pagxir/ifup-tun0-old.sh

## ifup-tun0-old.sh
#!/bin/bash

PATH=${PATH}:/sbin:/usr/sbin

ip6tables -F FORWARD

iptables -t raw -F PREROUTING
#iptables -t raw -A PREROUTING -j NOTRACK

iptables -t raw -F OUTPUT
#iptables -t raw -A OUTPUT -j NOTRACK

iptables -t mangle -N TOYVPN
iptables -t mangle -F TOYVPN
iptables -t mangle -A TOYVPN -d 0.0.0.0/8 -j RETURN
iptables -t mangle -A TOYVPN -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A TOYVPN -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A TOYVPN -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A TOYVPN -d 240.0.0.0/4 -j RETURN
#iptables -t mangle -A TOYVPN -p udp -j MARK --set-mark 0x30
#iptables -t mangle -A TOYVPN -p udp -m owner --uid-owner 0 -j MARK --set-mark 0x0

iptables -t mangle -A TOYVPN -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A TOYVPN -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A TOYVPN -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A TOYVPN -p tcp -j MARK --set-mark 0x30

iptables -t mangle -N TOYOUT
iptables -t mangle -F TOYOUT
iptables -A TOYOUT -t mangle -m state --state NEW -j CONNMARK --set-mark 0x30
iptables -A TOYOUT -t mangle -m state --state ESTABLISHED,RELATED -m connmark ! --mark 0x30 -j RETURN
iptables -A TOYOUT -t mangle -j TOYVPN

iptables -F OUTPUT -t mangle
#iptables -A OUTPUT -t mangle -p tcp -d 192.157.226.149 -j TOYOUT
#iptables -A OUTPUT -t mangle -m owner --uid-owner 1001 -j TOYOUT

iptables -A OUTPUT -t mangle -p tcp --dport 443 -j TOYVPN
#iptables -A OUTPUT -t mangle -p tcp --dport 80 -j TOYVPN

iptables -F POSTROUTING -t nat
#iptables -A POSTROUTING -t nat -o tun0 -j SNAT --to 10.3.0.1
#iptables -A PREROUTING -t mangle -p tcp -j TOYVPN
#iptables -A PREROUTING -t mangle -p udp --dport 53 -j TOYVPN

tun_dev="tun0";
#phy_dev="usb0";

phy_dev=$(ip -4 addr|sed -n '/eth[0-9]$/s/.*global //p');
phy_addr=$(ip -4 addr|sed -n "/eth[0-9]$/s/.*inet \([0-9.]*\)[ /].*/\1/p")

#tc qdisc add dev ${phy_dev} root handle 10: htb
#tc filter add dev ${phy_dev} parent 10: protocol ip prio 10 u32 match ip dst 172.25.1.51/32 action nat egress ${phy_addr}/32 172.25.1.52
#toyclient -s ./ifup-tun0.sh -t tun0 -r $(ip -4 addr|sed -n "/eth[0-9]$/s/.*inet \([0-9.]*\)[ /].*/\1/p") 172.25.1.51:3389

if ! [ X$1 = X"" ]; then
    tun_dev=$1;
fi;

sysctl -w net.ipv6.conf.all.disable_ipv6=0
sysctl -w net.ipv4.conf.all.rp_filter=0;
sysctl -w net.ipv4.conf.${tun_dev}.rp_filter=0;
sysctl -w net.ipv6.conf.all.forwarding=1
sysctl -w net.ipv6.conf.default.forwarding=1

ip -4 addr add 10.3.0.1/24 dev ${tun_dev}
#ip -6 addr add 2001:c0a8:2b01::1/64 dev ${tun_dev}
#ip -6 route add default dev ${tun_dev} metric 256 proto static
ip link set dev ${tun_dev} mtu 1500 up

ip route flush table 30
#ip route add 10.3.0.0/24 dev ${tun_dev} table 30
ip route add 10.3.0.0/24 dev ${tun_dev} proto kernel scope link  src 10.3.0.1
ip route add default dev ${tun_dev} src 10.3.0.1 table 30
#ip route add default dev ${tun_dev} table 30
#ip -6 addr add 2001:c0a8:2b01::1/64 dev ${tun_dev}
ip route add 1.0.0.0/24 dev ${tun_dev}

ip rule del fwmark 0x30 table 30 pref 999
ip rule add fwmark 0x30 table 30 pref 999
ip rule del from 10.3.0.1 table 30 pref 999
ip rule add from 10.3.0.1 table 30 pref 999

## ifup-tun0.sh
#!/bin/sh

tun_dev=tun0
ip address add 10.24.0.1/24 dev ${tun_dev}
ip link set dev ${tun_dev} up

ip -6 addr add 2001:c0a8:2b01:cfcc::1/64 dev ${tun_dev}
ip -6 route add default dev ${tun_dev} metric 256 proto static

ip route flush table 30
ip route show|grep -v -e wwan0 -e tun|sed 's/dev/table 30 dev/g' |tr '\n' '\0'|xargs -n 1 -0 -r echo ip route add|sh
ip route add default dev ${tun_dev} table 30

ip rule del fwmark 0x2010 pref 2010 goto 32766
ip rule add fwmark 0x2010 pref 2010 goto 32766

ip rule del fwmark 0x2010 pref 2011 lookup 66
ip rule add fwmark 0x2010 pref 2011 lookup 66

ip rule del lookup 30 pref 2030
ip rule add lookup 30 pref 2030

iptables -t raw -N delegate_notrack && iptables -t raw -A PREROUTING -j delegate_notrack

iptables -t raw -F delegate_notrack
iptables -t raw -A delegate_notrack -p udp --dport 138 -j RETURN
iptables -t raw -A delegate_notrack -p icmp  -j RETURN

iptables -t raw -A delegate_notrack -i ${tun_dev} -d 192.168.8.0/24 -j RETURN
iptables -t raw -A delegate_notrack -i ${tun_dev} -d 192.168.0.0/16 -j CT --notrack

iptables -t raw -A delegate_notrack -i br-lan -d 192.168.0.0/16 -j RETURN
iptables -t raw -A delegate_notrack -i br-lan -j CT --notrack

iptables -t mangle -N VPNTAG
iptables -t mangle -F VPNTAG
iptables -t mangle -A VPNTAG -d 8.8.0.0/16 -j RETURN

iptables -t mangle -A VPNTAG -p icmp -j MARK --set-mark 0x2010
iptables -t mangle -A VPNTAG -p udp --dport 53 -j MARK --set-mark 0x2010
iptables -t mangle -A VPNTAG -p udp --dport 138 -j MARK --set-mark 0x2010

iptables -t mangle -A VPNTAG -d 1.1.1.1 -j MARK --set-mark 0x2010
iptables -t mangle -A VPNTAG -d 192.168.0.0/16 -j MARK --set-mark 0x2010

iptables -D OUTPUT -t mangle -j VPNTAG
iptables -A OUTPUT -t mangle -j VPNTAG

iptables -D PREROUTING -t mangle -i br-lan -j VPNTAG
iptables -A PREROUTING -t mangle -i br-lan -j VPNTAG
	#!/bin/bash

	PATH=${PATH}:/sbin:/usr/sbin

	ip6tables -F FORWARD

	iptables -t raw -F PREROUTING
	#iptables -t raw -A PREROUTING -j NOTRACK

	iptables -t raw -F OUTPUT
	#iptables -t raw -A OUTPUT -j NOTRACK

	iptables -t mangle -N TOYVPN
	iptables -t mangle -F TOYVPN
	iptables -t mangle -A TOYVPN -d 0.0.0.0/8 -j RETURN
	iptables -t mangle -A TOYVPN -d 127.0.0.0/8 -j RETURN
	iptables -t mangle -A TOYVPN -d 169.254.0.0/16 -j RETURN
	iptables -t mangle -A TOYVPN -d 224.0.0.0/4 -j RETURN
	iptables -t mangle -A TOYVPN -d 240.0.0.0/4 -j RETURN
	#iptables -t mangle -A TOYVPN -p udp -j MARK --set-mark 0x30
	#iptables -t mangle -A TOYVPN -p udp -m owner --uid-owner 0 -j MARK --set-mark 0x0

	iptables -t mangle -A TOYVPN -d 10.0.0.0/8 -j RETURN
	iptables -t mangle -A TOYVPN -d 172.16.0.0/12 -j RETURN
	iptables -t mangle -A TOYVPN -d 192.168.0.0/16 -j RETURN
	iptables -t mangle -A TOYVPN -p tcp -j MARK --set-mark 0x30

	iptables -t mangle -N TOYOUT
	iptables -t mangle -F TOYOUT
	iptables -A TOYOUT -t mangle -m state --state NEW -j CONNMARK --set-mark 0x30
	iptables -A TOYOUT -t mangle -m state --state ESTABLISHED,RELATED -m connmark ! --mark 0x30 -j RETURN
	iptables -A TOYOUT -t mangle -j TOYVPN

	iptables -F OUTPUT -t mangle
	#iptables -A OUTPUT -t mangle -p tcp -d 192.157.226.149 -j TOYOUT
	#iptables -A OUTPUT -t mangle -m owner --uid-owner 1001 -j TOYOUT

	iptables -A OUTPUT -t mangle -p tcp --dport 443 -j TOYVPN
	#iptables -A OUTPUT -t mangle -p tcp --dport 80 -j TOYVPN

	iptables -F POSTROUTING -t nat
	#iptables -A POSTROUTING -t nat -o tun0 -j SNAT --to 10.3.0.1
	#iptables -A PREROUTING -t mangle -p tcp -j TOYVPN
	#iptables -A PREROUTING -t mangle -p udp --dport 53 -j TOYVPN

	tun_dev="tun0";
	#phy_dev="usb0";

	phy_dev=$(ip -4 addr\|sed -n '/eth[0-9]$/s/.*global //p');
	phy_addr=$(ip -4 addr\|sed -n "/eth[0-9]$/s/.inet \([0-9.]\)[ /].*/\1/p")

	#tc qdisc add dev ${phy_dev} root handle 10: htb
	#tc filter add dev ${phy_dev} parent 10: protocol ip prio 10 u32 match ip dst 172.25.1.51/32 action nat egress ${phy_addr}/32 172.25.1.52
	#toyclient -s ./ifup-tun0.sh -t tun0 -r $(ip -4 addr\|sed -n "/eth[0-9]$/s/.inet \([0-9.]\)[ /].*/\1/p") 172.25.1.51:3389

	if ! [ X$1 = X"" ]; then
	tun_dev=$1;
	fi;

	sysctl -w net.ipv6.conf.all.disable_ipv6=0
	sysctl -w net.ipv4.conf.all.rp_filter=0;
	sysctl -w net.ipv4.conf.${tun_dev}.rp_filter=0;
	sysctl -w net.ipv6.conf.all.forwarding=1
	sysctl -w net.ipv6.conf.default.forwarding=1

	ip -4 addr add 10.3.0.1/24 dev ${tun_dev}
	#ip -6 addr add 2001:c0a8:2b01::1/64 dev ${tun_dev}
	#ip -6 route add default dev ${tun_dev} metric 256 proto static
	ip link set dev ${tun_dev} mtu 1500 up

	ip route flush table 30
	#ip route add 10.3.0.0/24 dev ${tun_dev} table 30
	ip route add 10.3.0.0/24 dev ${tun_dev} proto kernel scope link src 10.3.0.1
	ip route add default dev ${tun_dev} src 10.3.0.1 table 30
	#ip route add default dev ${tun_dev} table 30
	#ip -6 addr add 2001:c0a8:2b01::1/64 dev ${tun_dev}
	ip route add 1.0.0.0/24 dev ${tun_dev}

	ip rule del fwmark 0x30 table 30 pref 999
	ip rule add fwmark 0x30 table 30 pref 999
	ip rule del from 10.3.0.1 table 30 pref 999
	ip rule add from 10.3.0.1 table 30 pref 999
	#!/bin/sh

	tun_dev=tun0
	ip address add 10.24.0.1/24 dev ${tun_dev}
	ip link set dev ${tun_dev} up

	ip -6 addr add 2001:c0a8:2b01:cfcc::1/64 dev ${tun_dev}
	ip -6 route add default dev ${tun_dev} metric 256 proto static

	ip route flush table 30
	ip route show\|grep -v -e wwan0 -e tun\|sed 's/dev/table 30 dev/g' \|tr '\n' '\0'\|xargs -n 1 -0 -r echo ip route add\|sh
	ip route add default dev ${tun_dev} table 30

	ip rule del fwmark 0x2010 pref 2010 goto 32766
	ip rule add fwmark 0x2010 pref 2010 goto 32766

	ip rule del fwmark 0x2010 pref 2011 lookup 66
	ip rule add fwmark 0x2010 pref 2011 lookup 66

	ip rule del lookup 30 pref 2030
	ip rule add lookup 30 pref 2030

	iptables -t raw -N delegate_notrack && iptables -t raw -A PREROUTING -j delegate_notrack

	iptables -t raw -F delegate_notrack
	iptables -t raw -A delegate_notrack -p udp --dport 138 -j RETURN
	iptables -t raw -A delegate_notrack -p icmp -j RETURN

	iptables -t raw -A delegate_notrack -i ${tun_dev} -d 192.168.8.0/24 -j RETURN
	iptables -t raw -A delegate_notrack -i ${tun_dev} -d 192.168.0.0/16 -j CT --notrack

	iptables -t raw -A delegate_notrack -i br-lan -d 192.168.0.0/16 -j RETURN
	iptables -t raw -A delegate_notrack -i br-lan -j CT --notrack

	iptables -t mangle -N VPNTAG
	iptables -t mangle -F VPNTAG
	iptables -t mangle -A VPNTAG -d 8.8.0.0/16 -j RETURN

	iptables -t mangle -A VPNTAG -p icmp -j MARK --set-mark 0x2010
	iptables -t mangle -A VPNTAG -p udp --dport 53 -j MARK --set-mark 0x2010
	iptables -t mangle -A VPNTAG -p udp --dport 138 -j MARK --set-mark 0x2010

	iptables -t mangle -A VPNTAG -d 1.1.1.1 -j MARK --set-mark 0x2010
	iptables -t mangle -A VPNTAG -d 192.168.0.0/16 -j MARK --set-mark 0x2010

	iptables -D OUTPUT -t mangle -j VPNTAG
	iptables -A OUTPUT -t mangle -j VPNTAG

	iptables -D PREROUTING -t mangle -i br-lan -j VPNTAG
	iptables -A PREROUTING -t mangle -i br-lan -j VPNTAG