tavo/guides
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

bypasscgnat update

Browse source
This commit is contained in:
tavo-wasd 2024-03-07 22:04:30 -06:00
parent 7645e2359a
commit b854e9a438
2 changed files with 11 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
self_hosting/bypass_cgnat/README.md
View file

@ -1,3 +1,12 @@
# Bypass CGNAT # Bypass CGNAT
Setup a wireguard VPN to route traffic from a VPS to your local machine. Setup a wireguard VPN to route traffic from a VPS to your local machine.
Based from [this](https://github.com/mochman/Bypass_CGNAT) guide. Based from [this](https://github.com/mochman/Bypass_CGNAT) guide.
# Possible extra configuration
```
auto eth0
iface eth0 inet static
. . .
dns-nameservers 1.1.1.1 9.9.9.9
```

11
self_hosting/bypass_cgnat/bypasscgnat.sh
View file

@ -15,13 +15,11 @@ iptables_setup() {
iptables -A FORWARD -i "$SERVER_INT" -o wg0 -p tcp --syn --dport "$port" -m conntrack --ctstate NEW -j ACCEPT iptables -A FORWARD -i "$SERVER_INT" -o wg0 -p tcp --syn --dport "$port" -m conntrack --ctstate NEW -j ACCEPT
iptables -t nat -A PREROUTING -i "$SERVER_INT" -p tcp --dport "$port" -j DNAT --to-destination "$WG_CLIENT_IP" iptables -t nat -A PREROUTING -i "$SERVER_INT" -p tcp --dport "$port" -j DNAT --to-destination "$WG_CLIENT_IP"
iptables -t nat -A POSTROUTING -o wg0 -p tcp --dport "$port" -d "$WG_CLIENT_IP" -j SNAT --to-source "$WG_SERVER_IP" iptables -t nat -A POSTROUTING -o wg0 -p tcp --dport "$port" -d "$WG_CLIENT_IP" -j SNAT --to-source "$WG_SERVER_IP"
ufw allow "$port"/tcp
done done
for port in $udpports; do for port in $udpports; do
iptables -A FORWARD -i "$SERVER_INT" -o wg0 -p udp --dport "$port" -m conntrack --ctstate NEW -j ACCEPT iptables -A FORWARD -i "$SERVER_INT" -o wg0 -p udp --dport "$port" -m conntrack --ctstate NEW -j ACCEPT
iptables -t nat -A PREROUTING -i "$SERVER_INT" -p udp --dport "$port" -j DNAT --to-destination "$WG_CLIENT_IP" iptables -t nat -A PREROUTING -i "$SERVER_INT" -p udp --dport "$port" -j DNAT --to-destination "$WG_CLIENT_IP"
iptables -t nat -A POSTROUTING -o wg0 -p udp --dport "$port" -d "$WG_CLIENT_IP" -j SNAT --to-source "$WG_SERVER_IP" iptables -t nat -A POSTROUTING -o wg0 -p udp --dport "$port" -d "$WG_CLIENT_IP" -j SNAT --to-source "$WG_SERVER_IP"
ufw allow "$port"/udp
done done
fi fi
@ -30,18 +28,13 @@ iptables_setup() {
iptables -D FORWARD -i "$SERVER_INT" -o wg0 -p tcp --syn --dport "$port" -m conntrack --ctstate NEW -j ACCEPT iptables -D FORWARD -i "$SERVER_INT" -o wg0 -p tcp --syn --dport "$port" -m conntrack --ctstate NEW -j ACCEPT
iptables -t nat -D PREROUTING -i "$SERVER_INT" -p tcp --dport "$port" -j DNAT --to-destination "$WG_CLIENT_IP" iptables -t nat -D PREROUTING -i "$SERVER_INT" -p tcp --dport "$port" -j DNAT --to-destination "$WG_CLIENT_IP"
iptables -t nat -D POSTROUTING -o wg0 -p tcp --dport "$port" -d "$WG_CLIENT_IP" -j SNAT --to-source "$WG_SERVER_IP" iptables -t nat -D POSTROUTING -o wg0 -p tcp --dport "$port" -d "$WG_CLIENT_IP" -j SNAT --to-source "$WG_SERVER_IP"
ufw deny "$port"/tcp
done done
for port in $udpports; do for port in $udpports; do
iptables -D FORWARD -i "$SERVER_INT" -o wg0 -p udp --dport "$port" -m conntrack --ctstate NEW -j ACCEPT iptables -D FORWARD -i "$SERVER_INT" -o wg0 -p udp --dport "$port" -m conntrack --ctstate NEW -j ACCEPT
iptables -t nat -D PREROUTING -i "$SERVER_INT" -p udp --dport "$port" -j DNAT --to-destination "$WG_CLIENT_IP" iptables -t nat -D PREROUTING -i "$SERVER_INT" -p udp --dport "$port" -j DNAT --to-destination "$WG_CLIENT_IP"
iptables -t nat -D POSTROUTING -o wg0 -p udp --dport "$port" -d "$WG_CLIENT_IP" -j SNAT --to-source "$WG_SERVER_IP" iptables -t nat -D POSTROUTING -o wg0 -p udp --dport "$port" -d "$WG_CLIENT_IP" -j SNAT --to-source "$WG_SERVER_IP"
ufw deny "$port"/udp
done done
fi fi
ufw reload
return 0
} }
[ "$1" = "up" ] && iptables_setup up && exit 0 [ "$1" = "up" ] && iptables_setup up && exit 0
@ -75,8 +68,8 @@ PrivateKey = ${SERVER_PRV_KEY}
ListenPort = 55107 ListenPort = 55107
Address = 10.0.0.1/24 Address = 10.0.0.1/24
PostUp = /opt/bypasscgnat/bypasscgnat.sh up PostUp = /opt/bypasscgnat.sh up
PostDown = /opt/bypasscgnat/bypasscgnat.sh down PostDown = /opt/bypasscgnat.sh down
[Peer] [Peer]
PublicKey = ${CLIENT_PUB_KEY} PublicKey = ${CLIENT_PUB_KEY}