Add vps-config.sh

vps-config.sh

@@ -0,0 +1,125 @@
+#!/bin/bash
+
+# VPS Network Configuration Script
+# This script configures the VPS to handle game server traffic
+
+# Color codes for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m'
+
+# Configuration variables
+TAILSCALE_INTERFACE="tailscale0"
+WAN_INTERFACE="eth0"  # Change if different
+UNRAID_TAILSCALE_IP="YOUR_UNRAID_TAILSCALE_IP"  # Replace with your Unraid's Tailscale IP
+
+# Function to check if script is run as root
+check_root() {
+    if [ "$EUID" -ne 0 ]; then
+        echo -e "${RED}Error: This script must be run as root${NC}"
+        exit 1
+    fi
+}
+
+# Function to check if Tailscale is installed
+check_tailscale() {
+    if ! command -v tailscale &> /dev/null; then
+        echo -e "${RED}Error: Tailscale is not installed${NC}"
+        exit 1
+    fi
+}
+
+# Function to configure iptables
+configure_iptables() {
+    echo -e "${YELLOW}Configuring iptables rules...${NC}"
+    
+    # Clear existing rules
+    iptables -F
+    iptables -t nat -F
+    
+    # Set default policies
+    iptables -P INPUT DROP
+    iptables -P FORWARD DROP
+    iptables -P OUTPUT ACCEPT
+    
+    # Allow established connections
+    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+    
+    # Allow Tailscale traffic
+    iptables -A INPUT -i $TAILSCALE_INTERFACE -j ACCEPT
+    iptables -A FORWARD -i $TAILSCALE_INTERFACE -j ACCEPT
+    
+    # UDP Ports
+    for port in 8766 8767 16261 19132; do
+        iptables -A INPUT -p udp --dport $port -j ACCEPT
+        iptables -A FORWARD -p udp --dport $port -j ACCEPT
+        iptables -t nat -A PREROUTING -p udp --dport $port -j DNAT --to-destination $UNRAID_TAILSCALE_IP
+    done
+    
+    # TCP Port Ranges
+    iptables -A INPUT -p tcp -m multiport --dports 16262,27015:27050,25500:25600 -j ACCEPT
+    iptables -A FORWARD -p tcp -m multiport --dports 16262,27015:27050,25500:25600 -j ACCEPT
+    iptables -t nat -A PREROUTING -p tcp -m multiport --dports 16262,27015:27050,25500:25600 -j DNAT --to-destination $UNRAID_TAILSCALE_IP
+    
+    # Allow SSH (adjust port if needed)
+    iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+    
+    # Enable masquerading
+    iptables -t nat -A POSTROUTING -o $WAN_INTERFACE -j MASQUERADE
+    
+    echo -e "${GREEN}iptables rules configured successfully${NC}"
+}
+
+# Function to configure routing
+configure_routing() {
+    echo -e "${YELLOW}Configuring routing...${NC}"
+    
+    # Enable IP forwarding
+    echo 1 > /proc/sys/net/ipv4/ip_forward
+    sysctl -w net.ipv4.ip_forward=1
+    
+    echo -e "${GREEN}Routing configured successfully${NC}"
+}
+
+# Function to make settings persistent
+make_persistent() {
+    echo -e "${YELLOW}Making settings persistent...${NC}"
+    
+    # Save iptables rules
+    if command -v iptables-save &> /dev/null; then
+        mkdir -p /etc/iptables
+        iptables-save > /etc/iptables/rules.v4
+        
+        # Ensure rules are restored on boot
+        if [ -f /etc/network/if-pre-up.d/iptables ]; then
+            echo '#!/bin/sh' > /etc/network/if-pre-up.d/iptables
+            echo "iptables-restore < /etc/iptables/rules.v4" >> /etc/network/if-pre-up.d/iptables
+            chmod +x /etc/network/if-pre-up.d/iptables
+        fi
+    fi
+    
+    # Ensure IP forwarding is enabled on boot
+    if ! grep -q "net.ipv4.ip_forward=1" /etc/sysctl.conf; then
+        echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
+    fi
+}
+
+# Main execution
+main() {
+    echo -e "${YELLOW}Starting VPS network configuration...${NC}"
+    
+    check_root
+    check_tailscale
+    configure_iptables
+    configure_routing
+    make_persistent
+    
+    echo -e "${GREEN}VPS network configuration completed successfully${NC}"
+    echo -e "${YELLOW}Please test your game server connectivity${NC}"
+}
+
+# Run main function
+main
+
+exit 0