iankelling.org Git - automated-distro-installer/blob - wrt-setup-remote

   1 #!/bin/bash
   2
   3 set -eE -o pipefail
   4 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
   5
   6 h=root@192.168.1.1
   7 scp /a/bin/fai/wrt-setup /a/bin/cedit/cedit $h:/usr/bin
   8 ssh $h <<'EOF'
   9 if ! opkg list-installed|grep bash; then
  10     opkg update
  11     opkg install bash
  12 fi
  13 wrt-setup
  14 EOF
  15
  16 if ! ssh wrt test -e /etc/openvpn/client.key; then
  17     /a/bin/vpn-setup/vpn-mk-client-cert do wrt
  18     sleep 10 # wait for connection before we try to ssh
  19 fi
  20
  21
  22 ssh do bash <<'EOFOUTER'
  23 set -eE -o pipefail
  24 old_rules="$(iptables -t nat -S PREROUTING)"
  25 iptables -t nat -F PREROUTING
  26
  27 rm -rf /root/port-forwards
  28 for port in 63324 63326; do
  29 for proto in udp tcp; do
  30 echo iptables -t nat -A PREROUTING -i eth0 -p $proto -m $proto --dport $port -j DNAT --to-destination 10.8.0.6:$port >> /root/port-forwards
  31 done
  32 done
  33 chmod +x /root/port-forwards
  34
  35 sudo dd of=/etc/systemd/system/myport-forward.service <<EOF
  36 [Unit]
  37 Description=Turns on port forwarding rules
  38
  39 [Service]
  40 Type=oneshot
  41 ExecStart=/root/port-forwards
  42
  43 [Install]
  44 WantedBy=multi-user.target
  45 EOF
  46 systemctl daemon-reload # needed if the file was already there
  47 systemctl enable myport-forward.service
  48
  49 /root/port-forwards
  50 diff <(echo "$old_rules") <(iptables -t nat -S PREROUTING) ||:
  51 EOFOUTER