131 lines
No EOL
4.4 KiB
Markdown
131 lines
No EOL
4.4 KiB
Markdown
# Port-redirect-script
|
|
|
|
```bash
|
|
#!/bin/bash
|
|
|
|
# Script to manage port redirections with extended system compatibility
|
|
# Usage:
|
|
# ./script.sh add <port> [tcp|udp] # defaults to both tcp and udp if not specified
|
|
# ./script.sh remove <port> [tcp|udp] # defaults to both tcp and udp if not specified
|
|
# ./script.sh list
|
|
# ./script.sh check
|
|
|
|
# Configuration
|
|
DEST_IP="192.168.2.2" # The internal IP to which traffic should be redirected
|
|
INTERFACE="wg0" # The outgoing interface used for MASQUERADE
|
|
|
|
check_system() {
|
|
# Check for iptables and install if not present
|
|
if ! command -v iptables >/dev/null 2>&1; then
|
|
echo "iptables is not installed. Would you like to install it now? (y/n)"
|
|
read answer
|
|
if [[ "$answer" == "y" ]]; then
|
|
if [ -f "/etc/alpine-release" ]; then
|
|
apk add iptables
|
|
elif [ -f "/etc/debian_version" ]; then
|
|
apt-get update
|
|
apt-get install iptables
|
|
elif [ -f "/etc/fedora-release" ]; then
|
|
dnf install -y iptables
|
|
elif [ -f "/etc/arch-release" ]; then
|
|
pacman -Syu iptables
|
|
else
|
|
echo "Unsupported OS. Please install iptables manually."
|
|
exit 1
|
|
fi
|
|
else
|
|
echo "iptables is required for this script to function."
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
# Check for startup script existence and setup if not present
|
|
if [ ! -f "/etc/local.d/iptables.start" ]; then
|
|
echo "Autostart script for iptables rules is not configured. Would you like to configure it now? (y/n)"
|
|
read answer
|
|
if [[ "$answer" == "y" ]]; then
|
|
echo '#!/bin/sh' > /etc/local.d/iptables.start
|
|
echo "iptables-restore < /etc/iptables/rules-save" >> /etc/local.d/iptables.start
|
|
chmod +x /etc/local.d/iptables.start
|
|
if [ -f "/etc/alpine-release" ]; then
|
|
rc-update add local default
|
|
rc-service local start
|
|
elif [ -f "/etc/fedora-release" ] || [ -f "/etc/arch-release" ]; then
|
|
systemctl enable rc-local.service
|
|
systemctl start rc-local.service
|
|
elif [ -f "/etc/debian_version" ]; then
|
|
systemctl enable rc-local.service
|
|
systemctl start rc-local.service
|
|
else
|
|
echo "Unsupported OS for autostart configuration."
|
|
exit 1
|
|
fi
|
|
echo "Startup script configured successfully."
|
|
else
|
|
echo "Autostart script is essential for persistent iptables rules."
|
|
exit 1
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# Function to add port redirection
|
|
add_port() {
|
|
local port=$1
|
|
local proto=${2:-"tcp udp"} # Default to both TCP and UDP if not specified
|
|
for p in $proto; do
|
|
echo "Adding $p redirection for port: $port"
|
|
iptables -t nat -A PREROUTING -p $p --dport $port -j DNAT --to-destination $DEST_IP:$port
|
|
iptables -t nat -A POSTROUTING -o $INTERFACE -p $p --dport $port -d $DEST_IP -j MASQUERADE
|
|
echo "Redirection added for $p port $port."
|
|
done
|
|
}
|
|
|
|
# Function to remove port redirection
|
|
remove_port() {
|
|
local port=$1
|
|
local proto=${2:-"tcp udp"} # Default to both TCP and UDP if not specified
|
|
for p in $proto; do
|
|
echo "Removing $p redirection for port: $port"
|
|
iptables -t nat -D PREROUTING -p $p --dport $port -j DNAT --to-destination $DEST_IP:$port
|
|
iptables -t nat -D POSTROUTING -o $INTERFACE -p $p --dport $port -d $DEST_IP -j MASQUERADE
|
|
echo "Redirection removed for $p port $port."
|
|
done
|
|
}
|
|
|
|
# Function to list all port redirections
|
|
list_redirects() {
|
|
echo "Listing all TCP and UDP port redirections:"
|
|
iptables -t nat -L PREROUTING --line-numbers -n
|
|
iptables -t nat -L POSTROUTING --line-numbers -n
|
|
}
|
|
|
|
# Main case logic
|
|
case "$1" in
|
|
add|remove)
|
|
if [ "$#" -lt 2 ] || [ "$#" -gt 3 ]; then
|
|
echo "Invalid usage for $1"
|
|
echo "Usage: $0 $1 <port> [tcp|udp]"
|
|
exit 1
|
|
fi
|
|
check_system
|
|
"${1}_port" $2 $3
|
|
;;
|
|
list)
|
|
check_system
|
|
list_redirects
|
|
;;
|
|
check)
|
|
check_system
|
|
echo "System check completed."
|
|
;;
|
|
*)
|
|
echo "Invalid command: $1"
|
|
echo "Usage: $0 {add|remove|list|check} <args>"
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
# Save the current iptables rules
|
|
iptables-save > /etc/iptables/rules-save
|
|
echo "Current iptables rules saved."
|
|
``` |