Skip to content

Instantly share code, notes, and snippets.

@hiredman
Created June 18, 2020 17:27
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save hiredman/905f5755783f30a4bfe83a6fc0cc8506 to your computer and use it in GitHub Desktop.
#!/bin/sh
VPN_IF="wg0"
LAN_IF="eno1"
MAPPED="192.168.38.1/24"
LAN="192.168.1.0/24"
VPN="10.20.40.0/24"
ifconfig eno1 add 192.168.1.27
iptables -v -t nat -A POSTROUTING -s $VPN -o $LAN_IF -j MASQUERADE
iptables -v -t nat -A PREROUTING -i $VPN_IF -d $LAN -j NETMAP --to $MAPPED
iptables -v -t nat -A PREROUTING -i $VPN_IF -d $MAPPED -j NETMAP --to $LAN
iptables -v -t nat -A POSTROUTING -o $VPN_IF -s $LAN -j NETMAP --to $MAPPED
iptables -v -t nat -A POSTROUTING -o $LAN_IF -s $MAPPED -j NETMAP --to $LAN
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -j ACCEPT
iptables -I FORWARD -i $VPN_IF -o $LAN_IF \
-s $VPN -d $LAN \
-m conntrack --ctstate NEW -j ACCEPT
iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED \
-j ACCEPT
iptables -t nat -I POSTROUTING -o $LAN_IF \
-s $VPN -j MASQUERADE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment