#!/bin/bash set -xe rc-service net.enp2s0 restart wg-quick up wg0 || : function nat () { int=$1 not=$2 iptables -t nat -A POSTROUTING -o $int -j MASQUERADE iptables -A FORWARD -i $int -o $not -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i $not -o $int -j ACCEPT } internet=internet notranje=notranje nat $internet $notranje nat $internet wg0 nat $internet wlp3s0 function posreduj () { iptables -t nat -A PREROUTING -i $internet -p tcp --dport $2 -j DNAT --to-destination $1:$3 iptables -t nat -A PREROUTING -i $internet -p udp --dport $2 -j DNAT --to-destination $1:$3 iptables -A FORWARD -p tcp -d $1 --dport $3 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -p udp -d $1 --dport $3 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT } # posreduj 10.69.69.72 222 22 # posreduj 10.69.69.69 2222 22 # posreduj 10.69.69.63 22222 22 # posreduj 10.69.69.63 5959 5959 # posreduj 10.69.69.63 445 445 # posreduj 10.69.69.63 139 139 # posreduj 10.69.69.2 3389 3389 # posreduj 10.69.69.152 2 22 # posreduj 10.69.69.2 25565 25565 # posreduj 10.69.87.4 5322 22 # iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE # ne vem, zakaj je to potrebno # /root/firewall.sh # t2 ne bi poslal tega # iptables -A INPUT --destination 10.69.69.0/24 -i enp5s4 -j DROP # /root/radvd.sh iptables -A INPUT -p tcp --dport 61000 -j DROP # --source-port za masscan https://github.com/robertdavidgraham/masscan#banner-checking function dovoli () { iptables -A FORWARD -i $1 -o $2 -j ACCEPT iptables -A FORWARD -i $2 -o $1 -j ACCEPT } iptables -P FORWARD ACCEPT dovoli wg0 notranje dovoli notranje wg0 dovoli wg0 wg0 dovoli wg0 wlp3s0 dovoli wlp3s0 notranje dovoli wg0 internet # ethtool -K notranje gso off gro off tso off # idk kaj je to, rajši odstranil 2024-05-08 ip addr add dev $notranje 192.168.69.2/24 || echo 192.168.69.2 already exists ip addr add dev $internet 192.168.100.2/24 || echo gpon net already set ip route add 10.69.69.0/24 dev $notranje || echo notranje route already set ##################### # IPv6 # ##################### #!/bin/sh set -xe # 2023-10-11 # p=`cat /var/lib/dhcp/dhclient6.enp5s4.leases | grep iaprefix | sed "s/^\s*//g" | cut -d\ -f2 | tail -n1` # p=2a01:261:e77:55 sleep 5 p=`dhcpcd --dumplease internet | grep dhcp6_ia_pd1_prefix1= | cut -d= -f2` grep :..00::$ <<<$p || { [ x$PREFIX6 = x ] && { echo GRD PREFIX, NE NADALJUJEM; exit 2; } p=$PREFIX6 } k=`sed s/00::$// <<<$p` # i=`ip address show dev enp5s4 | grep inet6 | grep global | head -n1 | sed "s/^\s*//g" | cut -d\ -f2 | cut -d/ -f 1` if [ x$1 = xk ] then echo $k exit fi sed -i "s/^\s*prefix [^:]*:[^:]*:[^:]*:../ prefix $k/g" /etc/radvd.conf sed -i "s/^\s*route [^:]*:[^:]*:[^:]*:../ route $k/g" /etc/radvd.conf sed -i "s/^[^#].*RDNSS .*$/ RDNSS ${k}00::1 {};/g" /etc/radvd.conf sed -E -i "s/ ([A-Za-z0-9]{1,4}:){4}/ ${k}87:/g" /etc/wireguard/wg0.conf dns64bind="${k}44:4e53:3634:4249:4e44" echo NOTRANJE je $notranje, INTERNET je $internet ip address add dev $notranje ${k}00::1/128 || echo address prefix::1 already set ip address add dev $internet ${k}01::1/128 || echo address prefix::2 already set ip route add ${k}00::/64 dev $notranje || echo LAN route already set # ip route add ${k}09::/64 dev wlx940c6de2469f || echo wifi route already set # ip route add ${k}88::/64 dev usb0 || echo usb0 tuljava route already set # ip route add ${k}02::/64 via `ip neigh | grep fc:aa:14:2a:6f:9b | grep ^....: | head -n1 | cut -d\ -f1` dev enp2s0 || echo b route already set ip route add ${k}87::/64 dev wg0 || echo wg0 wireguard vpn route already set ip route add ${k}09::/64 dev wlp3s0 || echo wifi route already set # ip route add ${k}10::/64 dev enp2s0 || echo kontejner route already set # ip route add ${k}11::/64 dev enp2s0 || echo adrian route already set # ip route add ${k}12::/64 dev enp2s0 || echo kultura route already set # ip route add ${k}13::/64 dev enp2s0 || echo wagner route already set ####### rc-service radvd restart ####### . /root/rfc2136ipv6.sh nat64="${k}ff::" # sed -i "s|^.*prefix.*$|prefix $nat64/96" /etc/tayga.conf sed -i "s/^.*match-destinations.*$/ match-destinations { ${dns64bind}\/128; };/g" /etc/bind/named.conf.options # DNS64 sed -i "s/^.*dns64.*$/ dns64 $nat64\/96 {/g" /etc/bind/named.conf.options # DNS64 ####### sed -i "s/^.*connect.*$/connect = ${dns64bind}:53/g" /etc/stunnel/dns.conf # rc-service jool restart rc-service named restart ###### rc-service stunnel restart sleep 3 rc-service nginx restart rc-service postfix restart rc-service dhcpd restart