#!/usr/bin/env bash set -euo pipefail # ========================================================== # OVH Proxy Manager (FINAL – FIXED FOR TAILSCALE) # # - Moves OVH SSH to port 23 # - Forwards ALL ports (INCLUDING 22) to destination # - AUTO-detects: # • WAN interface # • Tailscale interface (tailscale0) # - Correct SNAT for Tailscale (FIXES SSH) # ========================================================== if [[ "$EUID" -ne 0 ]]; then echo "❌ Run as root: sudo bash $0" exit 1 fi get_wan_iface() { ip route | awk '/default/ {print $5; exit}' } get_ts_iface() { ip link show | awk -F: '/tailscale0/ {print $2; exit}' | xargs } validate_ipv4() { [[ "$1" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]] } enable_ip_forward() { sysctl -w net.ipv4.ip_forward=1 >/dev/null sed -i 's/^net.ipv4.ip_forward=.*/net.ipv4.ip_forward=1/' /etc/sysctl.conf 2>/dev/null || \ echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf } disable_ip_forward() { sysctl -w net.ipv4.ip_forward=0 >/dev/null } set_ssh_port_23() { echo "==> Moving OVH SSH to port 23" sed -i 's/^#\?Port .*/Port 23/' /etc/ssh/sshd_config || echo "Port 23" >> /etc/ssh/sshd_config systemctl restart ssh || systemctl restart sshd command -v ufw >/dev/null && ufw allow 23/tcp >/dev/null || true } restore_ssh_port_22() { sed -i 's/^Port 23$/Port 22/' /etc/ssh/sshd_config || true systemctl restart ssh || systemctl restart sshd } apply_forwarding() { local DEST_IP="$1" local WAN_IFACE TS_IFACE WAN_IFACE="$(get_wan_iface)" TS_IFACE="$(get_ts_iface)" if [[ -z "$WAN_IFACE" ]]; then echo "❌ Could not detect WAN interface" exit 1 fi enable_ip_forward echo "WAN IFACE : $WAN_IFACE" echo "DEST IP : $DEST_IP" if [[ "$DEST_IP" == 100.* ]]; then if [[ -z "$TS_IFACE" ]]; then echo "❌ Tailscale interface not found" exit 1 fi echo "TS IFACE : $TS_IFACE" fi # Clear old rules iptables -t nat -F iptables -F iptables -X # DNAT all TCP/UDP (including 22) iptables -t nat -A PREROUTING -i "$WAN_IFACE" -p tcp -j DNAT --to "$DEST_IP" iptables -t nat -A PREROUTING -i "$WAN_IFACE" -p udp -j DNAT --to "$DEST_IP" iptables -A FORWARD -p tcp -d "$DEST_IP" -j ACCEPT iptables -A FORWARD -p udp -d "$DEST_IP" -j ACCEPT # SNAT (CRITICAL PART) if [[ "$DEST_IP" == 100.* ]]; then iptables -t nat -A POSTROUTING -o "$TS_IFACE" -j MASQUERADE else iptables -t nat -A POSTROUTING -o "$WAN_IFACE" -j MASQUERADE fi echo "✅ Forwarding ACTIVE" echo "OVH SSH : ssh -p 23 user@OVH_IP" echo "FORWARDED : ssh user@OVH_IP (port 22)" } install_tailscale() { read -rp "Enter destination Tailscale IP (100.x.x.x): " TS_IP validate_ipv4 "$TS_IP" || { echo "❌ Invalid IP"; return; } set_ssh_port_23 apply_forwarding "$TS_IP" } install_aws() { read -rp "Enter destination public IPv4: " AWS_IP validate_ipv4 "$AWS_IP" || { echo "❌ Invalid IP"; return; } set_ssh_port_23 apply_forwarding "$AWS_IP" } uninstall_all() { iptables -t nat -F iptables -F iptables -X disable_ip_forward restore_ssh_port_22 echo "✅ Uninstalled and restored SSH to port 22" } while true; do clear echo "==============================" echo " OVH Proxy Manager" echo "==============================" echo "1) OVH → AWS" echo "2) OVH → Tailscale" echo "3) Uninstall" echo "4) Exit" echo read -rp "Choose: " c case "$c" in 1) install_aws ;; 2) install_tailscale ;; 3) uninstall_all ;; 4) exit 0 ;; esac read -rp "Press Enter to continue..." done