Arno’s iptables firewall: .../50transparent-dnat.plugin

"Fossies" - the Fresh Open Source Software Archive

Member "aif-2.1.1/share/arno-iptables-firewall/plugins/50transparent-dnat.plugin" (16 Sep 2020, 4850 Bytes) of package /linux/privat/aif-2.1.1.tar.gz:

As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "50transparent-dnat.plugin":

2.1.0_vs_2.1.1.

1 # ------------------------------------------------------------------------------ 2 # -= Arno's Iptables Firewall(AIF) - Transparent DNAT plugin =- 3 # 4 PLUGIN_NAME="Transparent DNAT plugin" 5 PLUGIN_VERSION="0.31BETA (EXPERIMENTAL!)" 6 PLUGIN_CONF_FILE="transparent-dnat.conf" 7 # 8 # Last changed : July 31, 2015 9 # Requirements : kernel 2.6 + ip_nat + iptable_nat 10 # Comments : This plugin enables transparent DNAT for internal hosts for 11 # certain ports. Meaning you can redirect certain TCP/UDP ports (eg. http) 12 # which should be redirected from a certain INET address to an 13 # internal address. 14 # 15 # Author : (C) Copyright 2007-2009 by Arno van Amersfoort 16 # Credits : Rok Potocnik for his initial idea 17 # Homepage : https://rocky.eld.leidenuniv.nl/ 18 # Email : a r n o v a AT r o c k y DOT e l d DOT l e i d e n u n i v DOT n l 19 # (note: you must remove all spaces and substitute the @ and the . 20 # at the proper locations!) 21 # ------------------------------------------------------------------------------ 22 # This program is free software; you can redistribute it and/or 23 # modify it under the terms of the GNU General Public License 24 # version 2 as published by the Free Software Foundation. 25 # 26 # This program is distributed in the hope that it will be useful, 27 # but WITHOUT ANY WARRANTY; without even the implied warranty of 28 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 29 # GNU General Public License for more details. 30 # 31 # You should have received a copy of the GNU General Public License 32 # along with this program; if not, write to the Free Software 33 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 34 # ------------------------------------------------------------------------------------------ 35 36 # Plugin start function 37 plugin_start() 38 { 39 # Some required modules are already loaded by the main script: 40 modprobe_multi nf_nat ip_nat 41 modprobe iptable_nat 42 43 echo "${INDENT}Using internal IP $DNAT_MY_INTERNAL_IP & external IP $DNAT_MY_EXTERNAL_IP" 44 if [ -n "$DNAT_TCP_PORTS" ]; then 45 echo "${INDENT}Enabling transparent DNAT for TCP port(s): $DNAT_TCP_PORTS" 46 IFS=' ,' 47 for interface in $INT_IF; do 48 for port in $DNAT_TCP_PORTS; do 49 ip4tables -t nat -A POSTROUTING -o $interface -p tcp --dport $port -d $DNAT_MY_INTERNAL_IP -j MASQUERADE 50 51 ip4tables -t nat -A PREROUTING -i $interface -d $DNAT_MY_EXTERNAL_IP -p tcp --dport $port -j DNAT --to-destination $DNAT_MY_INTERNAL_IP 52 done 53 done 54 else 55 echo "${INDENT}No TCP ports configured" 56 fi 57 58 if [ -n "$DNAT_UDP_PORTS" ]; then 59 echo "${INDENT}Enabling transparent DNAT for UDP port(s): $DNAT_UDP_PORTS" 60 IFS=' ,' 61 for interface in $INT_IF; do 62 for port in $DNAT_UDP_PORTS; do 63 ip4tables -t nat -A POSTROUTING -o $interface -p udp --dport $port -d $DNAT_MY_INTERNAL_IP -j MASQUERADE 64 65 ip4tables -t nat -A PREROUTING -i $interface -d $DNAT_MY_EXTERNAL_IP -p udp --dport $port -j DNAT --to-destination $DNAT_MY_INTERNAL_IP 66 done 67 done 68 else 69 echo "${INDENT}No UDP ports configured" 70 fi 71 72 return 0 73 } 74 75 76 # Plugin stop function 77 plugin_stop() 78 { 79 return 0 80 } 81 82 83 # Plugin status function 84 plugin_status() 85 { 86 return 0 87 } 88 89 90 # Check sanity of eg. environment 91 plugin_sanity_check() 92 { 93 if [ -z "$DNAT_MY_INTERNAL_IP" -o -z "$DNAT_MY_EXTERNAL_IP" ]; then 94 printf "\033[40m\033[1;31m${INDENT}ERROR: The plugin config file is not properly set!\033[0m\n" >&2 95 return 1 96 fi 97 98 return 0 99 } 100 101 102 ############ 103 # Mainline # 104 ############ 105 106 # Check where to find the config file 107 CONF_FILE="" 108 if [ -n "$PLUGIN_CONF_PATH" ]; then 109 CONF_FILE="$PLUGIN_CONF_PATH/$PLUGIN_CONF_FILE" 110 fi 111 112 # Preinit to success: 113 PLUGIN_RET_VAL=0 114 115 # Check if the config file exists 116 if [ ! -f "$CONF_FILE" ]; then 117 printf "NOTE: Config file \"$CONF_FILE\" not found!\n Plugin \"$PLUGIN_NAME v$PLUGIN_VERSION\" ignored!\n" >&2 118 else 119 # Source the plugin config file 120 . "$CONF_FILE" 121 122 if [ "$ENABLED" = "1" ] || 123 [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "stop" ] || 124 [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "status" ]; then 125 # Show who we are: 126 echo "${INDENT}$PLUGIN_NAME v$PLUGIN_VERSION" 127 128 # Increment indention 129 INDENT="$INDENT " 130 131 # Only proceed if environment ok 132 if ! plugin_sanity_check; then 133 PLUGIN_RET_VAL=1 134 else 135 case $PLUGIN_CMD in 136 start|'') plugin_start; PLUGIN_RET_VAL=$? ;; 137 stop ) plugin_stop; PLUGIN_RET_VAL=$? ;; 138 status ) plugin_status; PLUGIN_RET_VAL=$? ;; 139 * ) PLUGIN_RET_VAL=1; printf "\033[40m\033[1;31m${INDENT}ERROR: Invalid plugin option \"$PLUGIN_CMD\"!\033[0m\n" >&2 ;; 140 esac 141 fi 142 fi 143 fi