Skip to content

Update network_tunnel_manager.sh #6085

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 1 commit into
base: develop
Choose a base branch
from
Draft

Update network_tunnel_manager.sh #6085

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 19 additions & 4 deletions scripts/network_tunnel_manager.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,26 +85,41 @@ apply_iptables_rules() {
echo "applying IPtables rules for $interface..."
sleep 2

# INPUT rules - allow incoming connections TO the gateway from tunnel clients
# This is CRITICAL for mobile clients to reach the bandwidth controller at 10.1.0.1:51830
sudo iptables -I INPUT -i "$interface" -j ACCEPT
sudo ip6tables -I INPUT -i "$interface" -j ACCEPT

# NAT rules - for outbound traffic masquerading
sudo iptables -t nat -A POSTROUTING -o "$network_device" -j MASQUERADE
sudo ip6tables -t nat -A POSTROUTING -o "$network_device" -j MASQUERADE

# FORWARD rules - allow traffic through the gateway
sudo iptables -A FORWARD -i "$interface" -o "$network_device" -j ACCEPT
sudo iptables -A FORWARD -i "$network_device" -o "$interface" -m state --state RELATED,ESTABLISHED -j ACCEPT

sudo ip6tables -t nat -A POSTROUTING -o "$network_device" -j MASQUERADE
sudo ip6tables -A FORWARD -i "$interface" -o "$network_device" -j ACCEPT
sudo ip6tables -A FORWARD -i "$network_device" -o "$interface" -m state --state RELATED,ESTABLISHED -j ACCEPT

sudo iptables-save | sudo tee /etc/iptables/rules.v4
sudo ip6tables-save | sudo tee /etc/iptables/rules.v6

echo "IPtables rules applied successfully for $interface (including INPUT rules for bandwidth controller)."
}

check_tunnel_iptables() {
local interface=$1
echo "inspecting IPtables rules for $interface..."
echo "---------------------------------------"
echo "IPv4 rules:"
echo "IPv4 INPUT rules (for bandwidth controller):"
iptables -L INPUT -v -n | grep -E "$interface|Chain INPUT" | head -20
echo "---------------------------------------"
echo "IPv4 FORWARD rules:"
iptables -L FORWARD -v -n | awk -v dev="$interface" '/^Chain FORWARD/ || $0 ~ dev || $0 ~ "ufw-reject-forward"'
echo "---------------------------------------"
echo "IPv6 rules:"
echo "IPv6 INPUT rules (for bandwidth controller):"
ip6tables -L INPUT -v -n | grep -E "$interface|Chain INPUT" | head -20
echo "---------------------------------------"
echo "IPv6 FORWARD rules:"
ip6tables -L FORWARD -v -n | awk -v dev="$interface" '/^Chain FORWARD/ || $0 ~ dev || $0 ~ "ufw6-reject-forward"'
}

Expand Down
Loading