-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtorrentns.sh
executable file
·140 lines (114 loc) · 2.7 KB
/
torrentns.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
#! /bin/sh
# always run as root
[ "$(id -u)" != 0 ] && {
sudo "$0" $*
exit 0
}
NS='vpn0'
GROUP='vpnroute'
EXEC="ip netns exec $NS"
#W_GROUP="sudo -g $GROUP"
OVPN_PIDF='/tmp/ovpn.pid'
case $1 in
up)
pgrep openvpn && killall openvpn
# add virtual interfaces
ip link add veth0 type veth peer name veth1
# add namespace
ip netns add $NS
# link vif to namespace
ip link set veth1 netns $NS
ip addr add 10.10.1.1/24 dev veth0
# internal to namespace vif up
$EXEC ip link set veth1 up
ip link set veth0 up
# add working ip to namespace vif
$EXEC ip addr add 10.10.1.2/24 dev veth1
# routing in namespace
$EXEC ip route add default via 10.10.1.1 dev veth1
mkdir -p /etc/netns/$NS
echo 'nameserver 1.1.1.1' | tee /etc/netns/$NS/resolv.conf
sysctl -w net.ipv4.ip_forward=1
# antispoofing
iptables -A INPUT -i eth0 -s 10.10.1.0/24 -j DROP
iptables -t nat -A PREROUTING \
-p tcp \
-i eth0 \
--dport 9091 \
-j DNAT \
--to-destination 10.10.1.2:9091
iptables -A FORWARD \
-p tcp \
-m state --state NEW,ESTABLISHED,RELATED \
-s 192.168.1.0/24 \
-d 192.168.1.10 \
-i eth0 \
-o veth0 \
-j ACCEPT
iptables -t nat -A POSTROUTING \
-p tcp \
-j MASQUERADE
$EXEC iptables -A OUTPUT \
-m owner \
--gid-owner vpnroute \
-d 10.10.1.1 \
-o veth1 \
-j ACCEPT
$EXEC iptables -A OUTPUT \
-m owner \
--gid-owner vpnroute \
\! -o tun0 \
-j REJECT
[ -f "$OVPN_PIDF" ] && rm $OVPN_PIDF
#SERVER=$(/home/robi/.local/bin/shuff_nordvpn.sh)
SERVER=it205.nordvpn.com.tcp.ovpn
TRANSMISSION_SCRIPT='/home/robi/.local/bin/torrentmanage.sh'
$EXEC openvpn \
--config /etc/openvpn/ovpn_tcp/${SERVER} \
--auth-user-pass /etc/openvpn/auth \
--script-security 2 \
--route-up "$TRANSMISSION_SCRIPT" \
--route-pre-down "$TRANSMISSION_SCRIPT" \
--writepid "$OVPN_PIDF" \
--daemon
;;
down)
iptables -D INPUT -i eth0 -s 10.10.1.0/24 -j DROP
iptables -t nat -D PREROUTING \
-p tcp \
-i eth0 \
--dport 9091 \
-j DNAT \
--to-destination 10.10.1.2:9091
iptables -D FORWARD \
-p tcp \
-m state --state NEW,ESTABLISHED,RELATED \
-s 192.168.1.0/24 \
-d 192.168.1.10 \
-i eth0 \
-o veth0 \
-j ACCEPT
iptables -t nat -D POSTROUTING \
-p tcp \
-j MASQUERADE
$EXEC iptables -D OUTPUT \
-m owner \
--gid-owner vpnroute \
-d 10.10.1.1 \
-o veth1 \
-j ACCEPT
$EXEC iptables -D OUTPUT \
-m owner \
--gid-owner vpnroute \
\! -o tun0 \
-j REJECT
[ -f "$OVPN_PIDF" ] && kill "$(cat $OVPN_PIDF)"
pgrep transmission-daemon && killall transmission-daemon
ip link set veth0 down
ip link del veth0
ip netns delete $NS
;;
*)
echo "Usage: $0 up|down"
;;
esac