Script that simplifies process of port redirect.
| LICENSE | ||
| README.md | ||
Port-redirect-script
#!/bin/bash
# Script to manage port redirections with extended system compatibility
# Usage:
# ./script.sh add <port> [tcp|udp] # defaults to both tcp and udp if not specified
# ./script.sh remove <port> [tcp|udp] # defaults to both tcp and udp if not specified
# ./script.sh list
# ./script.sh check
# Configuration
DEST_IP="192.168.2.2" # The internal IP to which traffic should be redirected
INTERFACE="wg0" # The outgoing interface used for MASQUERADE
check_system() {
# Check for iptables and install if not present
if ! command -v iptables >/dev/null 2>&1; then
echo "iptables is not installed. Would you like to install it now? (y/n)"
read answer
if [[ "$answer" == "y" ]]; then
if [ -f "/etc/alpine-release" ]; then
apk add iptables
elif [ -f "/etc/debian_version" ]; then
apt-get update
apt-get install iptables
elif [ -f "/etc/fedora-release" ]; then
dnf install -y iptables
elif [ -f "/etc/arch-release" ]; then
pacman -Syu iptables
else
echo "Unsupported OS. Please install iptables manually."
exit 1
fi
else
echo "iptables is required for this script to function."
exit 1
fi
fi
# Check for startup script existence and setup if not present
if [ ! -f "/etc/local.d/iptables.start" ]; then
echo "Autostart script for iptables rules is not configured. Would you like to configure it now? (y/n)"
read answer
if [[ "$answer" == "y" ]]; then
echo '#!/bin/sh' > /etc/local.d/iptables.start
echo "iptables-restore < /etc/iptables/rules-save" >> /etc/local.d/iptables.start
chmod +x /etc/local.d/iptables.start
if [ -f "/etc/alpine-release" ]; then
rc-update add local default
rc-service local start
elif [ -f "/etc/fedora-release" ] || [ -f "/etc/arch-release" ]; then
systemctl enable rc-local.service
systemctl start rc-local.service
elif [ -f "/etc/debian_version" ]; then
systemctl enable rc-local.service
systemctl start rc-local.service
else
echo "Unsupported OS for autostart configuration."
exit 1
fi
echo "Startup script configured successfully."
else
echo "Autostart script is essential for persistent iptables rules."
exit 1
fi
fi
}
# Function to add port redirection
add_port() {
local port=$1
local proto=${2:-"tcp udp"} # Default to both TCP and UDP if not specified
for p in $proto; do
echo "Adding $p redirection for port: $port"
iptables -t nat -A PREROUTING -p $p --dport $port -j DNAT --to-destination $DEST_IP:$port
iptables -t nat -A POSTROUTING -o $INTERFACE -p $p --dport $port -d $DEST_IP -j MASQUERADE
echo "Redirection added for $p port $port."
done
}
# Function to remove port redirection
remove_port() {
local port=$1
local proto=${2:-"tcp udp"} # Default to both TCP and UDP if not specified
for p in $proto; do
echo "Removing $p redirection for port: $port"
iptables -t nat -D PREROUTING -p $p --dport $port -j DNAT --to-destination $DEST_IP:$port
iptables -t nat -D POSTROUTING -o $INTERFACE -p $p --dport $port -d $DEST_IP -j MASQUERADE
echo "Redirection removed for $p port $port."
done
}
# Function to list all port redirections
list_redirects() {
echo "Listing all TCP and UDP port redirections:"
iptables -t nat -L PREROUTING --line-numbers -n
iptables -t nat -L POSTROUTING --line-numbers -n
}
# Main case logic
case "$1" in
add|remove)
if [ "$#" -lt 2 ] || [ "$#" -gt 3 ]; then
echo "Invalid usage for $1"
echo "Usage: $0 $1 <port> [tcp|udp]"
exit 1
fi
check_system
"${1}_port" $2 $3
;;
list)
check_system
list_redirects
;;
check)
check_system
echo "System check completed."
;;
*)
echo "Invalid command: $1"
echo "Usage: $0 {add|remove|list|check} <args>"
exit 1
;;
esac
# Save the current iptables rules
iptables-save > /etc/iptables/rules-save
echo "Current iptables rules saved."