etc/Synology/Galaxy_NAT.sh

   1 #!/bin/bash
   2
   3 #
   4 # Change this variable to match your private network.
   5 #
   6 PRIVATE_NETWORK="172.99.0.0/16"
   7
   8 #
   9 # Change this variable to match your public interface - either eth0 or eth1
  10 #
  11 PUBLIC_INTERFACE="eth0"
  12
  13 #
  14 # Set PATH to find iptables
  15 #
  16 #PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/syno/sbin:/usr/syno/bin
  17
  18 #
  19 # Module list where KERNEL_MODULES_NAT are defined.
  20 #
  21 #IPTABLES_MODULE_LIST="/usr/syno/etc/iptables_modules_list"
  22 IPTABLES_MODULE_LIST="/usr/syno/etc.defaults/iptables_modules_list"
  23 #source "${IPTABLES_MODULE_LIST}"
  24
  25 #
  26 # My service name - let's make sure we don't conflict with synology
  27 #
  28 SERVICE="Galaxy_NAT"
  29
  30 #
  31 # iptable binary
  32 #
  33 IPTABLES="/sbin/iptables"
  34
  35 BIN_IPTABLESTOOL="/usr/syno/bin/iptablestool"
  36 BIN_SYNOMODULETOOL="/usr/syno/bin/synomoduletool"
  37
  38 reverse_modules() {
  39         local modules=$1
  40         local mod
  41         local ret=""
  42         for mod in $modules; do
  43             ret="$mod $ret"
  44         done
  45         echo $ret
  46 }
  47
  48 # Based on /volume1/@appstore/VPNCenter/scripts/accel-pppd.sh
  49 NAT_Mod=""
  50 if [ -f "${IPTABLES_MODULE_LIST}" ]; then
  51         source ${IPTABLES_MODULE_LIST}
  52
  53         for mod in $KERNEL_MODULES_CORE; do
  54                 if [ -e "/lib/modules/$mod" ]; then
  55                         NAT_Mod="${NAT_Mod} ${mod}"
  56                 fi
  57         done
  58         for mod in $KERNEL_MODULES_COMMON; do
  59                 if [ -e "/lib/modules/$mod" ]; then
  60                         NAT_Mod="${NAT_Mod} ${mod}"
  61                 fi
  62         done
  63         for mod in $KERNEL_MODULES_NAT; do
  64                 if [ -e "/lib/modules/$mod" ]; then
  65                         NAT_Mod="${NAT_Mod} ${mod}"
  66                 fi
  67         done
  68 else
  69         echo >&2 "[x]Cannot find ${IPTABLES_MODULE_LIST} !"
  70         exit 1
  71 fi
  72
  73 start() {
  74     #
  75     # Log execution time
  76     #
  77     date
  78     #
  79     # Make sure packet forwarding is enabled.
  80     # 'sysctl -w net.ipv4.ip_forward=1' does not work for me
  81     #
  82     echo 1 > /proc/sys/net/ipv4/ip_forward
  83     #
  84     # Count the number of modules so that we can verify if the module
  85     # insertion was successful. We replace whitespaces with newlines
  86     # and count lines.
  87     #
  88     MODULE_COUNT=( ${NAT_Mod} )
  89         MODULE_COUNT=${#MODULE_COUNT[@]}
  90     #
  91     # Load the kernel modules necessary for NAT
  92     #
  93         echo -n "Starting ${SERVICE}: "
  94         if [ -x ${BIN_SYNOMODULETOOL} ]; then
  95                 $BIN_SYNOMODULETOOL --insmod $SERVICE ${NAT_Mod}
  96                 RV=$?
  97         elif [ -x ${BIN_IPTABLESTOOL} ]; then
  98                 $BIN_IPTABLESTOOL --insmod $SERVICE ${NAT_Mod}
  99                 RV=$?
 100         fi
 101     #
 102     # $BIN_SYNOMODULETOOL returns the number of loaded modules as return value
 103     #
 104     [[ "${RV}" == "${MODULE_COUNT}" ]] || {
 105             echo >&2 "Error: Modules were not loaded (${RV},${MODULE_COUNT}). The following command failed:"
 106             echo >&2 "${BIN_SYNOMODULETOOL}" --insmod "${SERVICE}" ${NAT_Mod}
 107             exit 1
 108     }
 109     #
 110     # Turn on NAT.
 111     #
 112         ${IPTABLES} -t nat -F
 113     "${IPTABLES}" -t nat -A POSTROUTING -s "${PRIVATE_NETWORK}" -j MASQUERADE -o "${PUBLIC_INTERFACE}"
 114     RV=$?
 115     [[ "${RV}" == "0" ]] || {
 116             echo >&2 "Error: MASQUERADE rules could not be added. The following command failed:"
 117             echo >&2 "${IPTABLES}" -t nat -A POSTROUTING -s "${PRIVATE_NETWORK}" -j MASQUERADE -o "${PUBLIC_INTERFACE}"
 118                 exit 1
 119         }
 120         #
 121         # Port Forwarding
 122         ${IPTABLES} -t nat -A PREROUTING -p tcp -i eth0 --dport 222 -j DNAT --to-destination 172.99.3.3:22
 123     #
 124     # Log current nat table
 125     #
 126     ${IPTABLES} -L -v -t nat --line-numbers
 127         echo "done."
 128 }
 129 stop() {
 130         local modules=`reverse_modules "${NAT_Mod}"`
 131         echo -n "Shutting down ${SERVICE}: "
 132         # https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules
 133         ${IPTABLES} -P INPUT ACCEPT
 134         ${IPTABLES} -P FORWARD ACCEPT
 135         ${IPTABLES} -P OUTPUT ACCEPT
 136         ${IPTABLES} -t nat -F
 137         ${IPTABLES} -t mangle -F
 138         ${IPTABLES} -F
 139         ${IPTABLES} -X
 140         #echo 0 > /proc/sys/net/ipv4/ip_forward
 141         if [ -x ${BIN_SYNOMODULETOOL} ]; then
 142                 $BIN_SYNOMODULETOOL --rmmod $SERVICE $modules
 143         elif [ -x ${BIN_IPTABLESTOOL} ]; then
 144                 $BIN_IPTABLESTOOL --rmmod $SERVICE $modules
 145         fi
 146         echo "done."
 147 }
 148
 149 case "$1" in
 150         start)
 151                 start
 152         ;;
 153         stop)
 154                 stop
 155         ;;
 156         restart|reload)
 157                 stop
 158                 start
 159         ;;
 160         *)
 161                 echo "Usage: $0 {start|stop|restart}"
 162                 exit 1
 163         ;;
 164 esac
 165 exit $?