Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #! /bin/bash
- # http://www.niftiestsoftware.com/2011/08/28/making-all-network-traffic-for-a-linux-user-use-a-specific-network-interface/
- # Mark all packets for the VPN
- export INTERFACE="tun0"
- export VPNUSER="rt"
- export LANIP="192.168.0.0/24"
- export NETIF="enp2s0"
- iptables -F -t nat
- iptables -F -t mangle
- iptables -F -t filter
- # mark packets from $VPNUSER
- iptables -t mangle -A PREROUTING ! -s $LANIP -j MARK --set-mark 0x1
- iptables -t mangle -A OUTPUT ! --dest $LANIP -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
- iptables -t mangle -A OUTPUT ! --src $LANIP -j MARK --set-mark 0x1
- # allow responses
- iptables -A INPUT -i $INTERFACE -m conntrack --ctstate ESTABLISHED -j ACCEPT
- # allow bittorrent
- ## Edit: Changed the ports here to my rtorrent port range.
- iptables -A INPUT -i $INTERFACE -p tcp --dport 55500:55555 -j ACCEPT
- #iptables -A INPUT -i $INTERFACE -p tcp --dport 59560 -j ACCEPT
- #iptables -A INPUT -i $INTERFACE -p tcp --dport 6443 -j ACCEPT
- iptables -A INPUT -i $INTERFACE -p udp --dport 55500:55555 -j ACCEPT
- #iptables -A INPUT -i $INTERFACE -p udp --dport 8881 -j ACCEPT
- #iptables -A INPUT -i $INTERFACE -p udp --dport 7881 -j ACCEPT
- # block everything incoming on $INTERFACE
- iptables -A INPUT -i $INTERFACE -j REJECT
- # send DNS to google (8.8.8.8 & 8.8.4.4) for $VPNUSER
- ## Edit: Changed to Cyberghost VPN dns-servers
- iptables -t nat -A OUTPUT --dest $LANIP -p udp --dport 53 -m owner --uid-owner $VPNUSER -j DNAT --to-destination 79.141.167.14
- iptables -t nat -A OUTPUT --dest $LANIP -p tcp --dport 53 -m owner --uid-owner $VPNUSER -j DNAT --to-destination 79.141.160.2
- # allow web interface
- ## Edit: Not too sure about this. What port is this?
- iptables -A OUTPUT -p tcp --dport 6443 -m owner --uid-owner $VPNUSER -j ACCEPT
- # let $VPNUSER access lo and $INTERFACE
- iptables -A OUTPUT -o lo -m owner --uid-owner $VPNUSER -j ACCEPT
- iptables -A OUTPUT -o $INTERFACE -m owner --uid-owner $VPNUSER -j ACCEPT
- # all packets on $INTERFACE needs to be masqueraded
- iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE
- iptables -t mangle -A OUTPUT -p tcp --sport 6443 -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x2
- # reject connections from predator ip going over $NETIF
- iptables -A OUTPUT ! --src $LANIP -o $NETIF -j REJECT
- ## Edit: Start routing script/script2
- /etc/openvpn/route_vpn.sh
- exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement