Last active
April 2, 2025 03:17
-
-
Save kuguma/26c080563febcf845b2eebf83a316b8a to your computer and use it in GitHub Desktop.
map-e scripts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat >/root/mape-auto-restart.sh << 'EOF' | |
| #!/bin/bash | |
| run_mape_setup_script() { | |
| if ping6 -c 1 google.com > /dev/null 2>&1; then | |
| echo "ping6 google.com was successful." | |
| /root/mape-setup.sh | |
| echo "mape setup." | |
| else | |
| echo "ping6 google.com failed." | |
| fi | |
| } | |
| while true | |
| do | |
| if ! ip link show ip6tnl1 > /dev/null 2>&1; then | |
| echo "ip6tnl1 does not exist. Detects setting reset." | |
| run_mape_setup_script | |
| fi | |
| if ! iptables -t nat -L UBIOS_POSTROUTING_USER_HOOK -n -v | grep -q -E "TCPMSS.*tcp.*"; then | |
| echo "The custom NAT rule is missing. Detects setting reset." | |
| run_mape_setup_script | |
| fi | |
| sleep 5 | |
| done | |
| EOF | |
| chmod +x /root/mape-auto-restart.sh; | |
| cat >/etc/systemd/system/mape-auto-restart.service <<'EOF' | |
| [Unit] | |
| After=sockets.target network-online.target | |
| Description=mape setup and auto restart service | |
| [Service] | |
| User=root | |
| ExecStart=/bin/bash /root/mape-auto-restart.sh | |
| [Install] | |
| WantedBy=multi-user.target | |
| EOF | |
| systemctl daemon-reload; | |
| systemctl enable mape-auto-restart; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # UDM-SEでmap-eをがんばるスクリプト | |
| # ver 2024-06-02 | |
| # 以下は https://ipv4.web.fc2.com/map-e.html で計算。 | |
| BR=XXXX::XXXX::XXXX::XXXX::XX | |
| CE=XXXX::XXXX::XXXX::XXXX::XXXX::XXXX::XXXX::XXXX | |
| IPv4=XXX.XXX.XXX.XXX | |
| MAPE_PORT_RANGES=( | |
| ... | |
| ) | |
| # LAN1-8がeth0..eth7 WANがeth8 | |
| # ip6tnl1は新しく作成するトンネル(ip6tnl0はデフォルトで存在する) | |
| WANDEV=eth8 TUNDEV=ip6tnl1 | |
| sleep 3 | |
| # 既存ルールを全て削除 | |
| # ルール番号を抽出し、逆順にして(つまり大きい番号から)forで回して削除 | |
| rule_numbers=$(iptables -t nat -L UBIOS_POSTROUTING_USER_HOOK --line-numbers | grep -E "TCPMSS|SNAT" | awk '{print $1}' | tac) | |
| for num in $rule_numbers; do | |
| iptables -t nat -D UBIOS_POSTROUTING_USER_HOOK $num | |
| done | |
| ip -6 addr add "$CE" dev "$WANDEV" | |
| ip -6 tunnel add "$TUNDEV" mode ip4ip6 remote "$BR" local "$CE" dev "$WANDEV" encaplimit none | |
| ip link set dev "$TUNDEV" mtu 1454 up | |
| ip -4 route add default dev "$TUNDEV" | |
| # MPEポート範囲の振り分けルール。 | |
| # UBIOSの制約でiptablesのmoduleはすべて使えず、mangle系は動かない。tcも使えない機能が多すぎるので力技で手動振り分けになっている。 | |
| # -iで入力元デバイスを指定してもマッチしなかった。別の名前になっている可能性があるが-j LOGがそもそも使えなかった。 | |
| # ルールは下にあるほど先に処理されるので、上にいくほど汎用的なルールになっていればOK。 | |
| # MSSは1414でLINE含めてだいたいつながるはずだが、1400まで下げる必要があったというのも見かけるので適宜調整が必要かも。 | |
| iptables -t nat -I UBIOS_POSTROUTING_USER_HOOK -p icmp -o "$TUNDEV" -j SNAT --to "$IPv4:${MAPE_PORT_RANGES[0]}" | |
| iptables -t nat -I UBIOS_POSTROUTING_USER_HOOK -p tcp -o "$TUNDEV" -j SNAT --to "$IPv4:${MAPE_PORT_RANGES[1]}" | |
| iptables -t nat -I UBIOS_POSTROUTING_USER_HOOK -p udp -o "$TUNDEV" -j SNAT --to "$IPv4:${MAPE_PORT_RANGES[2]}" | |
| iptables -t nat -I UBIOS_POSTROUTING_USER_HOOK -p icmp -d 192.0.0.0/2 -o "$TUNDEV" -j SNAT --to "$IPv4:${MAPE_PORT_RANGES[3]}" | |
| iptables -t nat -I UBIOS_POSTROUTING_USER_HOOK -p tcp -d 192.0.0.0/2 -o "$TUNDEV" -j SNAT --to "$IPv4:${MAPE_PORT_RANGES[4]}" | |
| iptables -t nat -I UBIOS_POSTROUTING_USER_HOOK -p udp -d 192.0.0.0/2 -o "$TUNDEV" -j SNAT --to "$IPv4:${MAPE_PORT_RANGES[5]}" | |
| iptables -t nat -I UBIOS_POSTROUTING_USER_HOOK -p icmp -d 128.0.0.0/2 -o "$TUNDEV" -j SNAT --to "$IPv4:${MAPE_PORT_RANGES[6]}" | |
| iptables -t nat -I UBIOS_POSTROUTING_USER_HOOK -p tcp -d 128.0.0.0/2 -o "$TUNDEV" -j SNAT --to "$IPv4:${MAPE_PORT_RANGES[7]}" | |
| iptables -t nat -I UBIOS_POSTROUTING_USER_HOOK -p udp -d 128.0.0.0/2 -o "$TUNDEV" -j SNAT --to "$IPv4:${MAPE_PORT_RANGES[8]}" | |
| iptables -t nat -I UBIOS_POSTROUTING_USER_HOOK -p icmp -d 64.0.0.0/2 -o "$TUNDEV" -j SNAT --to "$IPv4:${MAPE_PORT_RANGES[9]}" | |
| iptables -t nat -I UBIOS_POSTROUTING_USER_HOOK -p tcp -d 64.0.0.0/2 -o "$TUNDEV" -j SNAT --to "$IPv4:${MAPE_PORT_RANGES[10]}" | |
| iptables -t nat -I UBIOS_POSTROUTING_USER_HOOK -p udp -d 64.0.0.0/2 -o "$TUNDEV" -j SNAT --to "$IPv4:${MAPE_PORT_RANGES[11]}" | |
| iptables -t nat -I UBIOS_POSTROUTING_USER_HOOK -p icmp -d 0.0.0.0/2 -o "$TUNDEV" -j SNAT --to "$IPv4:${MAPE_PORT_RANGES[12]}" | |
| iptables -t nat -I UBIOS_POSTROUTING_USER_HOOK -p tcp -d 0.0.0.0/2 -o "$TUNDEV" -j SNAT --to "$IPv4:${MAPE_PORT_RANGES[13]}" | |
| iptables -t nat -I UBIOS_POSTROUTING_USER_HOOK -p udp -d 0.0.0.0/2 -o "$TUNDEV" -j SNAT --to "$IPv4:${MAPE_PORT_RANGES[14]}" | |
| iptables -t nat -I UBIOS_POSTROUTING_USER_HOOK -p tcp -o "$TUNDEV" --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1414 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://zenn.dev/kaixaoki/articles/fa6d849482964a