Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #! /bin/bash
- # Script I
- export INTERFACE="tun0"
- export VPNUSER="debian-transmission"
- export LANIP="192.168.1.0/24"
- export NETIF="eth0"
- iptables -F -t nat
- iptables -F -t mangle
- iptables -F -t filter
- # mark packets from $VPNUSER
- iptables -t mangle -A OUTPUT ! --dest $LANIP -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
- iptables -t mangle -A OUTPUT --dest $LANIP -p udp --dport 53 -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
- iptables -t mangle -A OUTPUT --dest $LANIP -p tcp --dport 53 -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
- iptables -t mangle -A OUTPUT ! --src $LANIP -j MARK --set-mark 0x1
- # allow responses
- iptables -A INPUT -i $INTERFACE -m conntrack --ctstate ESTABLISHED -j ACCEPT
- # J'autorise les Ports de mon Application
- iptables -A INPUT -i $INTERFACE -p tcp --dport 56287 -j ACCEPT
- iptables -A INPUT -i $INTERFACE -p udp --dport 56287 -j ACCEPT
- iptables -A INPUT -i $INTERFACE -p tcp --dport 56969 -j ACCEPT
- iptables -A INPUT -i $INTERFACE -p udp --dport 56969 -j ACCEPT
- iptables -A INPUT -i $INTERFACE -p tcp --dport 80 -j ACCEPT
- iptables -A INPUT -i $INTERFACE -p udp --dport 80 -j ACCEPT
- # block everything incoming on $INTERFACE
- iptables -A INPUT -i $INTERFACE -j REJECT
- # J'utilise les DNS de mon VPN
- iptables -t nat -A OUTPUT --dest $LANIP -p udp --dport 53 -m owner --uid-owner $VPNUSER -j DNAT --to-destination 46.246.46.46
- iptables -t nat -A OUTPUT --dest $LANIP -p tcp --dport 53 -m owner --uid-owner $VPNUSER -j DNAT --to-destination 194.132.32.23
- # let $VPNUSER access lo and $INTERFACE
- iptables -A OUTPUT -o lo -m owner --uid-owner $VPNUSER -j ACCEPT
- iptables -A OUTPUT -o $INTERFACE -m owner --uid-owner $VPNUSER -j ACCEPT
- # all packets on $INTERFACE needs to be masqueraded
- iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE
- # reject connections from predator ip going over $NETIF
- iptables -A OUTPUT ! --src $LANIP -o $NETIF -j REJECT
- # Script II
- VPNIF="tun0"
- VPNUSER="debian-transmission"
- GATEWAYIP=`ifconfig $VPNIF | egrep -o '([0-9]{1,3}\.){3}[0-9]{1,3}' | egrep -v '255|(127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | tail -n1`
- if [[ `ip rule list | grep -c 0x1` == 0 ]]; then
- ip rule add from all fwmark 0x1 lookup $VPNUSER
- fi
- ip route replace default via $GATEWAYIP table $VPNUSER
- ip route append default via 127.0.0.1 dev lo table $VPNUSER
- ip route flush cache
- service transmission-daemon restart
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement