portforwardbind.sh

1. #!/bin/sh
2. #sets script dir as working dir
3. cd "$(dirname "$0")"
4. PIA_CERT="ca.rsa.4096.crt"
5. PIA_TOKEN=$(cat PIA_TOKEN)
6. PIA_SERVER_IP=$(cat PIA_SERVER_IP)
7. PIA_WG_CN=$(cat PIA_WG_CN)
8. PF_PAYLOAD_RAW=$(cat PF_PAYLOAD_RAW)
9. PF_GETSIGNATURE=$(cat PF_GETSIGNATURE)
10. PF_PORT=$(cat PF_PORT)
11.  
12. #binds the port to your wireguard tunnel. This needs to be done at least every 15mins or the you will loose the port, Setup a cron job with '*/14 * * * * root /opt/wireguard/portforwardbind.sh' or where ever you put the scripts
13. PF_BIND="$(curl --interface oet1 --CAcert $PIA_CERT --get --silent --show-error --retry 5 --retry-delay 1 --max-time 2 --data-urlencode payload=$PF_PAYLOAD_RAW --data-urlencode signature=$PF_GETSIGNATURE --resolve $PIA_WG_CN:19999:$PIA_SERVER_IP https://$PIA_WG_CN:19999/bindPort)"
14. echo $PF_BIND
15.  
16. #sets up routing for port to our transmission ip bind 192.168.168.168
17. iptables -t nat -I PREROUTING -p tcp --dport $PF_PORT -j DNAT --to 192.168.168.168
18. iptables -t nat -I PREROUTING -p udp --dport $PF_PORT -j DNAT --to 192.168.168.168
19. #allows port through firewall
20. iptables -I INPUT -i oet1 -p tcp -d 192.168.168.168 --dport $PF_PORT -j ACCEPT
21. iptables -I INPUT -i oet1 -p udp -d 192.168.168.168 --dport $PF_PORT -j ACCEPT
22.  
23. #updates transmission with port need package 'opkg install transmission-remote' enter you transmission username and pass if used
24. transmission-remote -n username:pass -p $PF_PORT
25.  
26. #unused code to edit transmission settings file with port
27. #sed -i 's/.*peer-port.*/ "peer-port": "'$PF_PORT'",/' /opt/transmission/config/settings.json
28.