No description
| README.md | ||
| tailscale-forward.sh | ||
Tailscale NAT Configuration Script
Overview
This script automates the configuration of NAT (Network Address Translation) rules for Tailscale networking, providing an interactive interface to set up port forwarding and network routing between your local network and Tailscale devices.
Features
Core Functionality
- Interactive configuration of NAT and port forwarding rules
- Automatic backup of existing iptables rules
- Support for both default and custom port configurations
- Preservation of essential services (SSH, Tailscale UDP)
- Automatic IP forwarding configuration
- Integration with iptables-persistent for rule persistence
Key Components
- Automatic Backup System: Creates timestamped backups before making any changes
- Port Preservation: Maintains access to critical services while forwarding other traffic
- Tailscale Integration: Specifically designed to work with Tailscale networking
- Error Handling: Comprehensive error checking with automatic rollback on failure
Prerequisites
- Root access required
- Linux system with iptables
- Tailscale installed and configured
iptables-persistentpackage (will be installed if missing)
Usage
Running the Script
sudo ./script.sh
Interactive Configuration Steps
-
Source IP Selection
- Choose from available network interfaces
- Option to enter a custom IP address
- Automatic interface detection
-
Target Tailscale IP Selection
- Lists available Tailscale devices
- Option to enter custom Tailscale IP
- Automatic device name detection
-
Port Configuration
- Default ports (SSH TCP 22, Tailscale UDP 41641)
- Custom port configuration option
- Separate TCP and UDP port preservation
-
Configuration Review
- Displays selected configuration
- Shows source and target details
- Lists preserved ports
- Confirmation prompt before applying changes
Default Port Configuration
- TCP Port: 22 (SSH)
- UDP Port: 41641 (Tailscale)
Safety Features
Backup System
- Creates timestamped backups before changes
- Automatic rollback on failure
- Maintains backup history in
/etc/iptables/backup/
Error Handling
- Comprehensive error checking
- Automatic configuration rollback
- Detailed error messages
- Verification of applied rules
Technical Details
NAT Configuration
- DNAT (Destination NAT) for incoming traffic
- SNAT (Source NAT) for outgoing traffic
- Masquerade rules for subnet handling
- Special handling for Tailscale subnet (100.64.0.0/10)
Firewall Rules
- Forward chain configuration
- State tracking for connections
- ICMP handling
- Interface-specific rules
File Locations
- Backup Directory:
/etc/iptables/backup/ - Main Rules File:
/etc/iptables/rules.v4 - Sysctl Configuration:
/etc/sysctl.d/99-tailscale.conf
Troubleshooting
Common Issues
-
Permission Denied
- Run the script as root (sudo)
- Check file permissions
-
Port Conflicts
- Verify port availability
- Check existing port forwarding rules
-
Connection Issues
- Verify IP forwarding is enabled
- Check Tailscale connection status
- Verify interface names and IPs
Recovery
- Use automatic backup restoration
- Manual restore from
/etc/iptables/backup/ - Reset to default configuration
Contributing
Please ensure any contributions maintain:
- Comprehensive error handling
- Automatic backup functionality
- Clear user interaction
- Proper documentation
Security Notes
- Always review configuration before applying
- Keep backup files secure
- Regularly verify port forwarding rules
- Monitor system logs for unusual activity
_____ _ _ ____ _ ____ _ _
|_ _|_ _(_) / ___| ___ __ _| | ___ / ___|| |_ __ _ ___| | __
| |/ _` | | \___ \ / __/ _` | |/ _ \ \___ \| __/ _` |/ __| |/ /
| | (_| | | |___) | (_| (_| | | __/ ___) | || (_| | (__| <
|_|\__,_|_|_|____/ \___\__,_|_|\___| |____/ \__\__,_|\___|_|\_\