2 # I, Ian Kelling, follow the GNU license recommendations at
3 # https://www.gnu.org/licenses/license-recommendations.en.html. They
4 # recommend that small programs, < 300 lines, be licensed under the
5 # Apache License 2.0. This file contains or is part of one or more small
6 # programs. If a small program grows beyond 300 lines, I plan to switch
9 # Copyright 2024 Ian Kelling
11 # Licensed under the Apache License, Version 2.0 (the "License");
12 # you may not use this file except in compliance with the License.
13 # You may obtain a copy of the License at
15 # http://www.apache.org/licenses/LICENSE-2.0
17 # Unless required by applicable law or agreed to in writing, software
18 # distributed under the License is distributed on an "AS IS" BASIS,
19 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 # See the License for the specific language governing permissions and
21 # limitations under the License.
25 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
26 m
() { printf "%s\n" "$*"; "$@"; }
32 # wait up to 10 seconds for the gateway to appear
33 for ((i
=0; i
<10; i
++)); do
34 gw
=$
(/usr
/sbin
/ip route |
sed -rn 's/^default via .* dev (\S+).*/\1/p')
41 echo $0: error
: couldnt
find gateway interface
in 10 seconds
>&2
47 m
/sbin
/iptables
-t nat
$cmd PREROUTING
-i $gw -p tcp
-m tcp
--dport $port -j DNAT
--to-destination 10.8.0.4
48 m
/sbin
/ip6tables
-t nat
$cmd PREROUTING
-i $gw -p tcp
-m tcp
--dport $port -j DNAT
--to-destination 2600:3c00
:e002
:3800::4
50 # for bk to talk to MAIL_HOST, only need port 25.
51 ip6tables
-t nat
$cmd PREROUTING
-i $ifname -s 2600:3c00
:e002
:3800::5 -d 2600:3c00
:e000
:280::2 -p tcp
-m tcp
--dport 25 -j DNAT
--to-destination 2600:3c00
:e002
:3800::4
52 # we could leave these on all the time but its convenient to do it here
53 m
/sbin
/iptables
$cmd FORWARD
-i $ifname -o $gw -j ACCEPT
54 m
/sbin
/iptables
$cmd FORWARD
-i $gw -o $ifname -j ACCEPT
58 /sbin
/iptables
-t nat
$cmd POSTROUTING
-s 10.8.0.0/24 -o $gw -j MASQUERADE
59 /sbin
/ip6tables
-t nat
$cmd POSTROUTING
-s 2600:3c00
:e002
:3800::/64 -o $gw -j MASQUERADE
68 do-forward
-A ${ports[@]}
71 do-forward
-D ${ports[@]}
74 echo "$0: error: expected 1 argument of start or stop"