Skip to content

Instantly share code, notes, and snippets.

@hiredman

hiredman/vpn_nat.sh

Created Jun 18, 2020
Embed
What would you like to do?
#!/bin/sh
VPN_IF="wg0"
LAN_IF="eno1"
MAPPED="192.168.38.1/24"
LAN="192.168.1.0/24"
VPN="10.20.40.0/24"
ifconfig eno1 add 192.168.1.27
iptables -v -t nat -A POSTROUTING -s $VPN -o $LAN_IF -j MASQUERADE
iptables -v -t nat -A PREROUTING -i $VPN_IF -d $LAN -j NETMAP --to $MAPPED
iptables -v -t nat -A PREROUTING -i $VPN_IF -d $MAPPED -j NETMAP --to $LAN
iptables -v -t nat -A POSTROUTING -o $VPN_IF -s $LAN -j NETMAP --to $MAPPED
iptables -v -t nat -A POSTROUTING -o $LAN_IF -s $MAPPED -j NETMAP --to $LAN
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -j ACCEPT
iptables -I FORWARD -i $VPN_IF -o $LAN_IF \
-s $VPN -d $LAN \
-m conntrack --ctstate NEW -j ACCEPT
iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED \
-j ACCEPT
iptables -t nat -I POSTROUTING -o $LAN_IF \
-s $VPN -j MASQUERADE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.