Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

More simple version of WEBUI routing throug LAN, to allow box forward… #140

Open
wants to merge 2 commits into
base: focal
Choose a base branch
from
Open

More simple version of WEBUI routing throug LAN, to allow box forward… #140

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b8e14d2
More simple version of WEBUI routing throug LAN, to allow box forward…
warrenberberd Sep 17, 2022
350219d
Test webui table existancy before add
warrenberberd Nov 19, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
91 changes: 53 additions & 38 deletions qbittorrent/iptables.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,24 +39,39 @@ if [[ "${DEBUG}" == "true" ]]; then
fi

# check we have iptable_mangle, if so setup fwmark
lsmod | grep iptable_mangle
iptable_mangle_exit_code=$?

if [[ $iptable_mangle_exit_code == 0 ]]; then

echo "[info] iptable_mangle support detected, adding fwmark for tables" | ts '%Y-%m-%d %H:%M:%.S'
#lsmod | grep iptable_mangle
#iptable_mangle_exit_code=$?

#if [[ $iptable_mangle_exit_code == 0 ]]; then
#
# echo "[info] iptable_mangle support detected, adding fwmark for tables" | ts '%Y-%m-%d %H:%M:%.S'
#
# # setup route for qbittorrent webui using set-mark to route traffic for port 8080 to eth0
# if [ -z "${WEBUI_PORT}" ]; then
# echo "8080 webui" >> /etc/iproute2/rt_tables
# else
# echo "${WEBUI_PORT} webui" >> /etc/iproute2/rt_tables
# fi
#
# ip rule add fwmark 1 table webui
# ip route add default via ${DEFAULT_GATEWAY} table webui
#
#fi

# Default port for WEB_UI
[ -z "${WEBUI_PORT}" ] && WEBUI_PORT="8080"

if ! grep "webui" /etc/iproute2/rt_tables > /dev/null;then
echo "[info] Setup route table for webui" | ts '%Y-%m-%d %H:%M:%.S'
echo "${WEBUI_PORT} webui" >> /etc/iproute2/rt_tables
fi

# setup route for qbittorrent webui using set-mark to route traffic for port 8080 to eth0
if [ -z "${WEBUI_PORT}" ]; then
echo "8080 webui" >> /etc/iproute2/rt_tables
else
echo "${WEBUI_PORT} webui" >> /etc/iproute2/rt_tables
fi

ip rule add fwmark 1 table webui
ip route add default via ${DEFAULT_GATEWAY} table webui
ip route flush table ${WEBUI_PORT}
ip route add ${LAN_NETWORK} dev eth0 table ${WEBUI_PORT}
ip route add default via ${DEFAULT_GATEWAY} dev eth0 table ${WEBUI_PORT}

fi
ip rule add dport ${WEBUI_PORT} table ${WEBUI_PORT}
ip rule add sport ${WEBUI_PORT} table ${WEBUI_PORT}

# identify docker bridge interface name (probably eth0)
docker_interface=$(netstat -ie | grep -vE "lo|tun|tap" | sed -n '1!p' | grep -P -o -m 1 '^[\w]+')
Expand Down Expand Up @@ -99,13 +114,13 @@ iptables -A INPUT -s "${docker_network_cidr}" -d "${docker_network_cidr}" -j ACC
iptables -A INPUT -i eth0 -p $VPN_PROTOCOL --sport $VPN_PORT -j ACCEPT

# accept input to qbittorrent webui port
if [ -z "${WEBUI_PORT}" ]; then
iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 8080 -j ACCEPT
else
#if [ -z "${WEBUI_PORT}" ]; then
# iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
# iptables -A INPUT -i eth0 -p tcp --sport 8080 -j ACCEPT
#else
iptables -A INPUT -i eth0 -p tcp --dport ${WEBUI_PORT} -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport ${WEBUI_PORT} -j ACCEPT
fi
#fi

# accept input to qbittorrent daemon port - used for lan access
if [ -z "${INCOMING_PORT}" ]; then
Expand Down Expand Up @@ -141,27 +156,27 @@ iptables -A OUTPUT -s "${docker_network_cidr}" -d "${docker_network_cidr}" -j AC
iptables -A OUTPUT -o eth0 -p $VPN_PROTOCOL --dport $VPN_PORT -j ACCEPT

# if iptable mangle is available (kernel module) then use mark
if [[ $iptable_mangle_exit_code == 0 ]]; then

# accept output from qBittorrent webui port - used for external access
if [ -z "${WEBUI_PORT}" ]; then
iptables -t mangle -A OUTPUT -p tcp --dport 8080 -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -p tcp --sport 8080 -j MARK --set-mark 1
else
iptables -t mangle -A OUTPUT -p tcp --dport ${WEBUI_PORT} -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -p tcp --sport ${WEBUI_PORT} -j MARK --set-mark 1
fi

fi
#if [[ $iptable_mangle_exit_code == 0 ]]; then
#
# # accept output from qBittorrent webui port - used for external access
# if [ -z "${WEBUI_PORT}" ]; then
# iptables -t mangle -A OUTPUT -p tcp --dport 8080 -j MARK --set-mark 1
# iptables -t mangle -A OUTPUT -p tcp --sport 8080 -j MARK --set-mark 1
# else
# iptables -t mangle -A OUTPUT -p tcp --dport ${WEBUI_PORT} -j MARK --set-mark 1
# iptables -t mangle -A OUTPUT -p tcp --sport ${WEBUI_PORT} -j MARK --set-mark 1
# fi
#
#fi

# accept output from qBittorrent webui port - used for lan access
if [ -z "${WEBUI_PORT}" ]; then
iptables -A OUTPUT -o eth0 -p tcp --dport 8080 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 8080 -j ACCEPT
else
#if [ -z "${WEBUI_PORT}" ]; then
# iptables -A OUTPUT -o eth0 -p tcp --dport 8080 -j ACCEPT
# iptables -A OUTPUT -o eth0 -p tcp --sport 8080 -j ACCEPT
#else
iptables -A OUTPUT -o eth0 -p tcp --dport ${WEBUI_PORT} -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport ${WEBUI_PORT} -j ACCEPT
fi
#fi

# accept output to qBittorrent daemon port - used for lan access
if [ -z "${INCOMING_PORT}" ]; then
Expand Down