2023-06-13 14:14:38 -06:00
#!/bin/bash
SOURCE = ${ BASH_SOURCE [0] }
while [ -L " $SOURCE " ] ; do # resolve $SOURCE until the file is no longer a symlink
DIR = $( cd -P " $( dirname " $SOURCE " ) " >/dev/null 2>& 1 && pwd )
SOURCE = $( readlink " $SOURCE " )
[ [ $SOURCE != /* ] ] && SOURCE = $DIR /$SOURCE # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
done
DIR = $( cd -P " $( dirname " $SOURCE " ) " >/dev/null 2>& 1 && pwd )
if [ [ -f " $DIR /../config/config.sh " ] ] ; then
. " $DIR /../config/config.sh "
else
echo " $DIR /../config/config.sh missing! "
exit 1
fi
if [ " $( id -u) " -ne 0 ] ; then
echo 'This script must be run as root.' >& 2
exit 1
fi
. " $DIR /get-dhcp-dns.sh "
# ==============================================================================
PRIVATE_LAN_IP = "192.168.2.1"
BRIDGED_CLIENT_IP = "192.168.2.2"
# Configure the wired interface with the bridge IP address
ifconfig $ETH_IFACE $PRIVATE_LAN_IP netmask 255.255.255.0 up
# Mirror the DNS servers to the private LAN
DHCP_DNS = ( $( get_dns_servers " $WLAN_IFACE " ) )
if [ -n " $DHCP_DNS " ] ; then
dns_servers_config = ""
for server in " ${ DHCP_DNS [@] } " ; do
dns_servers_config += " server= $server " $'\n'
done
dhcp_opt_6_config = "dhcp-option=6"
for server in " ${ DHCP_DNS [@] } " ; do
dhcp_opt_6_config += " , $server "
done
echo " Mirrored WLAN DHCP DNS servers: ${ DHCP_DNS [*] } "
else
dns_servers_config = "" " server=1.1.1.1
server = 1.0.0.1"" "
dhcp_opt_6_config = ""
fi
# Also mirror DNS domain
DHCP_DNS_DOMAIN = $( get_dns_domain $WLAN_IFACE )
if [ -n " $DHCP_DNS_DOMAIN " ] ; then
dns_domain_config = " domain= $DHCP_DNS_DOMAIN "
echo " Mirrored WLAN DHCP DNS domain: $DHCP_DNS_DOMAIN "
else
dns_domain_config = ""
fi
cat >/etc/dnsmasq.conf <<EOL
interface = $ETH_IFACE
domain-needed
bogus-priv
no-resolv
$dns_servers_config
$dhcp_opt_6_config
$dns_domain_config
listen-address= ::1,127.0.0.1,$PRIVATE_LAN_IP
expand-hosts
dhcp-range= $PRIVATE_LAN_IP ,$BRIDGED_CLIENT_IP ,12h
dhcp-option= option:router,$PRIVATE_LAN_IP
dhcp-authoritative
dhcp-leasefile= /var/lib/dnsmasq/dnsmasq.leases
EOL
echo "Wrote to /etc/dnsmasq.conf"
# Configure NAT to forward traffic between the private LAN and the WLAN
iptables -X
iptables -F
iptables -t nat -X
iptables -t nat -F
echo "Reset iptables"
# Route/forward traffic between nets
iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -I POSTROUTING -o $WLAN_IFACE -j MASQUERADE
echo "Created iptables to route traffic between nets"
2023-06-13 15:39:52 -06:00
# Exclude the SSH port from forwarding so we can still administer the router
iptables -t nat -A PREROUTING -i $WLAN_IFACE -p tcp --dport $ROUTER_SSH_PORT -j RETURN
# Forward all other ports to the single wired device
2023-06-13 14:14:38 -06:00
iptables -t nat -A PREROUTING -i $WLAN_IFACE -j DNAT --to-destination $BRIDGED_CLIENT_IP
iptables -t nat -A POSTROUTING -o $ETH_IFACE -j MASQUERADE
2023-06-13 15:39:52 -06:00
echo "Redirected the router's ports to the single bridged client"
2023-06-13 14:14:38 -06:00
2023-06-13 14:28:14 -06:00
echo -en "\nRestarting dnsmasq..."
2023-06-13 14:14:38 -06:00
service systemd-resolved stop
# systemctl enable --now dnsmasq
systemctl restart dnsmasq
echo -e "\n"
sleep 5
systemctl status --no-pager dnsmasq