-
Notifications
You must be signed in to change notification settings - Fork 33
Expand file tree
/
Copy pathserver.sh
More file actions
executable file
·64 lines (55 loc) · 1.59 KB
/
server.sh
File metadata and controls
executable file
·64 lines (55 loc) · 1.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -F -t nat
iptables -P INPUT ACCEPT
iptables -P FORWARD DROP
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m mark --mark 0x99 -j ACCEPT
iptables -t nat -A POSTROUTING -m mark --mark 0x99 -j MASQUERADE
# load && run
modprobe ip_set
rmmod natcap >/dev/null 2>&1
( modprobe natcap mode=1 auth_enabled=0 >/dev/null || insmod ./natcap.ko mode=1 auth_enabled=0 ) && {
cat <<EOF >>/dev/natcap_ctl
debug=3
disabled=0
EOF
# reload natcapd-server
killall natcapd-server 2>/dev/null
sh ./natcapd/natcapd.server.load.sh &
}
sysctl_setup()
{
cat | while read line; do
sysctl -w $line
done
}
# basic system config setup, enable bbr
sysctl_setup << EOF
kernel.panic=3
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.ip_forward=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.icmp_ignore_bogus_error_responses=1
net.ipv4.igmp_max_memberships=100
net.ipv4.tcp_max_syn_backlog=512
net.ipv4.tcp_fin_timeout=15
net.ipv4.tcp_keepalive_time=120
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_timestamps=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_dsack=1
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_congestion_control=bbr
net.netfilter.nf_conntrack_acct=1
net.netfilter.nf_conntrack_checksum=0
net.netfilter.nf_conntrack_max=655360
net.netfilter.nf_conntrack_tcp_timeout_established=7440
net.netfilter.nf_conntrack_udp_timeout=60
net.netfilter.nf_conntrack_udp_timeout_stream=180
net.core.somaxconn=2048
net.core.default_qdisc=fq
EOF