Created
February 25, 2024 15:34
-
-
Save inceabdullah/721b1e510d0518a8784ac4abd0731e5c to your computer and use it in GitHub Desktop.
ns masqueraded from inet iface
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
WAIT_FOR_RD=1 | |
color_echo() { | |
local color='\033[1;33m' | |
local message=$@ | |
local BOLD='\033[31m' | |
local RESET='\033[0m' | |
echo -e "${BOLD}${color}[debug] ${message}${RESET}" | |
} | |
color_echo_await() { | |
color_echo $@ | |
sleep $WAIT_FOR_RD | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
inet_iface_name=$1 | |
nft add table ip nat | |
nft add chain ip nat prerouting_ssh { type nat hook prerouting priority 0 \; policy accept \; } | |
nft add chain ip nat postrouting_ssh { type nat hook postrouting priority 100 \; policy accept \; } | |
nft add rule ip nat postrouting_ssh oifname "${inet_iface_name}" masquerade |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nft delete chain ip nat prerouting_ssh | |
nft delete chain ip nat postrouting_ssh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
source helpers.sh | |
TUN_NS_NAME=vpn | |
VETH="veth" | |
VPEER="vpeer" | |
VETH_ADDR="10.0.0.1" | |
VPEER_ADDR="10.0.0.2" | |
# Removing old veth | |
color_echo_await "Removing old veth..." | |
ip l d ${VETH} 2>/dev/null || true | |
# Get the name of the network interface with an assigned IPv4 address, excluding the loopback interface | |
inet_iface_name=$(ip -4 addr show | grep -v 'inet 127.' | grep -oP '(?<=\d: )\w+' | grep -v 'lo' | head -n 1) | |
color_echo_await "Interface name: $inet_iface_name" | |
# Create namespace | |
color_echo_await "Creating new ns..." | |
ip netns d $TUN_NS_NAME 2>/dev/null || true | |
ip netns a $TUN_NS_NAME | |
color_echo_await "Created.\nns list:" | |
ip netns | |
# Create veth link. | |
color_echo_await "Creating veth peers..." | |
ip l d ${VETH} 2>/dev/null || true | |
ip l a ${VETH} type veth peer name ${VPEER} | |
# Add peer-1 to NS. | |
color_echo_await "Adding peer to ns..." | |
ip l s ${VPEER} netns $TUN_NS_NAME | |
# Assigning IP address of ${VETH}. | |
color_echo_await "Setting up veth and up..." | |
ip a a ${VETH_ADDR}/24 dev ${VETH} | |
ip l s ${VETH} up | |
# Set interfaces up. | |
color_echo_await "Setting ns ifaces up..." | |
ip netns e $TUN_NS_NAME ip l s ${VPEER} up | |
ip netns e $TUN_NS_NAME ip l s lo up | |
# Addr | |
color_echo_await "Assigning IP address of ns iface..." | |
ip netns e $TUN_NS_NAME ip a a ${VPEER_ADDR}/24 dev ${VPEER} | |
# Route | |
## in VPN | |
color_echo_await "Setting routing in ns..." | |
ip netns e $TUN_NS_NAME ip r a default via ${VETH_ADDR} | |
# NFT NAT Rules | |
color_echo_await "Setting NAT rules..." | |
bash nft_revert_host.sh 2>/dev/null || true | |
bash nft_host.sh $inet_iface_name | |
# Checking internet in ns | |
color_echo_await "Checking internet in ns..." | |
ip netns e $TUN_NS_NAME ping -c1 -W2 x.co | |
if [ $? -ne 0 ]; then | |
echo -e "\e[1;31mPing failed\e[0m" # Bold red | |
exit 1 | |
# Handle the error here | |
else | |
echo -e "\e[1;32mPing succeeded\e[0m" # Bold green | |
# Continue with the script | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment