if [ $(id -u) -gt 0 ]; then echo "This script must be run as root." exit fi port=$1 echo "port" $port ip=$(ip ad sh eth0 | grep -Eo "inet [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | grep -Eo "[^a-z ]+") #Get list of already forwarded ports and what IPs remotes=$(sudo -u wisknort ssh root@jasmine iptables -nt nat -L PREROUTING | grep -Eo 'dpt:[0-9]+ to:[0-9\.]+') locals=$(iptables -nt mangle -L OUTPUT | grep -Eo 'spt:[0-9]+') #run once per startup if [ ! -e /tmp/ipeed ]; then ip rule add fwmark 0x1 lookup vidya ip route add default via 192.168.18.202 table vidya sudo -u wisknort ssh root@jasmine sysctl -w net.ipv4.ip_forward=1 touch /tmp/ipeed fi #run once per port to forward #local if [ -z "$(grep "spt:$port" <<< "$locals")" ]; then echo "sport" $port iptables -t mangle -A OUTPUT -p tcp --sport $port -j MARK --set-mark 0x1 iptables -t mangle -A OUTPUT -p udp --sport $port -j MARK --set-mark 0x1 else echo "local already forwarded" fi #jasmine if [ -z "$(grep "dpt:$port to:$ip" <<< "$remotes")" ]; then echo "dpt" $port sudo -u wisknort ssh root@jasmine "iptables -t nat -A PREROUTING -p tcp --dport $port -j DNAT --to $ip" sudo -u wisknort ssh root@jasmine "iptables -t nat -A PREROUTING -p udp --dport $port -j DNAT --to $ip" else echo "remote already forwarded" fi