wlan2eth/bridge/bridge-lan.sh

105 lines
3.1 KiB
Bash
Raw Normal View History

2023-06-13 14:14:38 -06:00
#!/bin/bash
SOURCE=${BASH_SOURCE[0]}
while [ -L "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
SOURCE=$(readlink "$SOURCE")
[[ $SOURCE != /* ]] && SOURCE=$DIR/$SOURCE # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
done
DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
if [[ -f "$DIR/../config/config.sh" ]]; then
. "$DIR/../config/config.sh"
else
echo "$DIR/../config/config.sh missing!"
exit 1
fi
if [ "$(id -u)" -ne 0 ]; then
echo 'This script must be run as root.' >&2
exit 1
fi
. "$DIR/get-dhcp-dns.sh"
# ==============================================================================
PRIVATE_LAN_IP="192.168.2.1"
BRIDGED_CLIENT_IP="192.168.2.2"
# Configure the wired interface with the bridge IP address
ifconfig $ETH_IFACE $PRIVATE_LAN_IP netmask 255.255.255.0 up
# Mirror the DNS servers to the private LAN
DHCP_DNS=($(get_dns_servers "$WLAN_IFACE"))
if [ -n "$DHCP_DNS" ]; then
dns_servers_config=""
for server in "${DHCP_DNS[@]}"; do
dns_servers_config+="server=$server"$'\n'
done
dhcp_opt_6_config="dhcp-option=6"
for server in "${DHCP_DNS[@]}"; do
dhcp_opt_6_config+=",$server"
done
echo "Mirrored WLAN DHCP DNS servers: ${DHCP_DNS[*]}"
else
dns_servers_config="""server=1.1.1.1
server=1.0.0.1"""
dhcp_opt_6_config=""
fi
# Also mirror DNS domain
DHCP_DNS_DOMAIN=$(get_dns_domain $WLAN_IFACE)
if [ -n "$DHCP_DNS_DOMAIN" ]; then
dns_domain_config="domain=$DHCP_DNS_DOMAIN"
echo "Mirrored WLAN DHCP DNS domain: $DHCP_DNS_DOMAIN"
else
dns_domain_config=""
fi
cat >/etc/dnsmasq.conf <<EOL
interface=$ETH_IFACE
domain-needed
bogus-priv
no-resolv
$dns_servers_config
$dhcp_opt_6_config
$dns_domain_config
listen-address=::1,127.0.0.1,$PRIVATE_LAN_IP
expand-hosts
dhcp-range=$PRIVATE_LAN_IP,$BRIDGED_CLIENT_IP,12h
dhcp-option=option:router,$PRIVATE_LAN_IP
dhcp-authoritative
dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases
EOL
echo "Wrote to /etc/dnsmasq.conf"
# Configure NAT to forward traffic between the private LAN and the WLAN
iptables -X
iptables -F
iptables -t nat -X
iptables -t nat -F
echo "Reset iptables"
# Route/forward traffic between nets
iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -I POSTROUTING -o $WLAN_IFACE -j MASQUERADE
echo "Created iptables to route traffic between nets"
2023-06-13 15:39:52 -06:00
# Exclude the SSH port from forwarding so we can still administer the router
iptables -t nat -A PREROUTING -i $WLAN_IFACE -p tcp --dport $ROUTER_SSH_PORT -j RETURN
# Forward all other ports to the single wired device
2023-06-13 14:14:38 -06:00
iptables -t nat -A PREROUTING -i $WLAN_IFACE -j DNAT --to-destination $BRIDGED_CLIENT_IP
iptables -t nat -A POSTROUTING -o $ETH_IFACE -j MASQUERADE
2023-06-13 15:39:52 -06:00
echo "Redirected the router's ports to the single bridged client"
2023-06-13 14:14:38 -06:00
2023-06-13 14:28:14 -06:00
echo -en "\nRestarting dnsmasq..."
2023-06-13 14:14:38 -06:00
service systemd-resolved stop
# systemctl enable --now dnsmasq
systemctl restart dnsmasq
echo -e "\n"
sleep 5
systemctl status --no-pager dnsmasq