMAP git clone --递归 https://github.com/heiher/natmap.git jni NDK 构建
## How to Use ## 如何使用
### Usage ### 用法
Usage: natmap [options]
用法:
natmap [选项]
Options:
-4 use IPv4
-6 use IPv6
-u UDP mode
-d run as daemon
-i <interface> network interface or IP address
-k <interval> seconds between each keep-alive
-s <addr>[:port] domain name or address of STUN server
-h <addr>[:port] domain name or address of HTTP server
-e <path> script path for notify mapped address
-f <mark> fwmark value (hex: 0x1, dec: 1, oct: 01)
选项:
-4 使用 IPv4
-6 使用 IPv6
-u UDP 模式
-d 作为守护进程运行
-i <interface> 网络接口或 IP 地址
-k <interval> 秒
-s <addr>[:p ort] STUN 服务器的域名或地址
-h <addr>[:p ort] HTTP 服务器的域名或地址
-e <path> 通知映射地址的脚本路径
-f <mark> fwmark 值(十六进制:0x1,十月:1,十月:01)
Bind options:
-b <port>[-port] port number range for binding
- <0>: random allocation
- <port>: specified
- <port>-<port>: sequential allocation within the range
绑定选项:
-b <port>[-port] 用于绑定的端口号范围
- <0>:随机分配
- <端口>:已指定
- <port>-<port>:范围内的顺序分配
Forward options:
-T <timeout> port forwarding timeout in seconds
-t <address> domain name or address of forward target
-p <port> port number of forward target (0: use public port)
转发选项:
-T
### Bind mode ### 绑定模式
```bash
# TCP
natmap -s turn.cloudflare.com -h example.com -b 80
'''猛击
# TCP 协议
natmap -s turn.cloudflare.com -h example.com -b 80
# UDP
natmap -u -s turn.cloudflare.com -b 443
UDP 协议
natmap -u -s turn.cloudflare.com -b 443
In TCP mode, this program will establishs a TCP port mapping in two steps:
在 TCP 模式下,该程序将分两步建立 TCP 端口映射:
1. Establish a connection with the HTTP server from the specified bind port and
keep it alive.
2. Establish a connection with the STUN server from the same port and obtain the
public address.
1. 从指定的绑定端口与 HTTP 服务器建立连接,然后
让它活着。
2. 从同一端口与 STUN 服务器建立连接,并获取
公共地址。
This program will then call the script specified by the argument to inform the
public address after the port mapping is established. The script can update
the DNS record for external access.
然后,该程序将调用参数指定的脚本,以通知
建立端口映射后的公共地址。脚本可以更新
用于外部访问的 DNS 记录。
Please note that you need to open the firewall to allow access to the bind port.
请注意,您需要打开防火墙才能允许访问绑定端口。
#### OpenWrt
Goto Network -> Firewall -> Traffic Rules
跳转网络 - >防火墙 -> 流量规则
Add a traffic rule: 添加流量规则:
* Protocol: TCP/UDP
* Source zone: wan
* Destination zone: Device (input)
* Destination port: [bind port]
* Action: accept
* Others: keep default values
* 协议:TCP/UDP
* 源区:wan
* 目标区域:设备(输入)
* 目标端口:[bind port]
* 操作:接受
* 其他:保持默认值
If the port binding fails because it is already in use, this program will try
to find out which local service process occupies the port and enable port reuse
remotely. This works in Linux kernel 5.6 and later, and needs to run as root.
如果端口绑定因已在使用中而失败,则此程序将尝试
找出哪个本地服务进程占用了端口并启用端口重用
远程。这在 Linux 内核 5.6 及更高版本中有效,并且需要以 root 身份运行。
### Forward mode ### 前进模式
```bash
# TCP
natmap -s turn.cloudflare.com -h example.com -b 80 -t 10.0.0.2 -p 80
'''猛击
# TCP 协议
natmap -s turn.cloudflare.com -h example.com -b 80 -t 10.0.0.2 -p 80
# UDP
natmap -u -s turn.cloudflare.com -b 443 -t 10.0.0.2 -p 443
UDP 协议
natmap -u -s turn.cloudflare.com -b 443 -t 10.0.0.2 -p 443
Similar to bind mode, this program will listen on bound port, accepts incoming
connections, and forward them to target address.
与 bind 模式类似,该程序将监听 bound 端口,接受传入的
connections,并将其转发到 Target Address。
Another way is to use firewall's DNAT to forward, and this way should uses bind
mode.
另一种方法是使用防火墙的 DNAT 进行转发,这种方式应该使用 bind
模式。
#### OpenWrt
Goto Network -> Firewall -> Port Forwards
Goto Network -> Firewall -> 端口转发
Add a port forward rule:
添加端口转发规则:
* Protocol: TCP/UDP
* Source zone: wan
* External port: [bind port]
* Destination zone: lan
* Internal IP address: 10.0.0.2
* Internal port: 80
* Others: keep default values
* 协议:TCP/UDP
* 源区:wan
* 外部端口:[bind port]
* 目标区域:lan
* 内部 IP 地址:10.0.0.2
* 内部端口:80
* 其他:保持默认值
### Script arguments ### 脚本参数
{public-addr} {public-port} {ip4p} {private-port} {protocol} {private-addr}
{公共地址}{公共端口}{IP4P}{私有端口}{协议}{私有地址}
* argv[0]: Script path
* argv[1]: Public address (IPv4/IPv6)
* argv[2]: Public port
* argv[3]: IP4P
* argv[4]: Bind port (private port)
* argv[5]: Protocol (TCP/UDP)
* argv[6]: Private address (IPv4/IPv6)
* argv[0]:脚本路径
* argv[1]:公共地址 (IPv4/IPv6)
* argv[2]:公网端口
* argv[3]:IP4P
* argv[4]:绑定端口(私有端口)
* argv[5]:协议 (TCP/UDP)
* argv[6]:私有地址 (IPv4/IPv6)
### IP4P address ### IP4P 地址
The IP4P address format uses IPv6 special addresses to encode IPv4 addresses and
ports for easy distribution through DNS AAAA records.
IP4P 地址格式使用 IPv6 特殊地址对 IPv4 地址进行编码,并且
端口,以便通过 DNS AAAA 记录轻松分发。
2001::{port}:{ipv4-hi16}:{ipv4-lo16}
2001::{port}:{ipv4-hi16}:{ipv4-lo16}
## Contributors
* **abgelehnt** - https://github.com/abgelehnt
* **hev** - https://hev.cc
* **mike wang** - https://github.com/mikewang000000
* **muink** - https://github.com/muink
* **tianling shen** - https://github.com/1715173329
* **xhe** - https://github.com/xhebox
## 许可证