#!/bin/bash
source ./00_env.sh
set -euo pipefail

echo 1 > /proc/sys/net/ipv4/ip_forward
grep -q '^net.ipv4.ip_forward' /etc/sysctl.conf || echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

iptables -t nat -A POSTROUTING -s $LAN_NET -o $WAN_IF -j MASQUERADE
netfilter-persistent save || true

echo "NAT 出口 + IP 转发配置完成"