458 lines
13 KiB
Plaintext
458 lines
13 KiB
Plaintext
clear
|
|
exit
|
|
clear
|
|
dnf install wireguard-tools neovim caddy
|
|
systemctl enable --now caddy
|
|
systemctl enable --now iptables
|
|
dnf install iptables-services
|
|
systemctl enable --now iptables
|
|
|
|
ls /home/
|
|
ls /home/fedora
|
|
nano /etc/ssh/sshd_config
|
|
nano /etc/wireguard/wg0.conf
|
|
nano /etc/wireguard/home_private.key
|
|
sudo useradd -m -s /bin/bash jawz
|
|
sudo passwd jawz
|
|
sudo usermod -aG wheel jawz
|
|
visudo
|
|
ls
|
|
su jawz
|
|
cat /home/jawz/iptables /etc/sysconfig/iptables
|
|
cat /home/jawz/iptables > /etc/sysconfig/iptables
|
|
cat /home/jawz/iptables-config /etc/sysconfig/iptables-config
|
|
cat /home/jawz/iptables-config > /etc/sysconfig/iptables-config
|
|
sudo systemctl restart iptables.service
|
|
nano /etc/hosts
|
|
ls
|
|
sudoedit /etc/ssh/sshd_config
|
|
ls
|
|
sudo reboot
|
|
mv /home/jawz/Caddyfile.d/ /etc/caddy/
|
|
ls /etc/caddy/
|
|
ls /etc/caddy/ -la
|
|
sudo chown root:root /etc/caddy/Caddyfile -R
|
|
ls /etc/caddy/ -la
|
|
chown root:root -R /etc/caddy/Caddyfile
|
|
ls /etc/caddy/ -la
|
|
chown root:root -R /etc/caddy/Caddyfile.d/
|
|
ls /etc/caddy/ -la
|
|
sudo systemctl restart caddy
|
|
exit
|
|
528491
|
|
clear
|
|
export TERM=xterm-256color
|
|
clear
|
|
sudo iptables -S
|
|
ping google.com
|
|
sudoedit /etc/sysconfig/iptables
|
|
sudo systemctl restart iptables.service
|
|
sudo systemctl restart wg-quick@wg0.service
|
|
sudo iptables -L FORWARD -n -v --line-numbers
|
|
sudoedit /etc/sysconfig/iptables
|
|
sudo systemctl restart iptables.service
|
|
sudoedit /etc/sysconfig/iptables
|
|
sudo systemctl restart iptables.service
|
|
sudoedit /etc/sysconfig/iptables
|
|
sudo iptables-save > /root/iptables-backup-$(date +%s)
|
|
sudo iptables -F FORWARD
|
|
sudo iptables-restore < /tmp/iptables
|
|
sudo iptables -D FORWARD 4
|
|
sudo iptables -S
|
|
sudo systemctl restart iptables.service
|
|
sudo iptables -S
|
|
sudoedit /etc/sysconfig/iptables
|
|
sud nvim /etc/sysconfig/iptables
|
|
sudo nvim /etc/sysconfig/iptables
|
|
sudo systemctl restart iptables.service
|
|
sudo journalctl -xeu iptables
|
|
sudo nvim /etc/sysconfig/iptables
|
|
sudo systemctl restart iptables.service
|
|
sudo systemctl restart caddy
|
|
cd /etc/caddy/Caddyfile.d/
|
|
ls
|
|
mv portfolio.caddyfile portfolio.caddyfile_
|
|
sudo systemctl restart caddy
|
|
sudoedit /etc/wireguard/wg0.conf
|
|
sudo systemctl restart wg-quick@wg0.service
|
|
ping 10.77.0.2:80
|
|
sudoedit /etc/wireguard/wg0.conf
|
|
ping 10.77.0.2
|
|
sudo journalctl -xefu wg-quick@wg0
|
|
ping 10.77.0.2
|
|
ping server
|
|
wg show
|
|
sudoedit /etc/wireguard/wg0.conf
|
|
wg show
|
|
cd /etc/caddy/Caddyfile.d/
|
|
mv portfolio.caddyfile_ portfolio.caddyfile
|
|
mv portfolio.caddyfile portfolio.caddyfile_
|
|
cat /etc/sysconfig/iptables
|
|
sudo nvim /etc/sysconfig/iptables
|
|
sudo systemctl restart iptables.service
|
|
journalctl -xeu iptables
|
|
sudo nvim /etc/sysconfig/iptables
|
|
sudo systemctl restart iptables.service
|
|
sudo iptables -L FORWARD -n -v --line-numbers
|
|
# In one terminal, watch the iptables counters
|
|
sudo watch -n1 'iptables -L FORWARD -n -v --line-numbers'
|
|
export TERM=xterm-256color
|
|
sudo watch -n1 'iptables -L FORWARD -n -v --line-numbers'
|
|
sudo tcpdump -i any icmp -n
|
|
ip addr show wg0
|
|
sudo iptables -I FORWARD 6 -s 10.8.0.0/24 -d 10.77.0.2/32 -p icmp -j ACCEPT
|
|
sudo iptables -I FORWARD 7 -s 10.77.0.2/32 -d 10.8.0.0/24 -p icmp -j ACCEPT
|
|
sudo iptables -L FORWARD -n -v --line-numbers
|
|
sudo iptables-save > /etc/sysconfig/iptables
|
|
nano /etc/wireguard/wg0.conf
|
|
export TERM=xterm-256color
|
|
nano /etc/wireguard/wg0.conf
|
|
systemctl restart wg-quick.target
|
|
systemctl restart wg-quick@wg0
|
|
cat /etc/wireguard/wg0.conf
|
|
sudo nvim /etc/wireguard/wg0.conf
|
|
sudo systemctl restart wg-quick@wg0.service
|
|
wg show
|
|
sudo nvim /etc/wireguard/wg0.conf
|
|
sudo systemctl restart wg-quick@wg0.service
|
|
wg show
|
|
sudo systemctl enable ip6tables
|
|
sudo systemctl disable --now nftables 2>/dev/null || true
|
|
sudo systemctl mask nftables 2>/dev/null || true
|
|
exit
|
|
export TERM=xterm-256color
|
|
sudo nano /etc/sysconfig/iptables
|
|
cd /etc/caddy/Caddyfile.d/
|
|
ls
|
|
cat fun.caddyfile__
|
|
rm fun.caddyfile__
|
|
ls
|
|
nano simple.caddyfile
|
|
export TERM=xterm-256color
|
|
nano simple.caddyfile
|
|
nvim simple.caddyfile
|
|
mv simple.caddyfile servers.caddyfile
|
|
systemctl restart caddy
|
|
ls
|
|
exit
|
|
export TERM=xterm-256color
|
|
cd /etc/caddy/Caddyfile.d/
|
|
nvim servers.caddyfile
|
|
sudo systemctl restart caddy
|
|
journalctl -xeu caddy
|
|
cd /etc/caddy/Caddyfile.d/
|
|
nvim redirect.caddyfile
|
|
sudo systemctl restart caddy
|
|
nvim redirect.caddyfile
|
|
sudo journalctl -u caddy -f
|
|
ls
|
|
nvim redirect.caddyfile
|
|
mv redirect.caddyfile 10-redirect.caddyfile
|
|
nvim 00-allowlist.caddyfile
|
|
mv servers.caddyfile 20-servers.caddyfile
|
|
cd ..
|
|
ls
|
|
nvim Caddyfile
|
|
sudo systemctl restart caddy
|
|
sudo journalctl -u caddy -f
|
|
nvim Caddyfile
|
|
sudo systemctl restart caddy
|
|
nvim Caddyfile
|
|
ls
|
|
cd Caddyfile.d/
|
|
ls
|
|
mv 00-allowlist.caddyfile 00-allowlist.caddyfile_
|
|
mv 10-redirect.caddyfile 10-redirect.caddyfile_
|
|
sudo systemctl restart caddy
|
|
exit
|
|
cd /etc/caddy/Caddyfile.d/
|
|
nvim servers.caddyfile
|
|
nvim redirect.caddyfile
|
|
sudo caddy fmt --overwrite redirect.caddyfile
|
|
sudo caddy validate --config redirect.caddyfile
|
|
nvim /etc/caddy/Caddyfile.d/servers.caddyfile
|
|
systemctl restart caddy
|
|
cd /etc/caddy/Caddyfile.d/
|
|
ls
|
|
rm 00-allowlist.caddyfile_ 10-redirect.caddyfile_ portfolio.caddyfile_
|
|
ls
|
|
mv portfolio.caddyfile_ 30-portfolio.caddyfile_
|
|
nvim 30-portfolio.caddyfile_
|
|
ls
|
|
cat 20-servers.caddyfile
|
|
nvim 20-servers.caddyfile
|
|
systemctl restart caddy
|
|
nvim 20-servers.caddyfile
|
|
nvim 10-nextcloud.caddyfile
|
|
nvim 20-servers.caddyfile
|
|
cd ..
|
|
cat Caddyfile.d/20-servers.caddyfile
|
|
cat Caddyfile.d/20-servers.caddyfile | head -n 30
|
|
cat Caddyfile.d/20-servers.caddyfile | head -n 10
|
|
nvim /etc/caddy/client_ca.pem
|
|
nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile
|
|
systemctl restart caddy
|
|
cat Caddyfile.d/20-servers.caddyfile | head -n 10
|
|
exit
|
|
nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile
|
|
nvim /etc/caddy/Caddyfile.d/15-private.caddyfile
|
|
sudo systemctl restart caddy
|
|
nvim /etc/caddy/Caddyfile.d/10-nextcloud.caddyfile
|
|
nvim /etc/caddy/Caddyfile.d/20-servers.caddyfile
|
|
cat /etc/caddy/Caddyfile.d/20-servers.caddyfile
|
|
exit
|
|
cd /etc/
|
|
ls
|
|
cd sysconfig/
|
|
ls
|
|
nvim iptables
|
|
cat iptables
|
|
curl 10.77.0.2:8999
|
|
nvim iptables
|
|
sudo systemctl restart iptables.service
|
|
exit
|
|
curl 10.77.0.2:8999
|
|
curl 10.8.0.2:8999
|
|
curl 10.8.0.1:8999
|
|
exit
|
|
cd /etc/wireguard/
|
|
ls
|
|
cat wg0.conf
|
|
exit
|
|
cd /etc/caddy/
|
|
ls
|
|
cd Caddyfile.d/
|
|
ls
|
|
mv 30-portfolio.caddyfile_ 30-portfolio.caddyfile
|
|
cat 15-private.caddyfile__
|
|
ls
|
|
cat 25-static.caddyfile
|
|
cat 30-portfolio.caddyfile
|
|
rm 30-portfolio.caddyfile
|
|
nvim 25-static.caddyfile
|
|
systemctl restart caddy
|
|
exit
|
|
cat /etc/caddy/Caddyfile.d/25-static.caddyfile
|
|
nvim /etc/caddy/Caddyfile.d/25-static.caddyfile
|
|
sudo systemctl restart caddy
|
|
nvim /etc/caddy/Caddyfile.d/25-static.caddyfile
|
|
sudo systemctl restart caddy
|
|
cat /etc/caddy/Caddyfile.d/25-static.caddyfile
|
|
nvim /etc/caddy/Caddyfile.d/25-static.caddyfile
|
|
sudo systemctl restart caddy
|
|
cat /etc/caddy/Caddyfile.d/25-static.caddyfile
|
|
caddy validate --config /etc/caddy/Caddyfile.d/25-static.caddyfile
|
|
caddy fmt --overwrite /etc/caddy/Caddyfile.d/*
|
|
caddy fmt --overwrite /etc/caddy/Caddyfile.d/25-static.caddyfile
|
|
find -tf /etc/caddy/Caddyfile.d/25-static.caddyfile
|
|
find -type f /etc/caddy/Caddyfile.d/
|
|
find /etc/caddy/Caddyfile.d/ -type f
|
|
find /etc/caddy/Caddyfile.d/ -type f -exec caddy fmt --overwrite {}
|
|
find /etc/caddy/Caddyfile.d/ -type f -exec caddy fmt --overwrite {} \;
|
|
caddy validate --config /etc/caddy/Caddyfile.d/25-static.caddyfile
|
|
ls -la /var/www/html/portfolio/
|
|
ls -la /var/www/html/portfolio/images/
|
|
ls -la /var/www/html/portfolio/old_ijwbs/
|
|
du -sh /var/www/html/portfolio/
|
|
ls -la /var/www/html/portfolio/
|
|
ls -la /var/www/html/portfolio/friends/
|
|
cd /etc/sysconfig/
|
|
ls
|
|
cat iptables
|
|
rg 51413
|
|
rg 51412
|
|
cat iptables
|
|
sudo tcpdump -ni eth0 port 51412
|
|
sudo tcpdump -ni wg0 port 51412
|
|
sudo tcpdump -ni eth0 port 51412
|
|
ss -ltnp | grep ":51412"
|
|
sysctl -w net.ipv4.ip_forward=1
|
|
# ---- NAT (insert at top) ----
|
|
iptables -t nat -I PREROUTING 1 -i eth0 -p tcp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412
|
|
iptables -t nat -I PREROUTING 2 -i eth0 -p udp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412
|
|
iptables -t nat -I POSTROUTING 1 -s 10.77.0.0/24 -o eth0 -j MASQUERADE
|
|
# ---- FORWARD ----
|
|
iptables -I FORWARD 1 -i eth0 -o wg0 -p tcp -d 10.77.0.2 --dport 51412 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT
|
|
iptables -I FORWARD 2 -i eth0 -o wg0 -p udp -d 10.77.0.2 --dport 51412 -j ACCEPT
|
|
iptables -I FORWARD 3 -i wg0 -o eth0 -s 10.77.0.2 -p tcp --sport 51412 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
|
iptables -I FORWARD 4 -i wg0 -o eth0 -s 10.77.0.2 -p udp --sport 51412 -j ACCEPT
|
|
iptables -I FORWARD 5 -i wg0 -o eth0 -j ACCEPT
|
|
iptables -I FORWARD 6 -i eth0 -o wg0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
|
net.ipv4.ip_forward = 1
|
|
sysctl -w net.ipv4.ip_forward=1
|
|
iptables -t nat -I PREROUTING 1 -i eth0 -p tcp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412
|
|
iptables -t nat -I PREROUTING 2 -i eth0 -p udp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412
|
|
iptables -t nat -I POSTROUTING 1 -s 10.77.0.0/24 -o eth0 -j MASQUERADE
|
|
iptables -I FORWARD 1 -i eth0 -o wg0 -p tcp -d 10.77.0.2 --dport 51412 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT
|
|
iptables -I FORWARD 2 -i eth0 -o wg0 -p udp -d 10.77.0.2 --dport 51412 -j ACCEPT
|
|
iptables -I FORWARD 3 -i wg0 -o eth0 -s 10.77.0.2 -p tcp --sport 51412 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
|
iptables -I FORWARD 4 -i wg0 -o eth0 -s 10.77.0.2 -p udp --sport 51412 -j ACCEPT
|
|
iptables -I FORWARD 5 -i wg0 -o eth0 -j ACCEPT
|
|
iptables -I FORWARD 6 -i eth0 -o wg0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
|
iptables -L FORWARD -n -v --line-numbers
|
|
iptables -t nat -L -n -v --line-numbers
|
|
iptables -L FORWARD -n -v --line-numbers
|
|
iptables -t nat -L -n -v --line-numbers
|
|
sudo tcpdump -ni eth0 port 51412
|
|
curl -4 ifconfig.me
|
|
tcpdump -ni eth0 port 51412
|
|
ss -lntup | grep 51412
|
|
iptables -t raw -I PREROUTING 1 -p tcp --dport 51412 -j NOTRACK
|
|
iptables -t raw -I PREROUTING 1 -p udp --dport 51412 -j NOTRACK
|
|
iptables -t nat -I PREROUTING 1 -i eth0 -p tcp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412
|
|
iptables -t nat -I PREROUTING 2 -i eth0 -p udp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412
|
|
iptables -I FORWARD 1 -i eth0 -o wg0 -p tcp -d 10.77.0.2 --dport 51412 -j ACCEPT
|
|
iptables -I FORWARD 2 -i eth0 -o wg0 -p udp -d 10.77.0.2 --dport 51412 -j ACCEPT
|
|
iptables -I FORWARD 3 -i wg0 -o eth0 -s 10.77.0.2 --sport 51412 -j ACCEPT
|
|
iptables -t nat -I POSTROUTING 1 -s 10.77.0.2 -o eth0 -j MASQUERADE
|
|
tcpdump -ni wg0 port 51412
|
|
sysctl net.ipv4.ip_forward
|
|
iptables -t raw -I PREROUTING 1 -p tcp --dport 51412 -j NOTRACK
|
|
iptables -t raw -I PREROUTING 2 -p udp --dport 51412 -j NOTRACK
|
|
iptables -t nat -I PREROUTING 1 -i eth0 -p tcp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412
|
|
iptables -t nat -I PREROUTING 2 -i eth0 -p udp --dport 51412 -j DNAT --to-destination 10.77.0.2:51412
|
|
iptables -I FORWARD 1 -i eth0 -o wg0 -p tcp -d 10.77.0.2 --dport 51412 -j ACCEPT
|
|
iptables -I FORWARD 2 -i eth0 -o wg0 -p udp -d 10.77.0.2 --dport 51412 -j ACCEPT
|
|
iptables -I FORWARD 3 -i wg0 -o eth0 -s 10.77.0.2 --sport 51412 -j ACCEPT
|
|
iptables -t nat -I POSTROUTING 1 -s 10.77.0.2 -o eth0 -j MASQUERADE
|
|
tcpdump -ni wg0 port 51412
|
|
tcpdump -ni eth0 'tcp port 51412'
|
|
sysctl net.ipv4.conf.eth0.route_localnet
|
|
sysctl -w net.ipv4.conf.eth0.route_localnet=1
|
|
ip rule add fwmark 0x1 lookup 100
|
|
ip route add default dev wg0 table 100
|
|
iptables -t mangle -I PREROUTING 1 -i eth0 -p tcp --dport 51412 -j MARK --set-mark 1
|
|
iptables -t mangle -I PREROUTING 2 -i eth0 -p udp --dport 51412 -j MARK --set-mark 1
|
|
tcpdump -ni eth0 'tcp port 51412'
|
|
reboot
|
|
mkfs.ext4 "/dev/disk/by-id/scsi-0Linode_Volume_box"
|
|
mkdir /mnt/box
|
|
mount "/dev/disk/by-id/scsi-0Linode_Volume_box" "/mnt/box"
|
|
nvim /etc/fstab
|
|
cd /mnt/box/
|
|
ls -lag
|
|
sudo dnf install -y qbittorrent-nox
|
|
exit
|
|
cd /srv/torrents/downloads/
|
|
ls
|
|
cd The.Sims.4.Jenny/
|
|
ls
|
|
du -sh
|
|
rm rune
|
|
rm rune.nfo
|
|
exit
|
|
cd /srv/torrents/downloads/
|
|
ls
|
|
ls ../incomplete/
|
|
ls
|
|
ls in
|
|
ls ../incomplete/
|
|
ls
|
|
ls -lag
|
|
cd ..
|
|
su -sh
|
|
dh -sh
|
|
du -sh
|
|
df -h
|
|
ls
|
|
rm -rf incomplete/The.Sims.4.Jenny/
|
|
exit
|
|
cd
|
|
cd /srv/torrents/
|
|
ls -lag
|
|
du -sh
|
|
ls
|
|
mv tits/The.Sims.4.Jenny/ incomplete/
|
|
rmdir tits/
|
|
chown -R qbittorrent:qbittorrent incomplete/
|
|
cd /etc/sysconfig/
|
|
ls
|
|
cp iptables iptables_working
|
|
nvim iptables
|
|
systemctl restart iptables.service
|
|
journal -xeu iptables
|
|
journalctl -xeu iptables
|
|
nvim iptables
|
|
systemctl restart iptables.service
|
|
journalctl -xeu iptables
|
|
exit
|
|
nvim iptables
|
|
cd /etc/sysconfig/
|
|
nvim iptables
|
|
cd /etc/wireguard/
|
|
ls
|
|
nvim wg0.conf
|
|
nvim /etc/sysconfig/iptables
|
|
cd /etc/wireguard/
|
|
ls
|
|
wg genkey | tee privatekey | wg pubkey > publickey
|
|
ls
|
|
rm privatekey publickey
|
|
ls
|
|
mkdir friend
|
|
cd friend/
|
|
wg genkey | tee privatekey | wg pubkey > publickey
|
|
ls
|
|
cat privatekey
|
|
cat publickey
|
|
nvim ../wg0.conf
|
|
cat privatekey
|
|
nvim ../wg0.conf
|
|
systemctl restart wireguard
|
|
systemctl restart wg-quick@wg0.service
|
|
nvim /etc/sysconfig/iptables
|
|
nvim ../wg0.conf
|
|
systemctl restart wg-quick@wg0.service
|
|
nvim ../wg0.conf
|
|
wg show
|
|
nvim ../wg0.conf
|
|
nvim /etc/sysconfig/iptables
|
|
sudo systemctl restart iptables.service
|
|
nvim ../wg0.conf
|
|
cd /etc/wireguard/
|
|
ls
|
|
cd friend/
|
|
ls
|
|
rm *
|
|
wg genkey | tee privatekey | wg pubkey > publickey
|
|
cat publickey
|
|
nvim ../wg0.conf
|
|
cat privatekey
|
|
nvim ../wg0.conf
|
|
rm *
|
|
wg genkey | tee privatekey | wg pubkey > publickey
|
|
cat publickey
|
|
nvim ../wg0.conf
|
|
cat privatekey
|
|
rm *
|
|
wg genkey | tee privatekey | wg pubkey > publickey
|
|
cat publickey
|
|
nvim ../wg0.conf
|
|
cat privatekey
|
|
nvim /etc/sysconfig/iptables
|
|
sudo reboot
|
|
cd /etc/caddy/Caddyfile.d/
|
|
ls
|
|
rg xxx
|
|
nvim 15-private.caddyfile
|
|
sudo systemctl restart caddy
|
|
nvim 15-private.caddyfile
|
|
nvim 15-private.caddyfile__
|
|
exit
|
|
cd /etc/wireguard/
|
|
ls
|
|
cat wg0.conf
|
|
ls
|
|
ls friend/
|
|
rm friend/ -rf
|
|
ls
|
|
cd /var/www/html/
|
|
ls -lag blog/ lidarr-mb-gap/ portfolio/
|
|
ls -lag
|
|
ls -la
|
|
ls
|
|
cd
|
|
su deploy
|
|
su lidarr-reports
|
|
exit
|