#!/bin/sh

Curl -fssl https://get.docker.com -o get-docker.sh
Sh get-docker.sh
Ip6block=`ip addr show | grep inet6 | grep -ve ' f[de][0-9a-f]{2}:' | grep /64 | head -n1 | sed -e "s/\s*inet6\s*(([0-9a-f]{1,4}:){3}[0-9a-f]{1,4}):.*\/64 scope global dynamic mngtmpaddr noprefixroute\s*/\1/"`
Ip6snat_start="::2"
Ip6snat_end=":ffff:ffff:ffff:ffff"
Private_v6="fd61:a12b:f6ed:f920::/64"
Private_v4="172.19.0.0/16"
Switched_network=1
Interface=`ip route | grep default | sed -e "s/.*dev ([^ ]+).*/\1/"`
Ip6block_size="64"
Echo '{
"experimental": true,
"ip6tables": true,
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "10"
}
}' > /etc/docker/daemon.json
Systemctl restart docker
Docker network create --ipv6 -o "com.docker.network.bridge.enable_ip_masquerade=false" --subnet $private_v6 --subnet $private_v4 ip6net
Cat <<eof >thing.py
Import ipaddress
Import subprocess
# config
# public range
Subnet = "$ip6block::/64"
# private range to be snat'ted from
Privatev6 = "fdbf:e8f7:b417:575a::/64"
# end config

Def split_ipv6_subnet(subnet, chunks):
# convert the subnet to an ipv6 network object
Network = ipaddress.ip_network(subnet, strict=false)

# calculate the number of addresses in each chunk
Addresses_per_chunk = network.num_addresses // chunks

# ensure that we aren't left with an incomplete final chunk
If network.num_addresses % chunks:
Addresses_per_chunk += 1

Results = []
Current_address = int(network.network_address)
End_address = int(network.network_address) + network.num_addresses

For i in range(chunks):
# start of the current chunk
Start = current_address

# if this is the last chunk, set the end to the end address of the subnet
If i == chunks - 1:
End = end_address
Else:
# otherwise, set the end to the address at the end of the chunk
End = start + addresses_per_chunk

# convert the start and end addresses back to ipv6 addresses
Start_ip = ipaddress.ipv6address(start)
End_ip = ipaddress.ipv6address(end - 1) # subtract 1 to get the last address in the chunk

Results.append(f"{start_ip}-{end_ip}")

# update the current address to the end of the chunk
Current_address = end

# if we've reached the end of the subnet, break out of the loop
If current_address >= end_address:
Break

Return results

With open("/proc/sys/net/ipv4/ip_local_port_range", "r") as f:
Content = f.readline()
Port_range_start, port_range_end = map(int, content.split())

Print(port_range_start, port_range_end)
Port_range_count = port_range_end - port_range_start + 1
I = 0
For netrange in split_ipv6_subnet(subnet, port_range_count):
Print(str(port_range_start + i), "->", netrange)
Subprocess.run(
["ip6tables", "-t", "nat", "-a", "postrouting", "-p", "udp", "--sport", str(port_range_start + i), "-s",
Privatev6, "-j", "snat", "--to-source", netrange])
Subprocess.run(
["ip6tables", "-t", "nat", "-a", "postrouting", "-p", "tcp", "--sport", str(port_range_start + i), "-s",
Privatev6, "-j", "snat", "--to-source", netrange])
I += 1
Eof
Python3 thing.py
Debian_frontend=noninteractive apt-get install iptables-persistent -y
Iptables-save > /etc/iptables/rules.v4
Ip6tables-save > /etc/iptables/rules.v6
If [ "$switched_network" -eq 1 ]; then
Echo setting up ndppd to respond to ipv6 neighbour solicitations for the whole network
Echo "proxy $interface {
Router no
Rule $ip6block::/$ip6block_size {
Static
}
}" > /etc/ndppd.conf
Apt-get install ndppd
Fi
Seq 4 | xargs -n1 -p100 -i% docker run --pull always --detach --network ip6net -e prefer_ipv6=1 --log-driver json-file --log-opt max-size=25m atdr.meo.ws/archiveteam/telegram-grab --concurrent 1 kiska1