Bash/Port/Forward: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 27: Line 27:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
# destination ip & port
# destination ip & port
MSC_LAN_ADDR=100.43.0.20
CKI_LAN_ADDR=100.43.0.20
MSC_LAN_PORT=22211
CKI_LAN_PORT=22211


# wan interface ip & port
# wan interface ip & port
MSC_WAN_ADDR=139.59.51.80
CKI_WAN_ADDR=139.59.51.80
MSC_WAN_PORT=22200
CKI_WAN_PORT=22200
</syntaxhighlight>
</syntaxhighlight>


==Forwarding rule add==
==Forwarding rule add==
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
iptables -t nat -A PREROUTING  -p tcp -m tcp -d $MSC_WAN_ADDR --dport $MSC_WAN_PORT -j DNAT --to-destination $MSC_LAN_ADDR:$MSC_LAN_PORT
iptables -t nat -A PREROUTING  -p tcp -m tcp -d $CKI_WAN_ADDR --dport $CKI_WAN_PORT -j DNAT --to-destination $CKI_LAN_ADDR:$CKI_LAN_PORT
iptables -A FORWARD -m state -p tcp -d $MSC_LAN_ADDR --dport $MSC_LAN_PORT --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state -p tcp -d $CKI_LAN_ADDR --dport $CKI_LAN_PORT --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -p tcp -m tcp -s $MSC_LAN_ADDR --sport $MSC_LAN_PORT -j SNAT --to-source $MSC_WAN_ADDR
iptables -t nat -A POSTROUTING -p tcp -m tcp -s $CKI_LAN_ADDR --sport $CKI_LAN_PORT -j SNAT --to-source $CKI_WAN_ADDR
</syntaxhighlight>
</syntaxhighlight>


==Forwarding rule remove==
==Forwarding rule remove==
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
iptables -t nat -D PREROUTING  -p tcp -m tcp -d $MSC_WAN_ADDR --dport $MSC_WAN_PORT -j DNAT --to-destination $MSC_LAN_ADDR:$MSC_LAN_PORT
iptables -t nat -D PREROUTING  -p tcp -m tcp -d $CKI_WAN_ADDR --dport $CKI_WAN_PORT -j DNAT --to-destination $CKI_LAN_ADDR:$CKI_LAN_PORT
iptables -D FORWARD -m state -p tcp -d $MSC_LAN_ADDR --dport $MSC_LAN_PORT --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -D FORWARD -m state -p tcp -d $CKI_LAN_ADDR --dport $CKI_LAN_PORT --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -D POSTROUTING -p tcp -m tcp -s $MSC_LAN_ADDR --sport $MSC_LAN_PORT -j SNAT --to-source $MSC_WAN_ADDR
iptables -t nat -D POSTROUTING -p tcp -m tcp -s $CKI_LAN_ADDR --sport $CKI_LAN_PORT -j SNAT --to-source $CKI_WAN_ADDR
</syntaxhighlight>
</syntaxhighlight>


Revision as of 23:35, 10 June 2018

Check Port is not used

# check port 22200
fuser 22200/tcp

# check port 55500
fuser 55500/tcp

Enable Specific Port

firewall-cmd --zone=public --permanent --add-port=22200/tcp
firewall-cmd --zone=public --permanent --add-port=55500/tcp
firewall-cmd --reload
netstat

Enable Range of Port

firewall-cmd --zone=public --permanent --add-port=22200-22290/tcp
firewall-cmd --zone=public --permanent --add-port=55500-55590/tcp
firewall-cmd --reload
netstat

Forwarding Parameters

# destination ip & port
CKI_LAN_ADDR=100.43.0.20
CKI_LAN_PORT=22211

# wan interface ip & port
CKI_WAN_ADDR=139.59.51.80
CKI_WAN_PORT=22200

Forwarding rule add

iptables -t nat -A PREROUTING  -p tcp -m tcp -d $CKI_WAN_ADDR --dport $CKI_WAN_PORT -j DNAT --to-destination $CKI_LAN_ADDR:$CKI_LAN_PORT
iptables -A FORWARD -m state -p tcp -d $CKI_LAN_ADDR --dport $CKI_LAN_PORT --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -p tcp -m tcp -s $CKI_LAN_ADDR --sport $CKI_LAN_PORT -j SNAT --to-source $CKI_WAN_ADDR

Forwarding rule remove

iptables -t nat -D PREROUTING  -p tcp -m tcp -d $CKI_WAN_ADDR --dport $CKI_WAN_PORT -j DNAT --to-destination $CKI_LAN_ADDR:$CKI_LAN_PORT
iptables -D FORWARD -m state -p tcp -d $CKI_LAN_ADDR --dport $CKI_LAN_PORT --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -D POSTROUTING -p tcp -m tcp -s $CKI_LAN_ADDR --sport $CKI_LAN_PORT -j SNAT --to-source $CKI_WAN_ADDR

References

Retrieved from "https://cdn.chorke.org/weke/index.php?title=Bash/Port/Forward&oldid=712"