-
Notifications
You must be signed in to change notification settings - Fork 0
/
x86 Arch Router Iptables.txt
61 lines (48 loc) · 2.4 KB
/
x86 Arch Router Iptables.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# Enterprise x86 Arch Router Iptables Configurations
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -t nat -F
iptables -t nat -X REDSOCKS
iptables -t nat -N REDSOCKS
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 45.89.228.109 -j RETURN
iptables -t nat -A REDSOCKS -d 2.56.240.163 -j RETURN
iptables -t nat -A REDSOCKS -p tcp -o wlp0s29f7u4 -j DNAT --to 127.0.0.1:12345
iptables -t nat -A REDSOCKS -p tcp -o enp4s0 -j DNAT --to 127.0.0.1:12345
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner root -j RETURN
iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner vpn -j RETURN
iptables -t nat -A OUTPUT -p tcp -j REDSOCKS
# Accept INPUT and FOWARD on every interface
iptables -A INPUT -i enp2s0 -j ACCEPT
iptables -A INPUT -i enp3s0 -j ACCEPT
iptables -A INPUT -i enp4s0 -j ACCEPT
iptables -A INPUT -i enp5s0 -j ACCEPT
iptables -A INPUT -i enp6s0 -j ACCEPT
iptables -A INPUT -i enp7s0 -j ACCEPT
iptables -A INPUT -i wlp0s29f7u4 -j ACCEPT
iptables -A FORWARD -i enp2s0 -j ACCEPT
iptables -A FORWARD -i enp3s0 -j ACCEPT
iptables -A FORWARD -i enp4s0 -j ACCEPT
iptables -A FORWARD -i enp5s0 -j ACCEPT
iptables -A FORWARD -i enp6s0 -j ACCEPT
iptables -A FORWARD -i enp7s0 -j ACCEPT
iptables -A FORWARD -i wlp0s29f7u4 -j ACCEPT
# Enable NAT Masquerade for direct outgoing interfaces
iptables -t nat -A POSTROUTING -o enp4s0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o wlp0s29f7u4 -j MASQUERADE
iptables -t nat -A POSTROUTING -o enp7s0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o enp6s0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o enp5s0 -j MASQUERADE
# Redirect Client input to REDSOCKS
iptables -t nat -A PREROUTING -p tcp -i enp7s0 -j REDSOCKS
iptables -t nat -A PREROUTING -p tcp -i enp6s0 -j REDSOCKS
iptables -t nat -A PREROUTING -p tcp -i enp5s0 -j REDSOCKS
echo "redsocks iptables configured";