diff options
Diffstat (limited to 'Scripts')
| -rw-r--r-- | Scripts/reset_tap.sh | 22 | ||||
| -rw-r--r-- | Scripts/revert_tap_wireless_int.sh | 53 | ||||
| -rw-r--r-- | Scripts/setup_tap.sh | 84 | ||||
| -rw-r--r-- | Scripts/setup_tap_wireless_int.sh | 75 |
4 files changed, 234 insertions, 0 deletions
diff --git a/Scripts/reset_tap.sh b/Scripts/reset_tap.sh new file mode 100644 index 0000000..d8080cd --- /dev/null +++ b/Scripts/reset_tap.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +if [[ $EUID > 0 ]]; then + echo "Run this script as root" + exit +fi + +BRIDGE="br0" +TAP="tap0" + +echo "Removing bridge $BRIDGE" +ip link delete $BRIDGE type bridge + +echo "Removing tap $TAP" +ip link delete $TAP type tap + +echo "Setting $INTERFACE up" +ip link set up dev $INTERFACE + +echo "Starting NetworkManager" +systemctl start NetworkManager + diff --git a/Scripts/revert_tap_wireless_int.sh b/Scripts/revert_tap_wireless_int.sh new file mode 100644 index 0000000..b23cf3a --- /dev/null +++ b/Scripts/revert_tap_wireless_int.sh @@ -0,0 +1,53 @@ +#!/bin/bash + +BRIDGE=br0 +NETWORK=10.10.10.0 +NETMASK=255.255.255.0 +GATEWAY=10.10.10.1 +DHCPRANGE=10.10.10.100,10.10.10.254 + +# Delete the bridge interface +ip link delete dev $BRIDGE type bridge + +# Disable IP forwarding +sysctl -w net.ipv4.ip_forward=0 > /dev/null 2>&1 + +# Flush existing iptables rules and set default policies to ACCEPT +iptables --flush +iptables -t nat -F +iptables -X +iptables -Z +iptables -P OUTPUT ACCEPT +iptables -P INPUT ACCEPT +iptables -P FORWARD ACCEPT + +# Allow DHCP and DNS traffic on the network interface +iptables -A INPUT -i $BRIDGE -p tcp -m tcp --dport 67 -j ACCEPT +iptables -A INPUT -i $BRIDGE -p udp -m udp --dport 67 -j ACCEPT +iptables -A INPUT -i $BRIDGE -p tcp -m tcp --dport 53 -j ACCEPT +iptables -A INPUT -i $BRIDGE -p udp -m udp --dport 53 -j ACCEPT + +# Allow forwarding of packets between the network and the bridge +iptables -A FORWARD -s $NETWORK/$NETMASK -i $BRIDGE -j ACCEPT +iptables -A FORWARD -d $NETWORK/$NETMASK -o $BRIDGE -m state --state RELATED,ESTABLISHED -j ACCEPT + +# Delete the network address translation (NAT) rules +iptables -t nat -D POSTROUTING -s $NETWORK/$NETMASK -d $NETWORK/$NETMASK -j ACCEPT +iptables -t nat -D POSTROUTING -s $NETWORK/$NETMASK -j MASQUERADE + +# Delete the dnsmasq process +pid_file="/var/run/qemu-dnsmasq-$BRIDGE.pid" +if [ -f "$pid_file" ]; then + kill $(cat "$pid_file") + rm "$pid_file" +fi + +# Remove the wireless interface from the forwarding rules +iptables -D FORWARD -i $BRIDGE -o $WIRELESS -j ACCEPT +iptables -t nat -D POSTROUTING -o $WIRELESS -j MASQUERADE + +# Allow known traffic from the wireless interface to return to the network interface +iptables -D FORWARD -i $WIRELESS -o $BRIDGE -m state --state RELATED,ESTABLISHED -j ACCEPT + +echo "Reverted back to default configuration." + diff --git a/Scripts/setup_tap.sh b/Scripts/setup_tap.sh new file mode 100644 index 0000000..1c71344 --- /dev/null +++ b/Scripts/setup_tap.sh @@ -0,0 +1,84 @@ +#!/bin/bash + +if [[ $EUID > 0 ]]; then + echo "Run this script as root" + exit +fi + +BRIDGE="br0" +TAP="tap0" + +echo "Available network interfaces:" +interfaces=$(ip link | awk -F ': ' '{print $2}') +index=0 + +# Array to store interface names +declare -a interface_names + +# Array to store interface types +declare -a interface_types + +# Loop through each interface and display its type +for interface in $interfaces; do + type=$(ip link show $interface | grep -o 'type .*' | awk '{print $2}') + echo "$index: $interface - $type" + + # Store interface name and type in arrays + interface_names[$index]=$interface + interface_types[$index]=$type + + ((index++)) +done + +# Prompt the user to select an interface +read -p "Enter the number of the interface you want to use: " selection + +# Validate the user's input +if [[ ! $selection =~ ^[0-9]+$ || $selection -lt 0 || $selection -ge $index ]]; then + echo "Invalid selection. Exiting." + exit +fi + +INTERFACE=${interface_names[$selection]} +INTERFACE_TYPE=${interface_types[$selection]} + +echo "Selected interface: $INTERFACE - $INTERFACE_TYPE" + +echo "Adding bridge $BRIDGE" +ip link add name $BRIDGE type bridge + +echo "Flushing interface $INTERFACE" +ip addr flush dev $INTERFACE + +echo "Setting $BRIDGE as master of $INTERFACE" +ip link set $INTERFACE master $BRIDGE + +echo "Adding tap $TAP" +ip tuntap add $TAP mode tap + +echo "Setting $BRIDGE as master of $TAP" +ip link set $TAP master $BRIDGE + +echo "Setting $INTERFACE, $BRIDGE, and $TAP up" +ip link set up dev $INTERFACE +ip link set up dev $TAP +ip link set up dev $BRIDGE + +echo "Stopping NetworkManager" +systemctl stop NetworkManager + +echo "Requesting IP for $BRIDGE" +dhclient -1 -v $BRIDGE + +if [ $? -eq 0 ]; then + echo "Requesting IP for $INTERFACE" + dhclient $INTERFACE + echo "Killing dhclient and starting NetworkManager" + pkill -9 dhclient + systemctl start NetworkManager +fi + +# run qemu with the below arguments +# +# qemu-system-x86_64 -netdev tap,id=net0,ifname=tap0,script=no,downscript=no -device virtio-net-pci,netdev=net0 + diff --git a/Scripts/setup_tap_wireless_int.sh b/Scripts/setup_tap_wireless_int.sh new file mode 100644 index 0000000..03aa2f9 --- /dev/null +++ b/Scripts/setup_tap_wireless_int.sh @@ -0,0 +1,75 @@ +#!/bin/bash + +# Find the wireless interface +WIRELESS=$(iwconfig 2>/dev/null | awk '/IEEE 802.11/ {print $1; exit}') + +BRIDGE=br0 +NETWORK=10.10.10.0 +NETMASK=255.255.255.0 +GATEWAY=10.10.10.1 +DHCPRANGE=10.10.10.100,10.10.10.254 + +# Create the bridge interface +ip link add $BRIDGE type bridge +ip link set dev $BRIDGE up + +# Assign an IP address to the bridge interface +ip addr add dev $BRIDGE $GATEWAY/$NETMASK + +# Enable IP forwarding +sysctl -w net.ipv4.ip_forward=1 > /dev/null 2>&1 + +# Flush existing iptables rules and set default policies to ACCEPT +iptables --flush +iptables -t nat -F +iptables -X +iptables -Z +iptables -P OUTPUT ACCEPT +iptables -P INPUT ACCEPT +iptables -P FORWARD ACCEPT + +# Allow DHCP and DNS traffic on the bridge interface +iptables -A INPUT -i $BRIDGE -p tcp -m tcp --dport 67 -j ACCEPT +iptables -A INPUT -i $BRIDGE -p udp -m udp --dport 67 -j ACCEPT +iptables -A INPUT -i $BRIDGE -p tcp -m tcp --dport 53 -j ACCEPT +iptables -A INPUT -i $BRIDGE -p udp -m udp --dport 53 -j ACCEPT + +# Allow forwarding of packets between the bridge and the network +iptables -A FORWARD -i $BRIDGE -o $BRIDGE -j ACCEPT +iptables -A FORWARD -s $NETWORK/$NETMASK -i $BRIDGE -j ACCEPT +iptables -A FORWARD -d $NETWORK/$NETMASK -o $BRIDGE -m state --state RELATED,ESTABLISHED -j ACCEPT + +# Accept packets from the bridge interface with source and destination within the network +# to prevent masquerading of bridged frames/packets +iptables -t nat -A POSTROUTING -s $NETWORK/$NETMASK -d $NETWORK/$NETMASK -j ACCEPT + +# Perform network address translation (NAT) for packets from the network +iptables -t nat -A POSTROUTING -s $NETWORK/$NETMASK -j MASQUERADE + +# Configure dnsmasq as the DHCP and DNS server for the bridge interface +dns_cmd=( + dnsmasq + --strict-order + --except-interface=lo + --interface=$BRIDGE + --listen-address=$GATEWAY + --bind-interfaces + --dhcp-range=$DHCPRANGE + --conf-file="" + --pid-file=/var/run/qemu-dnsmasq-$BRIDGE.pid + --dhcp-leasefile=/var/run/qemu-dnsmasq-$BRIDGE.leases + --dhcp-no-override +) + +# Execute the dnsmasq command +echo ${dns_cmd[@]} | bash + +# Allow traffic from the bridge interface to the wireless interface +iptables -A FORWARD -i $BRIDGE -o $WIRELESS -j ACCEPT + +# Perform masquerading for outgoing packets on the wireless interface +iptables -t nat -A POSTROUTING -o $WIRELESS -j MASQUERADE + +# Allow known traffic from the wireless interface to return to the bridge interface +iptables -A FORWARD -i $WIRELESS -o $BRIDGE -m state --state RELATED,ESTABLISHED -j ACCEPT + |