152 lines
No EOL
4.9 KiB
Bash
152 lines
No EOL
4.9 KiB
Bash
#!/bin/bash
|
|
|
|
# Unraid Network Configuration Script
|
|
# This script configures game server routing through Tailscale
|
|
|
|
# Color codes for output
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
NC='\033[0m'
|
|
|
|
# Configuration variables
|
|
TAILSCALE_INTERFACE="tailscale1"
|
|
WAN_INTERFACE="br0"
|
|
VPS_IP="YOUR_VPS_IP" # Replace with your Dallas VPS public IP
|
|
GAME_SUBNET="172.17.0.0/16" # docker0 network
|
|
|
|
# Function to check if script is run as root
|
|
check_root() {
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo -e "${RED}Error: This script must be run as root${NC}"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
# Function to check if Tailscale is installed
|
|
check_tailscale() {
|
|
if ! command -v tailscale &> /dev/null; then
|
|
echo -e "${RED}Error: Tailscale is not installed${NC}"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
# Function to fix routing
|
|
fix_routing() {
|
|
echo -e "${YELLOW}Fixing routing table...${NC}"
|
|
|
|
# Delete any conflicting default routes
|
|
ip route del default 2>/dev/null
|
|
ip route del 0.0.0.0/0 dev tailscale1 2>/dev/null
|
|
ip route del 0.0.0.0/0 dev wg0 2>/dev/null
|
|
|
|
# Get default gateway from br0
|
|
local DEFAULT_GATEWAY=$(ip route | grep br0 | grep default | awk '{print $3}')
|
|
|
|
# Set up main routing
|
|
ip route add default via $DEFAULT_GATEWAY dev br0
|
|
|
|
# Add specific route only for game traffic to VPS through Tailscale
|
|
ip route add $VPS_IP via $(ip route | grep tailscale1 | awk '{print $1}') dev tailscale1
|
|
|
|
# Ensure WireGuard routes are preserved
|
|
if ip link show wg0 >/dev/null 2>&1; then
|
|
# Get WireGuard IP and add its routes back
|
|
local WG_IP=$(ip -4 addr show wg0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
|
|
if [ ! -z "$WG_IP" ]; then
|
|
ip route add $WG_IP dev wg0 scope link
|
|
fi
|
|
fi
|
|
|
|
# Save the routing configuration
|
|
echo "#!/bin/bash" > /boot/config/routing.sh
|
|
echo "ip route del default 2>/dev/null" >> /boot/config/routing.sh
|
|
echo "ip route del 0.0.0.0/0 dev tailscale1 2>/dev/null" >> /boot/config/routing.sh
|
|
echo "ip route del 0.0.0.0/0 dev wg0 2>/dev/null" >> /boot/config/routing.sh
|
|
echo "ip route add default via $DEFAULT_GATEWAY dev br0" >> /boot/config/routing.sh
|
|
echo "ip route add $VPS_IP via \$(ip route | grep tailscale1 | awk '{print \$1}') dev tailscale1" >> /boot/config/routing.sh
|
|
if [ ! -z "$WG_IP" ]; then
|
|
echo "ip route add $WG_IP dev wg0 scope link" >> /boot/config/routing.sh
|
|
fi
|
|
chmod +x /boot/config/routing.sh
|
|
|
|
echo -e "${GREEN}Routing table fixed successfully${NC}"
|
|
}
|
|
|
|
# Function to configure iptables
|
|
configure_iptables() {
|
|
echo -e "${YELLOW}Configuring iptables rules...${NC}"
|
|
|
|
# Clear existing rules
|
|
iptables -F
|
|
iptables -t nat -F
|
|
|
|
# Set default policies
|
|
iptables -P INPUT ACCEPT
|
|
iptables -P FORWARD ACCEPT
|
|
iptables -P OUTPUT ACCEPT
|
|
|
|
# Allow established connections
|
|
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
|
|
|
# UDP Ports for game servers
|
|
for port in 8766 8767 16261 19132; do
|
|
iptables -A INPUT -p udp --dport $port -j ACCEPT
|
|
iptables -A FORWARD -p udp --dport $port -j ACCEPT
|
|
done
|
|
|
|
# TCP Port ranges for game servers
|
|
iptables -A INPUT -p tcp -m multiport --dports 16262,27015:27050,25500:25600 -j ACCEPT
|
|
iptables -A FORWARD -p tcp -m multiport --dports 16262,27015:27050,25500:25600 -j ACCEPT
|
|
|
|
# Route game subnet traffic through Tailscale
|
|
iptables -t nat -A POSTROUTING -s $GAME_SUBNET -d $VPS_IP -o $TAILSCALE_INTERFACE -j MASQUERADE
|
|
|
|
# Allow other Docker traffic through br0
|
|
iptables -t nat -A POSTROUTING -o $WAN_INTERFACE -j MASQUERADE
|
|
|
|
echo -e "${GREEN}iptables rules configured successfully${NC}"
|
|
}
|
|
|
|
# Function to make settings persistent
|
|
make_persistent() {
|
|
echo -e "${YELLOW}Making settings persistent...${NC}"
|
|
|
|
# Save iptables rules
|
|
mkdir -p /boot/config/iptables
|
|
iptables-save > /boot/config/iptables/rules.v4
|
|
|
|
# Create restore script
|
|
echo "#!/bin/bash" > /boot/config/iptables/restore.sh
|
|
echo "iptables-restore < /boot/config/iptables/rules.v4" >> /boot/config/iptables/restore.sh
|
|
chmod +x /boot/config/iptables/restore.sh
|
|
|
|
# Add to go script if not already present
|
|
if ! grep -q "/boot/config/routing.sh" /boot/config/go; then
|
|
echo "/boot/config/routing.sh" >> /boot/config/go
|
|
fi
|
|
if ! grep -q "/boot/config/iptables/restore.sh" /boot/config/go; then
|
|
echo "/boot/config/iptables/restore.sh" >> /boot/config/go
|
|
fi
|
|
|
|
echo -e "${GREEN}Settings made persistent${NC}"
|
|
}
|
|
|
|
# Main execution
|
|
main() {
|
|
echo -e "${YELLOW}Starting Unraid network configuration...${NC}"
|
|
|
|
check_root
|
|
check_tailscale
|
|
fix_routing
|
|
configure_iptables
|
|
make_persistent
|
|
|
|
echo -e "${GREEN}Network configuration completed successfully${NC}"
|
|
echo -e "${YELLOW}Please test your docker containers and game server connectivity${NC}"
|
|
}
|
|
|
|
# Run main function
|
|
main
|
|
|
|
exit 0 |