Solution:
Using iptables, I set all policies to "ACCEPT" and I was able to setup two kinds of NAT:
(192.168.2.170 is my "public" address and 10.0.0.1 is my "private" address

/-"Full Cone NAT", with the following rules:/
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.2.170
iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination 10.0.0.1

/-"Port Restricted Cone NAT", with just a single rule:/
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.2.170/

fn main() {
    // In general, the `{}` will be automatically replaced with any
    // arguments. These will be stringified.
    println!("{} days", 31);

    // Without a suffix, 31 becomes an i32. You can change what type 31 is
    // by providing a suffix. The number 31i64 for example has the type i64.

    // There are various optional patterns this works with. Positional
    // arguments can be used.
    println!("{0}, this is {1}. {1}, this is {0}", "Alice", "Bob");

    // As can named arguments.
    println!("{subject} {verb} {object}",
             object="the lazy dog",
             subject="the quick brown fox",
             verb="jumps over");

    // Special formatting can be specified after a `:`.
    println!("{} of {:b} people know binary, the other half doesn't", 1, 2);

    // You can right-align text with a specified width. This will output
    // "     1". 5 white spaces and a "1".
    println!("{number:>width$}", number=1, width=6);

    // You can pad numbers with extra zeroes. This will output "000001".
    println!("{number:0>width$}", number=1, width=6);

    // Rust even checks to make sure the correct number of arguments are
    // used.
    println!("My name is {0}, {1} {0}", "Bond");
    // FIXME ^ Add the missing argument: "James"

    // Create a structure named `Structure` which contains an `i32`.
    #[allow(dead_code)]
    struct Structure(i32);

    // However, custom types such as this structure require more complicated
    // handling. This will not work.
    println!("This struct `{}` won't print...", Structure(3));
    // FIXME ^ Comment out this line.
}

Ubuntu / APT

Ubuntu 的软件源配置文件是 /etc/apt/sources.list

sudo sed -i 's/archive.ubuntu.com/mirrors.ustc.edu.cn/g' /etc/apt/sources.list

Proxy代理

export HTTP_PROXY=http://your.proxy:8888
export HTTPS_PROXY=http://your.proxy:8888

Docker

修改 /etc/docker/daemon.json 文件。

echo '{"registry-mirrors":["https://reg-mirror.qiniu.com/","https://t3yqbami.mirror.aliyuncs.com"]}' > /etc/docker/daemon.json

shell执行命令

sudo systemctl daemon-reload
sudo systemctl restart docker

Git

Git 没有镜像站，此为代理设置方法。

git config --global http.https://github.com.proxy socks5://127.0.0.1:1080
git config --global https.https://github.com.proxy socks5://127.0.0.1:1080

若是 HTTP/HTTPS 协议的代理：

git config --global http.https://github.com.proxy https://127.0.0.1:1080
git config --global https.https://github.com.proxy https://127.0.0.1:1080

取消方法：

git config --global --unset http.proxy
git config --global --unset https.proxy

GO

go env -w GO111MODULE=on
go env -w GOPROXY=https://goproxy.cn,direct

NPM / Yarn

yarn config set registry https://registry.npm.taobao.org --global
npm config set registry https://registry.npm.taobao.org --global

对于一些具体包，还需另外具体设置，如 Electron 就需要单独设置。

yarn config set ELECTRON_MIRROR https://npm.taobao.org/mirrors/electron/ --global
npm config set ELECTRON_MIRROR https://npm.taobao.org/mirrors/electron/ --global

对于 NVM 安装的 Node/NPM 来说，--global 法在一些场合不好用，这是因为此法安装的 global npmrc 并不能被识别，需要手动在 ~/.npmrc 中指定 global npmrc 的位置。

若不用 --global 法，则亦可在 ~/.npmrc 中写如下行：

registry=https://registry.npm.taobao.org
ELECTRON_MIRROR=https://npm.taobao.org/mirrors/electron/

如果不需要设置代理，单纯只想增加超时时限，可以写：

fetch-retry-maxtimeout=6000000
fetch-retry-mintimeout=1000000

Pypi / Pip

在文件 ~/.pip/pip.conf 中加入以下：

[global]
index-url = https://mirrors.aliyun.com/pypi/simple/
[install]
trusted-host=mirrors.aliyun.com

Rust / Cargo

Rustup 时需要环境变量：

export RUSTUP_DIST_SERVER=https://mirrors.tuna.tsinghua.edu.cn/rustup

cargo 下载库时需要 ~/.cargo/config 有如下内容（默认使用中科大源）

[source.crates-io]
registry = "https://github.com/rust-lang/crates.io-index"
replace-with = 'ustc'
# 清华大学
[source.tuna]
registry = "https://mirrors.tuna.tsinghua.edu.cn/git/crates.io-index.git"
# 中国科学技术大学
[source.ustc]
registry = "git://mirrors.ustc.edu.cn/crates.io-index"
# 上海交通大学
[source.sjtu]
registry = "https://mirrors.sjtug.sjtu.edu.cn/git/crates.io-index"

对于需要额外单独替换的可参考如下：

[patch.crates-io]
mysqlclient-sys = { git = 'https://github.com/sgrif/mysqlclient-sys' }

第一步，初始化用户和节点

docker run --rm -it --network host --volume $HOME/.ironfish:/root/.ironfish ghcr.io/iron-fish/ironfish:latest config:set blockGraffiti "planter"

第二步，将下方的配置复制到目录的docker-compose.yml中

version: "3"
services:
    ironfish:
        image: ghcr.io/iron-fish/ironfish:latest
        network_mode: host
        container_name: ironfish
        volumes:
            - ${HOME}/.ironfish:/root/.ironfish
    miner:
        image: ghcr.io/iron-fish/ironfish:latest
        network_mode: host
        container_name: miner
        volumes:
            - ${HOME}/.ironfish:/root/.ironfish
        entrypoint: ["./bin/run", "miners:start", "--threads", "-1"] 
        depends_on:
            - ironfish

第三步，更新镜像及启动

docker-compose pull && docker-compose up -d

第四步，查看状态

docker exec -it ironfish ./bin/run status -f

查看日志 docker-compose logs -f
重启docker docker-compose restart

curl -fsSL https://gitee.com/simon4546/ethlistener/raw/master/ironfish_install.sh|sudo bash

国内安装docker

apt remove docker docker-engine docker.io containerd runc 
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun 
echo '{"registry-mirrors":["https://reg-mirror.qiniu.com/"]}' > /etc/docker/daemon.json
systemctl daemon-reload 
systemctl restart docker 
docker info 
curl -L https://get.daocloud.io/docker/compose/releases/download/1.28.5/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose 
chmod +x /usr/local/bin/docker-compose 
docker-compose --version 

清空docker日志

truncate -s 0 /var/lib/docker/containers/*/*-json.log

删除所有容器和卷

docker rm -f $(docker ps -a -q) &&docker volume rm $(docker volume ls -q)

过滤查看日志

docker-compose logs --follow --tail=1|grep "get your Goerli ETH" 

根据镜像删除docker

docker rm $(docker stop $(docker ps -a -q --filter ancestor=ethersphere/bee:0.6.2 --format="{{.ID}}"))

查看运行中的docker的启动命令

alias runlike="docker run --rm -v /var/run/docker.sock:/var/run/docker.sock:ro assaflavie/runlike"
docker ps
runlike YOUR-CONTAINER