X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=wrt-setup-remote;h=effae75b72b5fa2ea120fd4c889ed77bf14a379a;hb=7815dd8b158226f7186bf987d270b4f824902555;hp=12f65673433294436ce3dc8b59c40bc123fc0d34;hpb=a8ec695d6a39792133a21e9eca70e69f9fab107b;p=automated-distro-installer

diff --git a/wrt-setup-remote b/wrt-setup-remote
index 12f6567..effae75 100755
--- a/wrt-setup-remote
+++ b/wrt-setup-remote
@@ -4,7 +4,7 @@ set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
 h=root@192.168.1.1
-scp /a/bin/fai/wrt-setup /a/bin/bash-programs-by-ian/repos/cedit/cedit $h:/usr/bin
+scp /a/bin/fai/wrt-setup /a/bin/cedit/cedit $h:/usr/bin
 ssh $h <<'EOF'
 if ! opkg list-installed|grep bash; then
     opkg update
@@ -12,3 +12,40 @@ if ! opkg list-installed|grep bash; then
 fi
 wrt-setup
 EOF
+
+if ! ssh wrt test -e /etc/openvpn/client.key; then
+    /a/bin/vpn-setup/vpn-mk-client-cert do wrt
+    sleep 10 # wait for connection before we try to ssh
+fi
+
+
+ssh do bash <<'EOFOUTER'
+set -eE -o pipefail
+old_rules="$(iptables -t nat -S PREROUTING)"
+iptables -t nat -F PREROUTING
+
+rm -rf /root/port-forwards
+for port in 63324 63326; do
+for proto in udp tcp; do
+echo iptables -t nat -A PREROUTING -i eth0 -p $proto -m $proto --dport $port -j DNAT --to-destination 10.8.0.6:$port >> /root/port-forwards
+done
+done
+chmod +x /root/port-forwards
+
+sudo dd of=/etc/systemd/system/myport-forward.service <<EOF
+[Unit]
+Description=Turns on port forwarding rules
+
+[Service]
+Type=oneshot
+ExecStart=/root/port-forwards
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl daemon-reload # needed if the file was already there
+systemctl enable myport-forward.service
+
+/root/port-forwards
+diff <(echo "$old_rules") <(iptables -t nat -S PREROUTING) ||:
+EOFOUTER