Skip to content

Instantly share code, notes, and snippets.

@faizal2007

faizal2007/iptables-nat-multiport.sh

Last active April 12, 2021 08:37
Show Gist options
  • Save faizal2007/f92e4fe90d377c721656e5e6245328b1 to your computer and use it in GitHub Desktop.
Save faizal2007/f92e4fe90d377c721656e5e6245328b1 to your computer and use it in GitHub Desktop.
Download ZIP
Port forwarding for incoming port using iptables
Raw
iptables-nat-multiport.sh
#!/bin/bash
# The MIT License (MIT)
#
# Copyright (c) 2016 Faizal Sadri
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
CMD="$(dirname $0)/$(basename $0)"
HOST_IP=10.0.2.146
MULTIPORT=80,443
HOST_ETH=eth0
REMOTE_IP=10.0.2.169
# iptables -t nat -A PREROUTING -p tcp -m multiport --dports 80,443 -j DNAT --to-destination 192.168.1.175
RULE1=`iptables -t nat -C POSTROUTING -j MASQUERADE >/dev/null 2>&1`
RULE2=`iptables -t nat -C PREROUTING -p tcp -i $HOST_ETH -d $HOST_IP -m multiport --dports $MULTIPORT -j DNAT --to-destination $REMOTE_IP >/dev/null 2>&1`
FLAG=`echo $?`
function port() {
case $1 in
'enable')
echo 1 > /proc/sys/net/ipv4/ip_forward
if [ $FLAG -ne 0 ]; then
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -i $HOST_ETH -d $HOST_IP -m multiport --dports $MULTIPORT -j DNAT --to-destination $REMOTE_IP
echo "Port $MULTIPORT enabled for remote port."
else
echo "Rule Exist"
fi
;;
'disable')
echo 0 > /proc/sys/net/ipv4/ip_forward
if [ $FLAG -eq 0 ]; then
iptables -t nat -D POSTROUTING -j MASQUERADE
iptables -t nat -D PREROUTING -p tcp -i $HOST_ETH -d $HOST_IP -m multiport --dports $MULTIPORT -j DNAT --to-destination $REMOTE_IP
echo "Port $MULTIPORT removed."
fi
;;
'status')
STATUS=`iptables -t nat -L | grep DNAT`
if [ -z "$STATUS" ]
then
echo "Port $MULTIPORT not enabled."
else
echo $STATUS
fi
;;
*)
echo -e "Argument not found :\n Wrong syntax < $CMD $1 >"
;;
esac
}
if [ $# -ne 1 ]; then
echo "$CMD enable|disable"
else
port $1
fi
Raw
iptables-nat.sh
#!/bin/bash
# The MIT License (MIT)
#
# Copyright (c) 2016 Faizal Sadri
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
CMD="$(dirname $0)/$(basename $0)"
HOST_IP=192.168.1.20
HOST_PORT=9432
HOST_ETH=eth0
REMOTE_IP=192.168.1.24
REMOTE_PORT=5432
RULE1=`iptables -t nat -C POSTROUTING -j MASQUERADE >/dev/null 2>&1`
RULE2=`iptables -t nat -C PREROUTING -p tcp -i $HOST_ETH -d $HOST_IP --dport $HOST_PORT -j DNAT --to $REMOTE_IP:$REMOTE_PORT >/dev/null 2>&1`
FLAG=`echo $?`
function port() {
case $1 in
'enable')
echo 1 > /proc/sys/net/ipv4/ip_forward
if [ $FLAG -ne 0 ]; then
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -i $HOST_ETH -d $HOST_IP --dport $HOST_PORT -j DNAT --to $REMOTE_IP:$REMOTE_PORT
echo "Port $HOST_PORT enabled for remote port."
else
echo "Rule Exist"
fi
;;
'disable')
echo 0 > /proc/sys/net/ipv4/ip_forward
if [ $FLAG -eq 0 ]; then
iptables -t nat -D POSTROUTING -j MASQUERADE
iptables -t nat -D PREROUTING -p tcp -i $HOST_ETH -d $HOST_IP --dport $HOST_PORT -j DNAT --to $REMOTE_IP:$REMOTE_PORT
echo "Port $HOST_PORT removed."
fi
;;
*)
echo -e "Argument not found :\n Wrong syntax < $CMD $1 >"
;;
esac
}
if [ $# -ne 1 ]; then
echo "$CMD enable|disable"
else
port $1
fi
Raw
localport-forward-external.sh
#!/bin/bash
# The MIT License (MIT)
#
# Copyright (c) 2016 Faizal Sadri
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
CMD="$(dirname $0)/$(basename $0)"
HOST_IP=127.0.0.1
HOST_PORT=5432
HOST_ETH=lo
REMOTE_IP=10.0.2.170
REMOTE_PORT=5432
RULE1=`iptables -t nat -C POSTROUTING -j MASQUERADE >/dev/null 2>&1`
RULE2=`iptables -t nat -C OUTPUT -p tcp -o $HOST_ETH -d $HOST_IP --dport $HOST_PORT -j DNAT --to-destination $REMOTE_IP:$REMOTE_PORT >/dev/null 2>&1`
FLAG=`echo $?`
function port() {
case $1 in
'enable')
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv4.conf.all.route_localnet=1
if [ $FLAG -ne 0 ]; then
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -t nat -A OUTPUT -p tcp -o $HOST_ETH -d $HOST_IP --dport $HOST_PORT -j DNAT --to-destination $REMOTE_IP:$REMOTE_PORT
echo "Port $HOST_PORT enabled for remote port."
else
echo "Rule Exist"
fi
;;
'disable')
sysctl -w net.ipv4.ip_forward=0
sysctl -w net.ipv4.conf.all.route_localnet=0
if [ $FLAG -eq 0 ]; then
iptables -t nat -D POSTROUTING -j MASQUERADE
iptables -t nat -D OUTPUT -p tcp -o $HOST_ETH -d $HOST_IP --dport $HOST_PORT -j DNAT --to-destination $REMOTE_IP:$REMOTE_PORT
echo "Port $HOST_PORT removed."
fi
;;
'status')
iptables -t nat -L | grep DNAT
;;
*)
echo -e "Argument not found :\n Wrong syntax < $CMD $1 >"
;;
esac
}
if [ $# -ne 1 ]; then
echo "$CMD enable|disable|status"
else
port $1
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment