104 lines
3.0 KiB
Bash
104 lines
3.0 KiB
Bash
|
#!/bin/bash
|
||
|
|
||
|
SOURCE=${BASH_SOURCE[0]}
|
||
|
while [ -L "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
|
||
|
DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
|
||
|
SOURCE=$(readlink "$SOURCE")
|
||
|
[[ $SOURCE != /* ]] && SOURCE=$DIR/$SOURCE # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
|
||
|
done
|
||
|
DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
|
||
|
|
||
|
if [[ -f "$DIR/../config/config.sh" ]]; then
|
||
|
. "$DIR/../config/config.sh"
|
||
|
else
|
||
|
echo "$DIR/../config/config.sh missing!"
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
if [ "$(id -u)" -ne 0 ]; then
|
||
|
echo 'This script must be run as root.' >&2
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
. "$DIR/get-dhcp-dns.sh"
|
||
|
|
||
|
# ==============================================================================
|
||
|
|
||
|
PRIVATE_LAN_IP="192.168.2.1"
|
||
|
BRIDGED_CLIENT_IP="192.168.2.2"
|
||
|
|
||
|
# Configure the wired interface with the bridge IP address
|
||
|
ifconfig $ETH_IFACE $PRIVATE_LAN_IP netmask 255.255.255.0 up
|
||
|
|
||
|
# Mirror the DNS servers to the private LAN
|
||
|
DHCP_DNS=($(get_dns_servers "$WLAN_IFACE"))
|
||
|
if [ -n "$DHCP_DNS" ]; then
|
||
|
dns_servers_config=""
|
||
|
for server in "${DHCP_DNS[@]}"; do
|
||
|
dns_servers_config+="server=$server"$'\n'
|
||
|
done
|
||
|
|
||
|
dhcp_opt_6_config="dhcp-option=6"
|
||
|
for server in "${DHCP_DNS[@]}"; do
|
||
|
dhcp_opt_6_config+=",$server"
|
||
|
done
|
||
|
echo "Mirrored WLAN DHCP DNS servers: ${DHCP_DNS[*]}"
|
||
|
else
|
||
|
dns_servers_config="""server=1.1.1.1
|
||
|
server=1.0.0.1"""
|
||
|
dhcp_opt_6_config=""
|
||
|
fi
|
||
|
|
||
|
# Also mirror DNS domain
|
||
|
DHCP_DNS_DOMAIN=$(get_dns_domain $WLAN_IFACE)
|
||
|
if [ -n "$DHCP_DNS_DOMAIN" ]; then
|
||
|
dns_domain_config="domain=$DHCP_DNS_DOMAIN"
|
||
|
echo "Mirrored WLAN DHCP DNS domain: $DHCP_DNS_DOMAIN"
|
||
|
else
|
||
|
dns_domain_config=""
|
||
|
fi
|
||
|
|
||
|
# Create the dnsmasq.conf file with the generated DNS server config
|
||
|
cat >/etc/dnsmasq.conf <<EOL
|
||
|
interface=$ETH_IFACE
|
||
|
domain-needed
|
||
|
bogus-priv
|
||
|
no-resolv
|
||
|
$dns_servers_config
|
||
|
$dhcp_opt_6_config
|
||
|
$dns_domain_config
|
||
|
listen-address=::1,127.0.0.1,$PRIVATE_LAN_IP
|
||
|
expand-hosts
|
||
|
dhcp-range=$PRIVATE_LAN_IP,$BRIDGED_CLIENT_IP,12h
|
||
|
dhcp-option=option:router,$PRIVATE_LAN_IP
|
||
|
dhcp-authoritative
|
||
|
dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases
|
||
|
EOL
|
||
|
echo "Wrote to /etc/dnsmasq.conf"
|
||
|
|
||
|
# Configure NAT to forward traffic between the private LAN and the WLAN
|
||
|
iptables -X
|
||
|
iptables -F
|
||
|
iptables -t nat -X
|
||
|
iptables -t nat -F
|
||
|
echo "Reset iptables"
|
||
|
|
||
|
# Route/forward traffic between nets
|
||
|
iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||
|
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||
|
iptables -t nat -I POSTROUTING -o $WLAN_IFACE -j MASQUERADE
|
||
|
echo "Created iptables to route traffic between nets"
|
||
|
|
||
|
# Port forward everything to the single client
|
||
|
iptables -t nat -A PREROUTING -i $WLAN_IFACE -j DNAT --to-destination $BRIDGED_CLIENT_IP
|
||
|
iptables -t nat -A POSTROUTING -o $ETH_IFACE -j MASQUERADE
|
||
|
echo "Port forwarded everything to the single bridged client"
|
||
|
|
||
|
echo -e "\nRestarting dnsmasq...\n"
|
||
|
service systemd-resolved stop
|
||
|
# systemctl enable --now dnsmasq
|
||
|
systemctl restart dnsmasq
|
||
|
echo -e "\n"
|
||
|
sleep 5
|
||
|
systemctl status --no-pager dnsmasq
|