TL;DR: https://github.com/Chion82/netfilter-full-cone-nat
Implementation of Full cone NAT in Linux (in Chinese)
So far the implementation of RFC 3489 full cone NAT has never been finished. One can find some discussions about this feature on netfilter mailing list:
Configure to Full Cone :
How can I configure IPtables to be Full Cone?
You cannot. iptable_nat only implements the most sophisticated version
of NAT: fully symmetric.IPTables and different types of NAT :
“Full cone NAT” can be implemented with 1-to-1 bidirectional NAT using
SNAT+DNAT or NETMAP.
Yes, we can implement full cone NAT partially with 1-to-1 NAT or UPnP, but 1-to-1 NAT only works for ONE host and UPnP cannot traverse through multiple NATs. So here comes the kernel module: xt_FULLCONENAT.
Update: I have written a Makefile for the module, no need for a kernel patch
Somehow I managed to integrate it into OpenWrt by patching kernel and iptables directly. After installing the firmware, I disabled the default MASQUERADE SNAT rule and added the following rules to /etc/firewall.user
iptables -t nat -A zone_wan_prerouting -j FULLCONENAT
iptables -t nat -A zone_wan_postrouting -j FULLCONENAT
And it worked, here's the NAT Type tester's test result
It will be better if someone writes makefiles for it instead of patching directly. But I have little experience of writing iptables-mod- or kmod- makefiles. Already done.