https://github.com/garywill/linux-router Skip to content Sign up * Why GitHub? Features - + Mobile - + Actions - + Codespaces - + Packages - + Security - + Code review - + Issues - + Integrations - + GitHub Sponsors - + Customer stories- * Team * Enterprise * Explore + Explore GitHub - Learn and contribute + Topics - + Collections - + Trending - + Learning Lab - + Open source guides - Connect with others + The ReadME Project - + Events - + Community forum - + GitHub Education - + GitHub Stars program - * Marketplace * Pricing Plans - + Compare plans - + Contact Sales - + Education - [ ] * # In this repository All GitHub | Jump to | * No suggested jump to results * # In this repository All GitHub | Jump to | * # In this user All GitHub | Jump to | * # In this repository All GitHub | Jump to | Sign in Sign up {{ message }} garywill / linux-router Public * Notifications * Star 319 * Fork 41 Set Linux as router in one command. Support Internet sharing, redsocks, Wifi hotspot, IPv6. Can also be used for routing VM/ containers LGPL-2.1 License 319 stars 41 forks Star Notifications * Code * Issues 10 * Pull requests 1 * Actions * Projects 0 * Wiki * Security * Insights More * Code * Issues * Pull requests * Actions * Projects * Wiki * Security * Insights master Switch branches/tags [ ] Branches Tags Could not load branches Nothing to show {{ refName }} default View all branches Could not load tags Nothing to show {{ refName }} default View all tags 2 branches 2 tags Code * Clone HTTPS GitHub CLI [https://github.com/g] Use Git or checkout with SVN using the web URL. [gh repo clone garywi] Work fast with our official CLI. Learn more. * Open with GitHub Desktop * Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio Code Your codespace will open once ready. There was a problem preparing your codespace, please try again. Latest commit @garywill garywill Version 0.6.3. Tested nftables ... 2468b5a Aug 29, 2021 Version 0.6.3. Tested nftables Stop judging xt_comment by lsmod, which wasn't reliable Users who want to disable iptables comment should set env var 2468b5a Git stats * 25 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time LICENSE Truncate history Aug 31, 2018 NOTICE Truncate history Aug 31, 2018 README.md Version 0.6.3. Tested nftables Aug 29, 2021 lnxrouter Version 0.6.3. Tested nftables Aug 29, 2021 View code [ ] Linux-router Features Useful in these situations Usage Provide Internet to an interface Provide an interface's Internet to another interface Create Wifi hotspot LAN without Internet Internet for LXC Transparent proxy Clients-in-sandbox network Use as transparent proxy for LXD To not use profile Use as transparent proxy for VirtualBox Use as transparent proxy for firejail CLI usage and other features Dependencies TODO Meet author(s) and maintainer(s) and become one of them README.md Linux-router Set Linux as router in one command. Able to Provide Internet, or create Wifi hotspot. Support transparent proxy (redsocks). Also useful for routing VM/containers. It wraps iptables, dnsmasq etc. stuff. Use in one command, restore in one command or by control-c (or even by closing terminal window). More tools and projects | Buy me a coffee Features Basic features: * Create a NATed sub-network * Provide Internet * DHCP server and RA * DNS server * IPv6 (behind NATed LAN, like IPv4) * Creating Wifi hotspot: + Channel selecting + Choose encryptions: WPA2/WPA, WPA2, WPA, No encryption + Create AP on the same interface you are getting Internet (require same channel) * Transparent proxy (redsocks) * DNS proxy * Compatible with NetworkManager (automatically set interface as unmanaged) For many other features, see below CLI usage Useful in these situations Internet----(eth0/wlan0)-Linux-(wlanX)AP |--client |--client Internet Wifi AP(no DHCP) | |----(wlan1)-Linux-(eth0/wlan0)------ | (DHCP) |--client |--client Internet Switch | |---(eth1)-Linux-(eth0/wlan0)-------- |--client |--client Internet----(eth0/wlan0)-Linux-(eth1)------Another PC Internet----(eth0/wlan0)-Linux-(virtual interface)-----VM/container Usage Provide Internet to an interface sudo lnxrouter -i eth1 Provide an interface's Internet to another interface sudo lnxrouter -i eth1 -o vpn0 --dhcp-dns 1.1.1.1 -6 --dhcp-dns6 [2606:4700:4700::1111] Read Notice 1 Create Wifi hotspot sudo lnxrouter --ap wlan0 MyAccessPoint -p MyPassPhrase LAN without Internet sudo lnxrouter -n -i eth1 sudo lnxrouter -n --ap wlan0 MyAccessPoint -p MyPassPhrase Read Notice 1 Internet for LXC Create a bridge sudo brctl addbr lxcbr5 In LXC container config lxc.network.type = veth lxc.network.flags = up lxc.network.link = lxcbr5 lxc.network.hwaddr = xx:xx:xx:xx:xx:xx sudo lnxrouter -i lxcbr5 Transparent proxy For example through Tor sudo lnxrouter -i eth1 --tp 9040 --dns 9053 -g 192.168.55.1 --p6 fd00:5:6:7:: In torrc TransPort 192.168.55.1:9040 DNSPort 192.168.55.1:9053 TransPort [fd00:5:6:7::1]:9040 DNSPort [fd00:5:6:7::1]:9053 Clients-in-sandbox network To not give our infomation to clients. Clients can still access Internet. sudo lnxrouter -i eth1 \ --tp 9040 --dns 9053 \ --random-mac \ --ban-priv \ --catch-dns --log-dns # optional This script comes with no warrenty, use on your own risk Use as transparent proxy for LXD Create a bridge sudo brctl addbr lxdbr5 Create and add a new LXD profile overriding container's eth0 lxc profile create profile5 lxc profile edit profile5 ### profile content ### config: {} description: "" devices: eth0: name: eth0 nictype: bridged parent: lxdbr5 type: nic name: profile5 lxc profile add profile5 sudo lnxrouter -i lxdbr5 --tp 9040 --dns 9053 To remove that new profile from container lxc profile remove profile5 To not use profile Add new eth0 to container overriding default eth0 lxc config device add eth0 nic name=eth0 nictype=bridged parent=lxdbr5 To remove the customized eth0 to restore default eth0 lxc config device remove eth0 Use as transparent proxy for VirtualBox In VirtualBox's global settings, create a host-only network vboxnet5 with DHCP disabled. sudo lnxrouter -i vboxnet5 --tp 9040 --dns 9053 Use as transparent proxy for firejail Create a bridge sudo brctl addbr firejail5 sudo lnxrouter -i firejail5 -g 192.168.55.1 --tp 9040 --dns 9053 firejail --net=firejail5 --dns=192.168.55.1 --blacklist=/var/run/nscd CLI usage and other features Usage: lnxrouter Options: -h, --help Show this help --version Print version number -i Interface to make NATed sub-network, and to provide Internet to (To create Wifi hotspot use '--ap' instead) -o Specify an inteface to provide Internet from. (Note using this with default DNS option may leak queries to other interfaces) -n Do not provide Internet (See Notice 1) --ban-priv Disallow clients to access my private network -g This host's IPv4 address in subnet (mask is /24) (example: '192.168.5.1' or '5' shortly) -6 Enable IPv6 (NAT) --no4 Disable IPv4 Internet (not forwarding IPv4) (See Notice 1). Usually used with '-6' --p6 Set IPv6 LAN address prefix (length 64) (example: 'fd00:0:0:5::' or '5' shortly) Using this enables '-6' --dns || DNS server's upstream DNS. Use ',' to seperate multiple servers (default: use /etc/resolve.conf) (Note IPv6 addresses need '[]' around) --no-dns Do not serve DNS --no-dnsmasq Disable dnsmasq server (DHCP, DNS, RA) --catch-dns Transparent DNS proxy, redirect packets(TCP/UDP) whose destination port is 53 to this host --log-dns Show DNS query log --dhcp-dns |no Set IPv4 DNS offered by DHCP (default: this host) --dhcp-dns6 |no Set IPv6 DNS offered by DHCP (RA) (default: this host) (Note IPv6 addresses need '[]' around) --hostname DNS server associate this name with this host. Use '-' to read name from /etc/hostname -d DNS server will take into account /etc/hosts -e DNS server will take into account additional hosts file --mac Set MAC address --random-mac Use random MAC address --tp Transparent proxy, redirect non-LAN TCP and UDP traffic to port. (usually used with '--dns') Wifi hotspot options: --ap Create Wifi access point -p, --password Wifi password --qr Show Wifi QR code in terminal --hidden Hide access point (not broadcast SSID) --no-virt Do not create virtual interface Using this you can't use same wlan interface for both Internet and AP -c Channel number (default: 1) --country Set two-letter country code for regularity (example: US) --freq-band Set frequency band: 2.4 or 5 (default: 2.4) --driver Choose your WiFi adapter driver (default: nl80211) -w '2' for WPA2, '1' for WPA, '1+2' for both (default: 2) --psk Use 64 hex digits pre-shared-key instead of passphrase --mac-filter Enable Wifi hotspot MAC address filtering --mac-filter-accept Location of Wifi hotspot MAC address filter list (defaults to /etc/hostapd/hostapd.accept) --hostapd-debug 1 or 2. Passes -d or -dd to hostapd --isolate-clients Disable wifi communication between clients --ieee80211n Enable IEEE 802.11n (HT) --ieee80211ac Enable IEEE 802.11ac (VHT) --ht_capab HT capabilities (default: [HT40+]) --vht_capab VHT capabilities --no-haveged Do not run haveged automatically when needed Instance managing: --daemon Run in background -l, --list-running Show running instances --lc, --list-clients List clients of an instance. Or list neighbors of an interface, even if it isn't handled by us. (passive mode) --stop Stop a running instance For you can use PID or subnet interface name. You can get them with '--list-running' Notice 1: This script assume your host's default policy won't forward packets, so the script won't explictly ban forwarding in any mode. In some unexpected case may cause unwanted packets leakage between 2 networks, which you should be aware of if you want isolated network These changes to system will not be restored by script's cleanup: 1. /proc/sys/net/ipv4/ip_forward = 1 and /proc/sys/net/ipv6/conf /all/forwarding = 1 2. dnsmasq (if used) in Apparmor complain mode 3. hostapd (if used) in Apparmor complain mode 4. Kernel module nf_nat_pptp loaded 5. The wifi device which is used to create hotspot is rfkill unblocked 6. Wifi country code, if user specified Dependencies * bash * procps or procps-ng * iproute2 * dnsmasq * iptables (or nftables with iptables-nft translation linked) * WiFi hotspot dependencies + hostapd + iw + iwconfig (you only need this if 'iw' can not recognize your adapter) + haveged (optional) + qrencode (optional) TODO * WPA3 * Global IPv6 * Explictly ban forwarding if not needed * Bring bridging method back Meet author(s) and maintainer(s) and become one of them Visit my homepage to see more tools and projects. Buy me a coffee , this project took me lots of time! (Da Shang Yi Ge !) ( ^_^) oZi Zi o (^_^ ) Bisides, thank create_ap by oblique. This script was forked from create_ap. Now they are quite different. (See history branch for how I modified create_ap). Also thank those who contributed to that project. You can be contributor, too! There're some TO-DOs listed, at both above and in the code file. Your name ban be here! About Set Linux as router in one command. Support Internet sharing, redsocks, Wifi hotspot, IPv6. Can also be used for routing VM/ containers Topics linux router ipv6 nat gateway access-point wifi-hotspot transparent-proxy redsocks internet-sharing nated-wifi-access-point ipv6-subnetting create-ap Resources Readme License LGPL-2.1 License Releases 2 0.6.2 Latest Aug 22, 2021 + 1 release Packages 0 No packages published Languages * Shell 100.0% * (c) 2021 GitHub, Inc. * Terms * Privacy * Security * Status * Docs * Contact GitHub * Pricing * API * Training * Blog * About You can't perform that action at this time. You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.