aboutsummaryrefslogtreecommitdiffstats
path: root/Scripts/setup_tap_wireless_int.sh
diff options
context:
space:
mode:
Diffstat (limited to 'Scripts/setup_tap_wireless_int.sh')
-rw-r--r--Scripts/setup_tap_wireless_int.sh75
1 files changed, 75 insertions, 0 deletions
diff --git a/Scripts/setup_tap_wireless_int.sh b/Scripts/setup_tap_wireless_int.sh
new file mode 100644
index 0000000..03aa2f9
--- /dev/null
+++ b/Scripts/setup_tap_wireless_int.sh
@@ -0,0 +1,75 @@
+#!/bin/bash
+
+# Find the wireless interface
+WIRELESS=$(iwconfig 2>/dev/null | awk '/IEEE 802.11/ {print $1; exit}')
+
+BRIDGE=br0
+NETWORK=10.10.10.0
+NETMASK=255.255.255.0
+GATEWAY=10.10.10.1
+DHCPRANGE=10.10.10.100,10.10.10.254
+
+# Create the bridge interface
+ip link add $BRIDGE type bridge
+ip link set dev $BRIDGE up
+
+# Assign an IP address to the bridge interface
+ip addr add dev $BRIDGE $GATEWAY/$NETMASK
+
+# Enable IP forwarding
+sysctl -w net.ipv4.ip_forward=1 > /dev/null 2>&1
+
+# Flush existing iptables rules and set default policies to ACCEPT
+iptables --flush
+iptables -t nat -F
+iptables -X
+iptables -Z
+iptables -P OUTPUT ACCEPT
+iptables -P INPUT ACCEPT
+iptables -P FORWARD ACCEPT
+
+# Allow DHCP and DNS traffic on the bridge interface
+iptables -A INPUT -i $BRIDGE -p tcp -m tcp --dport 67 -j ACCEPT
+iptables -A INPUT -i $BRIDGE -p udp -m udp --dport 67 -j ACCEPT
+iptables -A INPUT -i $BRIDGE -p tcp -m tcp --dport 53 -j ACCEPT
+iptables -A INPUT -i $BRIDGE -p udp -m udp --dport 53 -j ACCEPT
+
+# Allow forwarding of packets between the bridge and the network
+iptables -A FORWARD -i $BRIDGE -o $BRIDGE -j ACCEPT
+iptables -A FORWARD -s $NETWORK/$NETMASK -i $BRIDGE -j ACCEPT
+iptables -A FORWARD -d $NETWORK/$NETMASK -o $BRIDGE -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+# Accept packets from the bridge interface with source and destination within the network
+# to prevent masquerading of bridged frames/packets
+iptables -t nat -A POSTROUTING -s $NETWORK/$NETMASK -d $NETWORK/$NETMASK -j ACCEPT
+
+# Perform network address translation (NAT) for packets from the network
+iptables -t nat -A POSTROUTING -s $NETWORK/$NETMASK -j MASQUERADE
+
+# Configure dnsmasq as the DHCP and DNS server for the bridge interface
+dns_cmd=(
+ dnsmasq
+ --strict-order
+ --except-interface=lo
+ --interface=$BRIDGE
+ --listen-address=$GATEWAY
+ --bind-interfaces
+ --dhcp-range=$DHCPRANGE
+ --conf-file=""
+ --pid-file=/var/run/qemu-dnsmasq-$BRIDGE.pid
+ --dhcp-leasefile=/var/run/qemu-dnsmasq-$BRIDGE.leases
+ --dhcp-no-override
+)
+
+# Execute the dnsmasq command
+echo ${dns_cmd[@]} | bash
+
+# Allow traffic from the bridge interface to the wireless interface
+iptables -A FORWARD -i $BRIDGE -o $WIRELESS -j ACCEPT
+
+# Perform masquerading for outgoing packets on the wireless interface
+iptables -t nat -A POSTROUTING -o $WIRELESS -j MASQUERADE
+
+# Allow known traffic from the wireless interface to return to the bridge interface
+iptables -A FORWARD -i $WIRELESS -o $BRIDGE -m state --state RELATED,ESTABLISHED -j ACCEPT
+