eibgrad

merlin-ovpn-port-forward.sh

Sep 25th, 2021 (edited)
2,663
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/sh
  2. #DEBUG= # uncomment/comment to enable/disable debug mode
  3.  
  4. #          name: merlin-ovpn-port-forward.sh
  5. #       version: 2.0.0, 22-jul-2022, by eibgrad
  6. #       purpose: openvpn client firewall-based killswitch
  7. #       type(s): nat-start
  8. #          href: https://tinyurl.com/3ebyzyyu
  9. #  installation:
  10. #    1. enable jffs custom scripts and configs (administration->system)
  11. #    2. ssh to router and copy/paste the following command:
  12. #         curl -kLs bit.ly/merlin-installer|tr -d '\r'|sh -s SqReWZnB
  13. #    3. modify script w/ your preferred options using nano editor:
  14. #         nano /jffs/scripts/merlin-ovpn-port-forward.sh
  15. #    4. reboot
  16.  
  17. SCRIPTS_DIR="/jffs/scripts"
  18. SCRIPT1="$SCRIPTS_DIR/merlin-ovpn-port-forward.sh"
  19. SCRIPT2="$SCRIPTS_DIR/nat-start"
  20.  
  21. mkdir -p $SCRIPTS_DIR
  22.  
  23. # ---------------------- begin merlin-ovpn-port-forward ---------------------- #
  24. cat << 'EOF' > $SCRIPT1
  25. #!/bin/sh
  26. #set -x # comment/uncomment to disable/enable debug mode
  27. {
  28. # ------------------------------ BEGIN OPTIONS ------------------------------- #
  29.  
  30. # interface source-ip/net proto extern-port intern-ip intern-port [comments...]
  31. PORT_FORWARDS="
  32. tun11 0.0.0.0/0 tcp 10022 $(nvram get lan_ipaddr) 22 router ssh server
  33. tun12 0.0.0.0/0 tcp 10080 192.168.1.200 80
  34. tun12 0.0.0.0/0 tcp 10443 192.168.1.200 443
  35. #tun12 188.188.188.188 tcp 10088 192.168.1.210 8088
  36. tun+ 199.199.199.0/24 udp 10999 192.168.1.210 999 all vpn network interfaces
  37. "
  38. # ------------------------------- END OPTIONS -------------------------------- #
  39.  
  40. # ---------------------- DO NOT CHANGE BELOW THIS LINE ----------------------- #
  41.  
  42. ipt() { iptables ${@/-[IA]/-D} 2>/dev/null; iptables $@; }
  43.  
  44. OIFS="$IFS"; IFS=$'\n'
  45.  
  46. for pf in $PORT_FORWARDS; do
  47.     # skip comments and blank lines
  48.     echo $pf | grep -Eq '^[[:space:]]*(#|$)' && continue
  49.  
  50.     # parse port forward into separate fields
  51.     for i in 1 2 3 4 5 6; do eval f$i="$(echo $pf | cut -d' ' -f$i)"; done
  52.  
  53.     # redirect external port on vpn to internal ip+port
  54.     ipt -t nat -I PREROUTING -i $f1 -s $f2 -p $f3 --dport $f4 \
  55.         -j DNAT --to $f5:$f6
  56. done
  57.  
  58. IFS="$OIFS"
  59.  
  60. # allow routing from vpn to router internal port
  61. ipt -I INPUT -i tun+ -m conntrack --ctstate DNAT -j ACCEPT
  62.  
  63. # allow routing from vpn to lan internal ip+port
  64. ipt -I FORWARD -i tun+ -m conntrack --ctstate DNAT -j ACCEPT
  65.  
  66. exit 0
  67. } 2>&1 | logger -t $(basename $0 .sh)[$$]
  68. EOF
  69. [ ${DEBUG+x} ] && sed -ri '2 s/^#(set -x)/\1/' $SCRIPT1
  70. chmod +x $SCRIPT1
  71. echo "installed: $SCRIPT1"
  72. # ----------------------- end merlin-ovpn-port-forward ----------------------- #
  73.  
  74. # ----------------------------- begin nat-start ------------------------------ #
  75. create_script() {
  76. cat << 'EOF' > $SCRIPT2
  77. #!/bin/sh
  78. #set -x # comment/uncomment to disable/enable debug mode
  79. {
  80. $SCRIPT1
  81. } 2>&1 | logger -t $(basename $0)[$$]
  82. EOF
  83. [ ${DEBUG+x} ] && sed -ri '2 s/^#(set -x)/\1/' $SCRIPT2
  84. sed -i "s:\$SCRIPT1:$SCRIPT1:g" $SCRIPT2
  85. chmod +x $SCRIPT2
  86. }
  87.  
  88. if [ -f $SCRIPT2 ]; then
  89.     echo "error: $SCRIPT2 already exists; requires manual installation"
  90. else
  91.     create_script
  92.     echo "installed: $SCRIPT2"
  93. fi
  94. # ------------------------------ end nat-start ------------------------------- #
Add Comment
Please, Sign In to add comment