diff --git a/vps-config.sh b/vps-config.sh new file mode 100644 index 0000000..1f8724c --- /dev/null +++ b/vps-config.sh @@ -0,0 +1,125 @@ +#!/bin/bash + +# VPS Network Configuration Script +# This script configures the VPS to handle game server traffic + +# Color codes for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +NC='\033[0m' + +# Configuration variables +TAILSCALE_INTERFACE="tailscale0" +WAN_INTERFACE="eth0" # Change if different +UNRAID_TAILSCALE_IP="YOUR_UNRAID_TAILSCALE_IP" # Replace with your Unraid's Tailscale IP + +# Function to check if script is run as root +check_root() { + if [ "$EUID" -ne 0 ]; then + echo -e "${RED}Error: This script must be run as root${NC}" + exit 1 + fi +} + +# Function to check if Tailscale is installed +check_tailscale() { + if ! command -v tailscale &> /dev/null; then + echo -e "${RED}Error: Tailscale is not installed${NC}" + exit 1 + fi +} + +# Function to configure iptables +configure_iptables() { + echo -e "${YELLOW}Configuring iptables rules...${NC}" + + # Clear existing rules + iptables -F + iptables -t nat -F + + # Set default policies + iptables -P INPUT DROP + iptables -P FORWARD DROP + iptables -P OUTPUT ACCEPT + + # Allow established connections + iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT + + # Allow Tailscale traffic + iptables -A INPUT -i $TAILSCALE_INTERFACE -j ACCEPT + iptables -A FORWARD -i $TAILSCALE_INTERFACE -j ACCEPT + + # UDP Ports + for port in 8766 8767 16261 19132; do + iptables -A INPUT -p udp --dport $port -j ACCEPT + iptables -A FORWARD -p udp --dport $port -j ACCEPT + iptables -t nat -A PREROUTING -p udp --dport $port -j DNAT --to-destination $UNRAID_TAILSCALE_IP + done + + # TCP Port Ranges + iptables -A INPUT -p tcp -m multiport --dports 16262,27015:27050,25500:25600 -j ACCEPT + iptables -A FORWARD -p tcp -m multiport --dports 16262,27015:27050,25500:25600 -j ACCEPT + iptables -t nat -A PREROUTING -p tcp -m multiport --dports 16262,27015:27050,25500:25600 -j DNAT --to-destination $UNRAID_TAILSCALE_IP + + # Allow SSH (adjust port if needed) + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + + # Enable masquerading + iptables -t nat -A POSTROUTING -o $WAN_INTERFACE -j MASQUERADE + + echo -e "${GREEN}iptables rules configured successfully${NC}" +} + +# Function to configure routing +configure_routing() { + echo -e "${YELLOW}Configuring routing...${NC}" + + # Enable IP forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + sysctl -w net.ipv4.ip_forward=1 + + echo -e "${GREEN}Routing configured successfully${NC}" +} + +# Function to make settings persistent +make_persistent() { + echo -e "${YELLOW}Making settings persistent...${NC}" + + # Save iptables rules + if command -v iptables-save &> /dev/null; then + mkdir -p /etc/iptables + iptables-save > /etc/iptables/rules.v4 + + # Ensure rules are restored on boot + if [ -f /etc/network/if-pre-up.d/iptables ]; then + echo '#!/bin/sh' > /etc/network/if-pre-up.d/iptables + echo "iptables-restore < /etc/iptables/rules.v4" >> /etc/network/if-pre-up.d/iptables + chmod +x /etc/network/if-pre-up.d/iptables + fi + fi + + # Ensure IP forwarding is enabled on boot + if ! grep -q "net.ipv4.ip_forward=1" /etc/sysctl.conf; then + echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf + fi +} + +# Main execution +main() { + echo -e "${YELLOW}Starting VPS network configuration...${NC}" + + check_root + check_tailscale + configure_iptables + configure_routing + make_persistent + + echo -e "${GREEN}VPS network configuration completed successfully${NC}" + echo -e "${YELLOW}Please test your game server connectivity${NC}" +} + +# Run main function +main + +exit 0 \ No newline at end of file