tinyscripts/port_forward.sh

39 lines
1.3 KiB
Bash
Executable File

if [ $(id -u) -gt 0 ]; then
echo "This script must be run as root."
exit
fi
port=$1
echo "port" $port
ip=$(ip ad sh eth0 | grep -Eo "inet [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | grep -Eo "[^a-z ]+")
#Get list of already forwarded ports and what IPs
remotes=$(sudo -u wisknort ssh root@jasmine iptables -nt nat -L PREROUTING | grep -Eo 'dpt:[0-9]+ to:[0-9\.]+')
locals=$(iptables -nt mangle -L OUTPUT | grep -Eo 'spt:[0-9]+')
#run once per startup
if [ ! -e /tmp/ipeed ]; then
ip rule add fwmark 0x1 lookup vidya
ip route add default via 192.168.18.202 table vidya
sudo -u wisknort ssh root@jasmine sysctl -w net.ipv4.ip_forward=1
touch /tmp/ipeed
fi
#run once per port to forward
#local
if [ -z "$(grep "spt:$port" <<< "$locals")" ]; then
echo "sport" $port
iptables -t mangle -A OUTPUT -p tcp --sport $port -j MARK --set-mark 0x1
iptables -t mangle -A OUTPUT -p udp --sport $port -j MARK --set-mark 0x1
else
echo "local already forwarded"
fi
#jasmine
if [ -z "$(grep "dpt:$port to:$ip" <<< "$remotes")" ]; then
echo "dpt" $port
sudo -u wisknort ssh root@jasmine "iptables -t nat -A PREROUTING -p tcp --dport $port -j DNAT --to $ip"
sudo -u wisknort ssh root@jasmine "iptables -t nat -A PREROUTING -p udp --dport $port -j DNAT --to $ip"
else
echo "remote already forwarded"
fi