Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
executable file 80 lines (61 sloc) 1.52 KB
#!/bin/bash -e
# Copyright (c) Alon Swartz <alon@turnkeylinux.org>
fatal() { echo "FATAL [$(basename $0)]: $@" 1>&2; exit 1; }
usage() {
cat<<EOF
Syntax: $(basename $0) action s_port d_addr:d_port
Add or delete iptables nat configurations
Arguments::
action action to perform (add|del|info)
s_port source port on host
d_addr:d_port destination ip address and port
Examples::
$(basename $0) add 2222 192.168.121.150:22
$(basename $0) del 2222 192.168.121.150:22
EOF
exit 1
}
_prerouting() {
action=$1
s_port=$2
d_addr=$3
d_port=$4
iptables -t nat $action PREROUTING \
-p tcp --dport $s_port -j DNAT --to $d_addr:$d_port
}
_forward() {
action=$1
d_addr=$2
d_port=$3
iptables $action FORWARD \
-d $d_addr/32 -p tcp -m state --state NEW -m tcp --dport $d_port -j ACCEPT
}
if [ "$1" == "info" ]; then
iptables -t nat -L PREROUTING; echo
iptables -L FORWARD; echo
LEASES=/var/lib/misc/dnsmasq.leases
if [ -e $LEASES ]; then
echo $LEASES
cat $LEASES
fi
exit 0
fi
if [[ "$#" != "3" ]]; then
usage
fi
action=$1
s_port=$2
d_addr=$(echo $3 | cut -d ":" -f 1)
d_port=$(echo $3 | cut -d ":" -f 2)
case $action in
add)
_prerouting -A $s_port $d_addr $d_port;
_forward -I $d_addr $d_port;
;;
del)
_prerouting -D $s_port $d_addr $d_port;
_forward -D $d_addr $d_port;
;;
*) fatal "action not supported: $action";
;;
esac
You can’t perform that action at this time.