Created
April 21, 2019 18:45
-
-
Save varkey/2f834a15f74cad9985dc64326574e785 to your computer and use it in GitHub Desktop.
ZeroTier Internet Gateway with miniupnpd
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
ZT_SUBNET="<zerotier ip address subnet>" | |
ZT_NETWORK="<zerotier network address>" | |
# Install upnpd | |
export DEBIAN_FRONTEND=noninteractive | |
apt-get -yq update && apt-get -yq install miniupnpd htop iptables-persistent | |
# Install ZeroTier | |
curl -s 'https://raw.githubusercontent.com/zerotier/download.zerotier.com/master/htdocs/contact%40zerotier.com.gpg' | gpg --import && \ | |
if z=$(curl -s 'https://install.zerotier.com/' | gpg); then echo "$z" | sudo bash; fi | |
sleep 10 | |
/usr/sbin/zerotier-cli join ${ZT_NETWORK} && sleep 10 | |
# Configure upnpd | |
UUID=$(uuidgen) | |
ZT_INTERFACE=$(ip address show | grep zt[a-z0-9]*: | awk -F': ' '{print $2}') | |
EXT_IP=$(curl -s http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/address) | |
cat <<EOF > /etc/miniupnpd/miniupnpd.conf | |
ext_ifname=eth0 | |
listening_ip=${ZT_INTERFACE} | |
http_port=0 | |
enable_natpmp=yes | |
enable_upnp=yes | |
min_lifetime=120 | |
max_lifetime=86400 | |
bitrate_up=1000000 | |
bitrate_down=10000000 | |
secure_mode=no | |
system_uptime=yes | |
notify_interval=60 | |
clean_ruleset_interval=600 | |
uuid=${UUID} | |
serial=12345678 | |
model_number=1 | |
allow 1024-65535 ${ZT_SUBNET} 1024-65535 | |
deny 0-65535 0.0.0.0/0 0-65535 | |
EOF | |
cat <<EOF > /etc/default/miniupnpd | |
START_DAEMON=1 | |
MiniUPnPd_EXTERNAL_INTERFACE=eth0 | |
MiniUPnPd_LISTENING_IP=${ZT_INTERFACE} | |
MiniUPnPd_OTHER_OPTIONS="-S -N -f /etc/miniupnpd/miniupnpd.conf" | |
MiniUPnPd_ip6tables_enable=no | |
EOF | |
sed -i -e "s/^EXTIP.*/EXTIP=${EXT_IP}/" /etc/init.d/miniupnpd | |
mkdir /etc/systemd/system/zerotier-one.service.d | |
cat <<EOF > /etc/systemd/system/zerotier-one.service.d/override.conf | |
[Unit] | |
Before=miniupnpd.service | |
EOF | |
# Enable IP forwarding and NAT | |
sleep 10 | |
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf && sysctl -p | |
cat <<EOF > /etc/iptables/rules.v4 | |
*nat | |
-A POSTROUTING -o eth0 -j MASQUERADE | |
COMMIT | |
EOF | |
reboot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment