-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathLazyTunnel.sh
161 lines (135 loc) · 4.81 KB
/
LazyTunnel.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
#!/bin/bash
# Function to print characters with delay
print_with_delay() {
text="$1"
delay="$2"
for ((i = 0; i < ${#text}; i++)); do
echo -n "${text:$i:1}"
sleep $delay
done
echo
}
# Introduction animation
print_with_delay "LazyTunnel by DEATHLINE | @NamelesGhoul" 0.1
SERVICE_FILE="/etc/systemd/system/iptables.service"
IP_FILE="/root/ip.txt"
SCRIPT_FILE="/root/LazyTunnel.sh"
HOSTS_FILE="/etc/hosts"
# Function to download the script
download_script() {
curl -fsSL -o "${SCRIPT_FILE}" https://raw.githubusercontent.com/deathline94/LazyTunnel/main/LazyTunnel.sh
chmod +x "${SCRIPT_FILE}"
}
# Function to get the current SSH port
get_ssh_port() {
ssh_port=$(grep -E "^Port " /etc/ssh/sshd_config | awk '{print $2}')
if [ -z "$ssh_port" ]; then
ssh_port=22
fi
echo "Detected SSH port: $ssh_port"
}
# Function to install IPTables rules and set up service
install() {
# Get current SSH port
get_ssh_port
# Ask user whether to tunnel all ports or specific ports
read -p "Do you want to tunnel all ports (excluding SSH port $ssh_port)? [y/n]: " tunnel_all
if [[ "$tunnel_all" == "y" || "$tunnel_all" == "Y" ]]; then
tunnel_all_ports=true
else
tunnel_all_ports=false
read -p "Please enter the ports you want to tunnel, separated by spaces (e.g., 80 443 1194): " user_ports
# Convert user_ports into an array
IFS=' ' read -r -a ports_array <<< "$user_ports"
fi
# Check and update /etc/hosts
hostname=$(hostname)
if ! grep -q "127.0.0.1 ${hostname}" "${HOSTS_FILE}"; then
echo "127.0.0.1 ${hostname}" >> "${HOSTS_FILE}"
echo "Added 127.0.0.1 ${hostname} to ${HOSTS_FILE}"
fi
# Enable IP forwarding
sysctl -w net.ipv4.ip_forward=1
# Get mainland IP address
mainland_ip=$(curl -s https://api.ipify.org)
echo "Mainland IP Address (automatically detected): ${mainland_ip}"
read -p "Foreign IP Address: " foreign_ip
# Save IP addresses to file
echo "${mainland_ip}" > "${IP_FILE}"
echo "${foreign_ip}" >> "${IP_FILE}"
echo "${ssh_port}" >> "${IP_FILE}"
# Flush existing IPTables rules
iptables -F
iptables -t nat -F
# Set up IPTables rules for TCP, UDP, and ICMP
if [ "$tunnel_all_ports" = true ]; then
# Exclude SSH port from forwarding
iptables -t nat -A PREROUTING -p tcp --dport "$ssh_port" -j DNAT --to-destination "${mainland_ip}"
iptables -t nat -A PREROUTING -p tcp -j DNAT --to-destination "${foreign_ip}"
iptables -t nat -A PREROUTING -p udp -j DNAT --to-destination "${foreign_ip}"
iptables -t nat -A PREROUTING -p icmp -j DNAT --to-destination "${foreign_ip}"
else
# Forward only specified ports for TCP, UDP, and also allow ICMP
for port in "${ports_array[@]}"; do
if [ "$port" != "$ssh_port" ]; then
iptables -t nat -A PREROUTING -p tcp --dport "$port" -j DNAT --to-destination "${foreign_ip}"
iptables -t nat -A PREROUTING -p udp --dport "$port" -j DNAT --to-destination "${foreign_ip}"
else
# Exclude SSH port
iptables -t nat -A PREROUTING -p tcp --dport "$ssh_port" -j DNAT --to-destination "${mainland_ip}"
fi
done
# Ensure SSH port is forwarded to mainland IP
if [[ ! " ${ports_array[@]} " =~ " ${ssh_port} " ]]; then
iptables -t nat -A PREROUTING -p tcp --dport "$ssh_port" -j DNAT --to-destination "${mainland_ip}"
fi
fi
# Always forward ICMP (for ping, etc.)
iptables -t nat -A PREROUTING -p icmp -j DNAT --to-destination "${foreign_ip}"
# Set up POSTROUTING for TCP, UDP, and ICMP
iptables -t nat -A POSTROUTING -j MASQUERADE
# Create and enable systemd service
echo "[Unit]
Description=Persistent IPTables NAT rules
Before=network.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/iptables-restore /etc/iptables/rules.v4
ExecReload=/usr/sbin/iptables-restore /etc/iptables/rules.v4
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target" | sudo tee "${SERVICE_FILE}" > /dev/null
# Save IPTables rules to a file
mkdir -p /etc/iptables
iptables-save > /etc/iptables/rules.v4
sudo systemctl enable iptables > /dev/null 2>&1
sudo systemctl start iptables
echo "Installation complete."
}
# Function to uninstall IPTables rules and remove service
uninstall() {
echo "Uninstalling..."
# Read IP addresses from file
mainland_ip=$(sed -n '1p' "${IP_FILE}")
foreign_ip=$(sed -n '2p' "${IP_FILE}")
ssh_port=$(sed -n '3p' "${IP_FILE}")
# Flush IPTables rules
iptables -F
iptables -t nat -F
# Stop and disable the service
sudo systemctl stop iptables
sudo systemctl disable iptables > /dev/null 2>&1
# Remove service file, IP file, and IPTables rules file
sudo rm -f "${SERVICE_FILE}"
sudo rm -f "${IP_FILE}"
sudo rm -f "${SCRIPT_FILE}"
sudo rm -f /etc/iptables/rules.v4
echo "Uninstallation complete."
}
# Main script logic
if [[ "$1" == "uninstall" ]]; then
uninstall
else
download_script
install
fi