Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| selfhost:router [2024/01/18 09:35] – created willy | selfhost:router [2024/02/08 17:29] (current) – removed willy | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Home Router ====== | ||
| - | |||
| - | a PC with more than one ethernet devices: | ||
| - | * LAN: interface for internal network (10.0.0.1/ | ||
| - | * WAN1: interface for main internet access (192.168.1.10/ | ||
| - | * WAN2: interface for secondary internet access (192.168.0.10/ | ||
| - | * MOBILE: emergency interface for internet access (192.168.42.10/ | ||
| - | |||
| - | |||
| - | This script: | ||
| - | <file bash 01-nat.start> | ||
| - | #!/bin/bash | ||
| - | |||
| - | source / | ||
| - | |||
| - | LAN=enp0s31f6 # internal network | ||
| - | WAN= | ||
| - | WAN_IP= | ||
| - | WAN_GW= | ||
| - | |||
| - | if [ " | ||
| - | then | ||
| - | echo NOTICE: enabled demo mode | ||
| - | fi | ||
| - | |||
| - | if [ " | ||
| - | then | ||
| - | WAN=enp59s0u2u4c2 | ||
| - | WAN_IP=192.168.1.10 | ||
| - | WAN_GW=192.168.1.254 | ||
| - | elif [ " | ||
| - | then | ||
| - | WAN=enp0s20f0u4u4c2 | ||
| - | WAN_IP=192.168.0.10 | ||
| - | WAN_GW=192.168.0.1 | ||
| - | elif [ " | ||
| - | then | ||
| - | WAN=enp0s20f0u5u3 | ||
| - | WAN_IP= | ||
| - | WAN_GW=192.168.42.129 | ||
| - | else | ||
| - | echo ERROR: invalid value of \" | ||
| - | echo mode must me one of: " | ||
| - | exit 255 | ||
| - | fi | ||
| - | |||
| - | if [ " | ||
| - | then | ||
| - | echo invalid selection | ||
| - | exit 254 | ||
| - | fi | ||
| - | |||
| - | echo Extracting $WAN details... | ||
| - | if [ " | ||
| - | then | ||
| - | WAN_IP=$(ip -f inet addr show $WAN | grep -Po 'inet \K[\d.]+' | ||
| - | fi | ||
| - | echo Will use $WAN with SNAT to $WAN_IP and default gateway $WAN_GW | ||
| - | |||
| - | echo Flushing tables clean... | ||
| - | $D iptables -F | ||
| - | $D iptables -F -t nat | ||
| - | $D iptables -F -t mangle | ||
| - | |||
| - | echo Setting up security... | ||
| - | $D iptables -A INPUT -m state --state ESTABLISHED, | ||
| - | $D iptables -A INPUT -m state --state NEW -i $LAN -j ACCEPT | ||
| - | $D iptables -P INPUT DROP | ||
| - | |||
| - | echo Enabling SNAT to $mode | ||
| - | $D iptables -t nat -A POSTROUTING -o $WAN -j SNAT --to $WAN_IP | ||
| - | |||
| - | echo Enabling IP forwarding... | ||
| - | echo 1 > / | ||
| - | |||
| - | echo Removing old default route... | ||
| - | $D ip route del to default | ||
| - | |||
| - | echo Setting up new default route... | ||
| - | $D ip route add default dev $WAN | ||
| - | |||
| - | echo 'All done!' | ||
| - | </ | ||
| - | |||
| - | With following config file under **/ | ||
| - | <file txt nat> | ||
| - | # Valid for mode= fastweb|vodafone|mobile | ||
| - | mode=mobile | ||
| - | # unset this to actually do something: | ||
| - | D=echo | ||
| - | </ | ||
| - | |||