Bash/Port/Forward: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
No edit summary
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
==Check Port is not used==
__TOC__
 
==Forward Script==
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
# check port 22200
#!/bin/bash
fuser 22200/tcp
: '
@author  "Chorke Academia"<[email protected]>
@web      http://chorke.org/academia
@vendor    Chorke Academia, Inc.
@version  1.0.00.GA
@since    1.0.00.GA
'
 
# pre initialized data for iptables port forwarding
CKI_ALL_PORT='22210 22211 22212 22213 22214 22215'
CKI_ALL_ADDR='100.83.0.20 100.83.0.21 100.83.0.22'
CKI_ALL_ADDR="$CKI_ALL_ADDR 100.83.0.23"
CKI_ALL_ADDR="$CKI_ALL_ADDR 100.83.0.24"
CKI_ALL_ADDR="$CKI_ALL_ADDR 100.83.0.25"
CKI_WAN_ADDR=139.59.51.80
 
 
# set source port
choose_wan_port(){
  printf "\n\033[0;33mchoose wan port:\033[0m\n";
  select CKI_WAN_PORT in '22200' '22299';do
    case $CKI_WAN_PORT in
      '22200') break;;
      '22299') break;;
    esac
  done
}
 
 
# set target port
choose_lan_port(){
  printf "\n\033[0;33mchoose lan port:\033[0m\n";
  select CKI_LAN_PORT in $CKI_ALL_PORT;do
    case $CKI_LAN_PORT in
      '22210') break;;
      '22211') break;;
      '22212') break;;
      '22213') break;;
      '22214') break;;
      '22215') break;;
    esac
  done
}
 
 
# set target addrress/ip
choose_lan_addr(){
  printf "\n\033[0;33mchoose lan addr:\033[0m\n";
  select CKI_LAN_ADDR in $CKI_ALL_ADDR;do
    case $CKI_LAN_ADDR in
      '100.83.0.20') break;;
      '100.83.0.21') break;;
      '100.83.0.22') break;;
      '100.83.0.23') break;;
      '100.83.0.24') break;;
      '100.83.0.25') break;;
    esac
  done
}
 
 
# set action/operation
choose_action(){
  printf "\n\033[0;33mchoose operation:\033[0m\n";
  select CKI_ACTION in 'add' 'del';do
    case $CKI_ACTION in
      'add') break;;
      'del') break;;
    esac
  done
 
 
  printf '\n\033[0;33mconfirm operation:\033[0m\n';
  CKI_MESSAGE='\033[0;31m%s\033[0m \033[0;33m%s:%s';
  CKI_MESSAGE="$CKI_MESSAGE\033[0m => \033[0;33m%s:%s\033[0m\n";
  printf "$CKI_MESSAGE" "$CKI_ACTION" "$CKI_WAN_ADDR" "$CKI_WAN_PORT" "$CKI_LAN_ADDR" "$CKI_LAN_PORT";
 
  select CKI_CONFIRM in 'yes' 'no';do
    case $CKI_CONFIRM in
      'yes') break;;
      'no') break;;
    esac
  done
}
 
 
# add rules to iptables
operation_add(){
  iptables -t nat -A PREROUTING -p tcp -m tcp -d $CKI_WAN_ADDR --dport $CKI_WAN_PORT -j DNAT --to-destination $CKI_LAN_ADDR:$CKI_LAN_PORT
  iptables -A FORWARD -m state -p tcp -d $CKI_LAN_ADDR --dport $CKI_LAN_PORT --state NEW,ESTABLISHED,RELATED -j ACCEPT
  iptables -t nat -A POSTROUTING -p tcp -m tcp -s $CKI_LAN_ADDR --sport $CKI_LAN_PORT -j SNAT --to-source $CKI_WAN_ADDR
  printf '\n\033[0;32msuccess operation:\033[0m\n';
  printf "$CKI_MESSAGE\n" "$CKI_ACTION" "$CKI_WAN_ADDR" "$CKI_WAN_PORT" "$CKI_LAN_ADDR" "$CKI_LAN_PORT";
}
 
 
# delete from iptables
operation_del(){
  iptables -t nat -D PREROUTING -p tcp -m tcp -d $CKI_WAN_ADDR --dport $CKI_WAN_PORT -j DNAT --to-destination $CKI_LAN_ADDR:$CKI_LAN_PORT
  iptables -D FORWARD -m state -p tcp -d $CKI_LAN_ADDR --dport $CKI_LAN_PORT --state NEW,ESTABLISHED,RELATED -j ACCEPT
  iptables -t nat -D POSTROUTING -p tcp -m tcp -s $CKI_LAN_ADDR --sport $CKI_LAN_PORT -j SNAT --to-source $CKI_WAN_ADDR
  printf '\n\033[0;32msuccess operation:\033[0m\n';
  printf "$CKI_MESSAGE\n" "$CKI_ACTION" "$CKI_WAN_ADDR" "$CKI_WAN_PORT" "$CKI_LAN_ADDR" "$CKI_LAN_PORT";
}
 
 
# execute options
choose_wan_port &&
choose_lan_port &&
choose_lan_addr &&
choose_action;
 
 
# exectue action
if [ "$CKI_CONFIRM" == 'yes' ];then
  if [ "$CKI_ACTION" == 'add' ];then operation_add;
  elif [ "$CKI_ACTION" == 'del' ];then operation_del;fi
else
  printf '\n\033[0;31mcanceled operation:\033[0m\n';
  printf "$CKI_MESSAGE\n" "$CKI_ACTION" "$CKI_WAN_ADDR" "$CKI_WAN_PORT" "$CKI_LAN_ADDR" "$CKI_LAN_PORT";
fi


# check port 55500
# safe exit
fuser 55500/tcp
exit $?
</syntaxhighlight>
</syntaxhighlight>


==Enable Specific Port==
==Good to Know==
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
# enable series of port
firewall-cmd --zone=public --permanent --add-port=22200-22299/tcp
# enable specific port
firewall-cmd --zone=public --permanent --add-port=22200/tcp
firewall-cmd --zone=public --permanent --add-port=22200/tcp
firewall-cmd --zone=public --permanent --add-port=55500/tcp
firewall-cmd --reload
netstat
</syntaxhighlight>


==Enable Range of Port==
# check port 22200
<syntaxhighlight lang="bash">
fuser 22200/tcp
firewall-cmd --zone=public --permanent --add-port=22200-22290/tcp
 
firewall-cmd --zone=public --permanent --add-port=55500-55590/tcp
firewall-cmd --reload
netstat
</syntaxhighlight>


==Forwarding Parameters==
# wan & lan ip config
<syntaxhighlight lang="bash">
CKI_WAN_ADDR=139.59.51.80
# destination ip & port
CKI_LAN_ADDR=100.43.0.20
MSC_LAN_ADDR=100.43.0.20
MSC_LAN_PORT=22211


# wan interface ip & port
# wan & lan port config
MSC_WAN_ADDR=139.59.51.80
CKI_WAN_PORT=22200
MSC_WAN_PORT=22200
CKI_LAN_PORT=22211
</syntaxhighlight>


==Forwarding rule add==
# add forwarding rule
<syntaxhighlight lang="bash">
iptables -t nat -A PREROUTING -p tcp -m tcp -d $CKI_WAN_ADDR --dport $CKI_WAN_PORT -j DNAT --to-destination $CKI_LAN_ADDR:$CKI_LAN_PORT
iptables -t nat -A PREROUTING -p tcp -m tcp -d $MSC_WAN_ADDR --dport $MSC_WAN_PORT -j DNAT --to-destination $MSC_LAN_ADDR:$MSC_LAN_PORT
iptables -A FORWARD -m state -p tcp -d $CKI_LAN_ADDR --dport $CKI_LAN_PORT --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state -p tcp -d $MSC_LAN_ADDR --dport $MSC_LAN_PORT --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -p tcp -m tcp -s $CKI_LAN_ADDR --sport $CKI_LAN_PORT -j SNAT --to-source $CKI_WAN_ADDR
iptables -t nat -A POSTROUTING -p tcp -m tcp -s $MSC_LAN_ADDR --sport $MSC_LAN_PORT -j SNAT --to-source $MSC_WAN_ADDR
</syntaxhighlight>


==Forwarding rule remove==
# remove forwarding rule
<syntaxhighlight lang="bash">
iptables -t nat -D PREROUTING -p tcp -m tcp -d $CKI_WAN_ADDR --dport $CKI_WAN_PORT -j DNAT --to-destination $CKI_LAN_ADDR:$CKI_LAN_PORT
iptables -t nat -D PREROUTING -p tcp -m tcp -d $MSC_WAN_ADDR --dport $MSC_WAN_PORT -j DNAT --to-destination $MSC_LAN_ADDR:$MSC_LAN_PORT
iptables -D FORWARD -m state -p tcp -d $CKI_LAN_ADDR --dport $CKI_LAN_PORT --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -D FORWARD -m state -p tcp -d $MSC_LAN_ADDR --dport $MSC_LAN_PORT --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -D POSTROUTING -p tcp -m tcp -s $CKI_LAN_ADDR --sport $CKI_LAN_PORT -j SNAT --to-source $CKI_WAN_ADDR
iptables -t nat -D POSTROUTING -p tcp -m tcp -s $MSC_LAN_ADDR --sport $MSC_LAN_PORT -j SNAT --to-source $MSC_WAN_ADDR
</syntaxhighlight>
</syntaxhighlight>


== References ==
== References ==
* [https://www.cyberciti.biz/faq/linux-restart-network-interface/ Restart Network Interface Using Bash]
* [https://stackoverflow.com/questions/29936948 SSH Multiple Ports Forward]
* [https://unix.stackexchange.com/questions/62247 Check Port in Used]
* [https://unix.stackexchange.com/questions/62247 Check Port in Used]
* [https://www.cyberciti.biz/faq/linux-restart-network-interface/ Restart Network Interface Using Bash]

Latest revision as of 19:56, 15 April 2020

Forward Script

#!/bin/bash
: '
 @author   "Chorke Academia"<[email protected]>
 @web       http://chorke.org/academia
 @vendor    Chorke Academia, Inc.
 @version   1.0.00.GA
 @since     1.0.00.GA
'

# pre initialized data for iptables port forwarding
CKI_ALL_PORT='22210 22211 22212 22213 22214 22215'
CKI_ALL_ADDR='100.83.0.20 100.83.0.21 100.83.0.22'
CKI_ALL_ADDR="$CKI_ALL_ADDR 100.83.0.23"
CKI_ALL_ADDR="$CKI_ALL_ADDR 100.83.0.24"
CKI_ALL_ADDR="$CKI_ALL_ADDR 100.83.0.25"
CKI_WAN_ADDR=139.59.51.80


# set source port
choose_wan_port(){
  printf "\n\033[0;33mchoose wan port:\033[0m\n";
  select CKI_WAN_PORT in '22200' '22299';do
    case $CKI_WAN_PORT in
      '22200') break;;
      '22299') break;;
    esac
  done
}


# set target port
choose_lan_port(){
  printf "\n\033[0;33mchoose lan port:\033[0m\n";
  select CKI_LAN_PORT in $CKI_ALL_PORT;do
    case $CKI_LAN_PORT in
      '22210') break;;
      '22211') break;;
      '22212') break;;
      '22213') break;;
      '22214') break;;
      '22215') break;;
    esac
  done
}


# set target addrress/ip
choose_lan_addr(){
  printf "\n\033[0;33mchoose lan addr:\033[0m\n";
  select CKI_LAN_ADDR in $CKI_ALL_ADDR;do
    case $CKI_LAN_ADDR in
      '100.83.0.20') break;;
      '100.83.0.21') break;;
      '100.83.0.22') break;;
      '100.83.0.23') break;;
      '100.83.0.24') break;;
      '100.83.0.25') break;;
    esac
  done
}


# set action/operation
choose_action(){
  printf "\n\033[0;33mchoose operation:\033[0m\n";
  select CKI_ACTION in 'add' 'del';do
    case $CKI_ACTION in
      'add') break;;
      'del') break;;
    esac
  done


  printf '\n\033[0;33mconfirm operation:\033[0m\n';
  CKI_MESSAGE='\033[0;31m%s\033[0m \033[0;33m%s:%s';
  CKI_MESSAGE="$CKI_MESSAGE\033[0m => \033[0;33m%s:%s\033[0m\n";
  printf "$CKI_MESSAGE" "$CKI_ACTION" "$CKI_WAN_ADDR" "$CKI_WAN_PORT" "$CKI_LAN_ADDR" "$CKI_LAN_PORT";

  select CKI_CONFIRM in 'yes' 'no';do
    case $CKI_CONFIRM in
      'yes') break;;
      'no') break;;
    esac
  done
}


# add rules to iptables
operation_add(){
  iptables -t nat -A PREROUTING -p tcp -m tcp -d $CKI_WAN_ADDR --dport $CKI_WAN_PORT -j DNAT --to-destination $CKI_LAN_ADDR:$CKI_LAN_PORT
  iptables -A FORWARD -m state -p tcp -d $CKI_LAN_ADDR --dport $CKI_LAN_PORT --state NEW,ESTABLISHED,RELATED -j ACCEPT
  iptables -t nat -A POSTROUTING -p tcp -m tcp -s $CKI_LAN_ADDR --sport $CKI_LAN_PORT -j SNAT --to-source $CKI_WAN_ADDR
  printf '\n\033[0;32msuccess operation:\033[0m\n';
  printf "$CKI_MESSAGE\n" "$CKI_ACTION" "$CKI_WAN_ADDR" "$CKI_WAN_PORT" "$CKI_LAN_ADDR" "$CKI_LAN_PORT";
}


# delete from iptables
operation_del(){
  iptables -t nat -D PREROUTING -p tcp -m tcp -d $CKI_WAN_ADDR --dport $CKI_WAN_PORT -j DNAT --to-destination $CKI_LAN_ADDR:$CKI_LAN_PORT
  iptables -D FORWARD -m state -p tcp -d $CKI_LAN_ADDR --dport $CKI_LAN_PORT --state NEW,ESTABLISHED,RELATED -j ACCEPT
  iptables -t nat -D POSTROUTING -p tcp -m tcp -s $CKI_LAN_ADDR --sport $CKI_LAN_PORT -j SNAT --to-source $CKI_WAN_ADDR
  printf '\n\033[0;32msuccess operation:\033[0m\n';
  printf "$CKI_MESSAGE\n" "$CKI_ACTION" "$CKI_WAN_ADDR" "$CKI_WAN_PORT" "$CKI_LAN_ADDR" "$CKI_LAN_PORT";
}


# execute options
choose_wan_port &&
choose_lan_port &&
choose_lan_addr &&
choose_action;


# exectue action
if [ "$CKI_CONFIRM" == 'yes' ];then
  if [ "$CKI_ACTION" == 'add' ];then operation_add;
  elif [ "$CKI_ACTION" == 'del' ];then operation_del;fi
else
  printf '\n\033[0;31mcanceled operation:\033[0m\n';
  printf "$CKI_MESSAGE\n" "$CKI_ACTION" "$CKI_WAN_ADDR" "$CKI_WAN_PORT" "$CKI_LAN_ADDR" "$CKI_LAN_PORT";
fi

# safe exit
exit $?

Good to Know

# enable series of port
firewall-cmd --zone=public --permanent --add-port=22200-22299/tcp

# enable specific port
firewall-cmd --zone=public --permanent --add-port=22200/tcp

# check port 22200
fuser 22200/tcp


# wan & lan ip config
CKI_WAN_ADDR=139.59.51.80
CKI_LAN_ADDR=100.43.0.20

# wan & lan port config
CKI_WAN_PORT=22200
CKI_LAN_PORT=22211

# add forwarding rule
iptables -t nat -A PREROUTING -p tcp -m tcp -d $CKI_WAN_ADDR --dport $CKI_WAN_PORT -j DNAT --to-destination $CKI_LAN_ADDR:$CKI_LAN_PORT
iptables -A FORWARD -m state -p tcp -d $CKI_LAN_ADDR --dport $CKI_LAN_PORT --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -p tcp -m tcp -s $CKI_LAN_ADDR --sport $CKI_LAN_PORT -j SNAT --to-source $CKI_WAN_ADDR

# remove forwarding rule
iptables -t nat -D PREROUTING -p tcp -m tcp -d $CKI_WAN_ADDR --dport $CKI_WAN_PORT -j DNAT --to-destination $CKI_LAN_ADDR:$CKI_LAN_PORT
iptables -D FORWARD -m state -p tcp -d $CKI_LAN_ADDR --dport $CKI_LAN_PORT --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -D POSTROUTING -p tcp -m tcp -s $CKI_LAN_ADDR --sport $CKI_LAN_PORT -j SNAT --to-source $CKI_WAN_ADDR

References

Retrieved from "https://cdn.chorke.org/weke/index.php?title=Bash/Port/Forward&oldid=2696"