Created
January 15, 2022 21:48
-
-
Save mikemrm/f91dd9c7ca2694f5e1126a03520389b1 to your computer and use it in GitHub Desktop.
tailscale nat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| set -e -o pipefail | |
| install_nat(){ | |
| local int_iface="$1"; shift | |
| local ext_iface="$1" | |
| if [[ "$(sysctl net.ipv4.ip_forward)" =~ .*0$ ]]; then | |
| echo "Enabling ipv4 forwarding" >&2 | |
| echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf; sysctl -p | |
| fi | |
| echo "Adding iptables rules" >&2 | |
| iptables -t nat -A POSTROUTING -o "$ext_iface" -j MASQUERADE | |
| iptables -A FORWARD -i "$ext_iface" -o "$int_iface" -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| iptables -A FORWARD -i "$int_iface" -d 100.64.0.0/10 -o "$ext_iface" -j ACCEPT | |
| } | |
| uninstall_nat(){ | |
| local int_iface="$1"; shift | |
| local ext_iface="$1" | |
| echo "Removing iptable rules" >&2 | |
| iptables -t nat -D POSTROUTING -o "$ext_iface" -j MASQUERADE || true | |
| iptables -D FORWARD -i "$ext_iface" -o "$int_iface" -m state --state RELATED,ESTABLISHED -j ACCEPT || true | |
| iptables -D FORWARD -i "$int_iface" -d 100.64.0.0/10 -o "$ext_iface" -j ACCEPT || true | |
| } | |
| print_help(){ | |
| ( | |
| echo "Usage: $0 COMMAND INTERNAL_INTERFACE EXTERNAL_INTERFACE" | |
| echo "" | |
| echo "Commands:" | |
| echo " install Installs the nat iptable rules" | |
| echo " uninstall Removes the nat iptable rules" | |
| ) >&2 | |
| exit 1 | |
| } | |
| if (( $# != 3 )); then | |
| print_help | |
| fi | |
| case "$1" in | |
| install) | |
| install_nat "$2" "$3" | |
| ;; | |
| uninstall) | |
| uninstall_nat "$2" "$3" | |
| ;; | |
| *) | |
| print_help | |
| ;; | |
| esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment