Created
November 2, 2025 16:47
-
-
Save sanfx/f10e145a63509ea90a0d7eef97b32f23 to your computer and use it in GitHub Desktop.
a shell script that includes all the necessary iptables rules, ensures IP forwarding is enabled, and uses your specific WiFi interface, wlan1 or tun0 when vpn is active.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # --- Configuration --- | |
| WIFI_IFACE="wlan1" | |
| ETHERNET_IFACE="eth0" | |
| VPN_IFACE="tun0" | |
| echo "Starting Raspberry Pi Router Setup..." | |
| echo "Configuring $ETHERNET_IFACE to share internet via $WIFI_IFACE or $VPN_IFACE." | |
| echo "--------------------------------------------------------" | |
| # --- 1. Enable IP Forwarding --- | |
| echo "1. Checking and enabling IP Forwarding..." | |
| if [ "$(sysctl -n net.ipv4.ip_forward)" -ne 1 ]; then | |
| sudo sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward' | |
| # Also uncomment the line below in /etc/sysctl.conf for a permanent system setting: | |
| # net.ipv4.ip_forward=1 | |
| echo " -> IP Forwarding enabled." | |
| else | |
| echo " -> IP Forwarding is already enabled." | |
| fi | |
| # --- 2. Setup NAT (POSTROUTING) Rules --- | |
| # These rules perform Network Address Translation (MASQUERADE). | |
| echo "2. Adding iptables NAT (POSTROUTING) rules..." | |
| # NAT rule for standard internet (VPN OFF) | |
| sudo iptables -t nat -A POSTROUTING -o $WIFI_IFACE -j MASQUERADE | |
| echo " -> NAT rule added for $WIFI_IFACE." | |
| # NAT rule for VPN connection (VPN ON) | |
| sudo iptables -t nat -A POSTROUTING -o $VPN_IFACE -j MASQUERADE | |
| echo " -> NAT rule added for $VPN_IFACE." | |
| # --- 3. Setup FORWARDING Rules --- | |
| # These rules allow traffic to flow between the Ethernet and the WAN interfaces. | |
| echo "3. Adding iptables FORWARDING rules..." | |
| # Rules for $ETHERNET_IFACE <-> $WIFI_IFACE (Non-VPN) | |
| sudo iptables -A FORWARD -i $ETHERNET_IFACE -o $WIFI_IFACE -j ACCEPT | |
| sudo iptables -A FORWARD -i $WIFI_IFACE -o $ETHERNET_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| echo " -> FORWARD rules added for $WIFI_IFACE." | |
| # Rules for $ETHERNET_IFACE <-> $VPN_IFACE (VPN Tunnel) | |
| sudo iptables -A FORWARD -i $ETHERNET_IFACE -o $VPN_IFACE -j ACCEPT | |
| sudo iptables -A FORWARD -i $VPN_IFACE -o $ETHERNET_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| echo " -> FORWARD rules added for $VPN_IFACE." | |
| # --- 4. Install and Save Rules for Persistence --- | |
| echo "4. Installing and saving rules for persistence..." | |
| # Install the persistence package if not already installed | |
| if ! command -v netfilter-persistent &> /dev/null; then | |
| echo " -> Installing iptables-persistent and netfilter-persistent..." | |
| # Note: Using DEBIAN_FRONTEND=noninteractive to avoid interactive prompts during installation | |
| sudo DEBIAN_FRONTEND=noninteractive apt install -y iptables-persistent netfilter-persistent | |
| if [ $? -ne 0 ]; then | |
| echo " -> ERROR: Failed to install persistence packages. Rules will not persist on reboot." | |
| fi | |
| else | |
| echo " -> Persistence packages are already installed." | |
| fi | |
| # Save the currently active iptables rules | |
| echo " -> Saving current iptables rules..." | |
| sudo netfilter-persistent save | |
| echo " -> Rules successfully saved! Configuration will survive reboots." | |
| echo "--------------------------------------------------------" | |
| echo "Setup Complete. Your Raspberry Pi can now share its internet connection with or without the VPN running." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment