Skip to content

Instantly share code, notes, and snippets.

@tommyv1987

tommyv1987/nym_network_diagnostics.sh

Last active April 11, 2024 12:02
Show Gist options
  • Save tommyv1987/a5fb30f5966e9d7bfbce58d88a85c0c1 to your computer and use it in GitHub Desktop.
Save tommyv1987/a5fb30f5966e9d7bfbce58d88a85c0c1 to your computer and use it in GitHub Desktop.
Download ZIP
A diagnostic of network configurations and connectivity issues for Gateway operators including IPv4/IPv6 forwarding status, firewall rules inspection, routing table examination
Raw
nym_network_diagnostics.sh
#!/bin/bash
echo "---------------------------------------"
echo
echo "checking IPv4 forwarding status..."
cat /proc/sys/net/ipv4/ip_forward
echo "---------------------------------------"
echo
echo "checking IPv6 forwarding status..."
cat /proc/sys/net/ipv6/conf/all/forwarding
echo "---------------------------------------"
echo
echo "checking UFW firewall Status..."
if command -v ufw >/dev/null; then
ufw status verbose
else
echo "UFW command not found. ufw may not be installed or configured."
fi
echo "---------------------------------------"
echo
network_device=$(ip route show default | awk '/default/ {print $5}')
if [ -z "${network_device}" ]; then
echo "error: default network device not found."
exit 1
fi
echo "network Device: $network_device"
echo "---------------------------------------"
echo
echo "inspecting IPv4 firewall rules..."
iptables -L FORWARD -v -n | awk -v dev="$network_device" '/^Chain FORWARD/ || /nymtun0/ && dev || dev && /nymtun0/ || /ufw-reject-forward/'
echo "---------------------------------------"
echo
echo "inspecting IPv6 firewall rules..."
ip6tables -L FORWARD -v -n | awk -v dev="$network_device" '/^Chain FORWARD/ || /nymtun0/ && dev || dev && /nymtun0/ || /ufw6-reject-forward/'
echo "---------------------------------------"
echo
echo "examining IPv4 routing table..."
ip route
echo "---------------------------------------"
echo
echo "examining IPv6 routing table..."
ip -6 route
echo "---------------------------------------"
echo
echo "checking IPv4 connectivity (example: google.com)..."
ping -c 4 google.com
echo "---------------------------------------"
echo
echo "checking IPv6 connectivity (example: google.com)..."
ping6 -c 4 google.com
echo "---------------------------------------"
echo
echo "checking internet and mixnet connectivity (IPv4) via nymtun0..."
echo "if a joke is returned there's connectivity through ipv4 and the nymtun, are you ready?"
sleep 2
# lets make this fun.....
curl -s -H "Accept: application/json" --interface $(ip addr show nymtun0 | grep 'inet ' | awk '{print $2}' | cut -d'/' -f1) https://icanhazdadjoke.com/ | jq -c .joke
echo "---------------------------------------"
echo
echo "checking Internet and mixnet connectivity (IPv6) via nymtun0..."
echo "if a joke is returned, there's connectivity through IPv6 and the nymtun. are you ready?"
sleep 2
ipv6_address=$(ip addr show nymtun0 | grep 'inet6 ' | awk '{print $2}' | cut -d'/' -f1 | grep -v '^fe80:')
if [ -z "$ipv6_address" ]; then
echo
echo "no globally routable IPv6 address found on nymtun0."
echo "please ensure IPv6 is enabled on your VPS or configure your security groups/firewall settings appropriately."
echo "unfortunately there's no joke fo you :( and you can't route ipv6 traffic through your gateway to the internet"
else
joke=$(curl -s -H "Accept: application/json" --interface "$ipv6_address" https://icanhazdadjoke.com/ | jq -c .joke)
if [ -z "$joke" ] || [ "$joke" = "null" ]; then
echo "failed to fetch a joke. there might be an issue with the Internet connectivity or the joke service."
else
echo "joke fetched successfully:"
echo "$joke"
fi
fi
echo "machine check complete"
@tommyv1987
Copy link
Author

Returns information like:

---------------------------------------

checking IPv4 forwarding status...
1
---------------------------------------

checking IPv6 forwarding status...
1
---------------------------------------

onspecting IPv4 firewall Rules...
Chain INPUT (policy ACCEPT 87M packets, 65G bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
1537K  360M ACCEPT     all  --  nymtun0 eth0    0.0.0.0/0            0.0.0.0/0           
1537K 1767M ACCEPT     all  --  eth0   nymtun0  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT 86M packets, 65G bytes)
 pkts bytes target     prot opt in     out     source               destination         
---------------------------------------

inspecting IPv6 firewall Rules...
Chain INPUT (policy ACCEPT 60102 packets, 389M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 1 packets, 145 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 480K   90M ACCEPT     all      nymtun0 eth0    ::/0                 ::/0                
 446K  591M ACCEPT     all      eth0   nymtun0  ::/0                 ::/0                 state RELATED,ESTABLISHED
    0     0 ACCEPT     all      eth0   nymtun0  ::/0                 ::/0                 state RELATED,ESTABLISHED
    0     0 ACCEPT     all      nymtun0 eth0    ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 52377 packets, 5605K bytes)
 pkts bytes target     prot opt in     out     source               destination         
---------------------------------------

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment