"Fossies" - the Fresh Open Source Software Archive

Member "aif-2.1.1/share/arno-iptables-firewall/plugins/50transparent-dnat.plugin" (16 Sep 2020, 4850 Bytes) of package /linux/privat/aif-2.1.1.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "50transparent-dnat.plugin": 2.1.0_vs_2.1.1.

    1 # ------------------------------------------------------------------------------
    2 #         -= Arno's Iptables Firewall(AIF) - Transparent DNAT plugin =-
    3 #
    4 PLUGIN_NAME="Transparent DNAT plugin"
    5 PLUGIN_VERSION="0.31BETA (EXPERIMENTAL!)"
    6 PLUGIN_CONF_FILE="transparent-dnat.conf"
    7 #
    8 # Last changed          : July 31, 2015
    9 # Requirements          : kernel 2.6 + ip_nat + iptable_nat
   10 # Comments              : This plugin enables transparent DNAT for internal hosts for
   11 #                         certain ports. Meaning you can redirect certain TCP/UDP ports (eg. http)
   12 #                         which should be redirected from a certain INET address to an
   13 #                         internal address.
   14 #
   15 # Author                : (C) Copyright 2007-2009 by Arno van Amersfoort
   16 # Credits               : Rok Potocnik for his initial idea
   17 # Homepage              : https://rocky.eld.leidenuniv.nl/
   18 # Email                 : a r n o v a AT r o c k y DOT e l d DOT l e i d e n u n i v DOT n l
   19 #                         (note: you must remove all spaces and substitute the @ and the .
   20 #                         at the proper locations!)
   21 # ------------------------------------------------------------------------------
   22 # This program is free software; you can redistribute it and/or
   23 # modify it under the terms of the GNU General Public License
   24 # version 2 as published by the Free Software Foundation.
   25 #
   26 # This program is distributed in the hope that it will be useful,
   27 # but WITHOUT ANY WARRANTY; without even the implied warranty of
   28 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   29 # GNU General Public License for more details.
   30 #
   31 # You should have received a copy of the GNU General Public License
   32 # along with this program; if not, write to the Free Software
   33 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
   34 # ------------------------------------------------------------------------------------------
   35 
   36 # Plugin start function
   37 plugin_start()
   38 {
   39   # Some required modules are already loaded by the main script:
   40   modprobe_multi nf_nat ip_nat
   41   modprobe iptable_nat
   42 
   43   echo "${INDENT}Using internal IP $DNAT_MY_INTERNAL_IP & external IP $DNAT_MY_EXTERNAL_IP"
   44   if [ -n "$DNAT_TCP_PORTS" ]; then
   45     echo "${INDENT}Enabling transparent DNAT for TCP port(s): $DNAT_TCP_PORTS"
   46     IFS=' ,'
   47     for interface in $INT_IF; do
   48       for port in $DNAT_TCP_PORTS; do
   49         ip4tables -t nat -A POSTROUTING -o $interface -p tcp --dport $port -d $DNAT_MY_INTERNAL_IP -j MASQUERADE
   50         
   51         ip4tables -t nat -A PREROUTING -i $interface -d $DNAT_MY_EXTERNAL_IP -p tcp --dport $port -j DNAT --to-destination $DNAT_MY_INTERNAL_IP
   52       done
   53     done
   54   else
   55     echo "${INDENT}No TCP ports configured"
   56   fi
   57 
   58   if [ -n "$DNAT_UDP_PORTS" ]; then
   59     echo "${INDENT}Enabling transparent DNAT for UDP port(s): $DNAT_UDP_PORTS"
   60     IFS=' ,'
   61     for interface in $INT_IF; do
   62       for port in $DNAT_UDP_PORTS; do
   63         ip4tables -t nat -A POSTROUTING -o $interface -p udp --dport $port -d $DNAT_MY_INTERNAL_IP -j MASQUERADE
   64 
   65         ip4tables -t nat -A PREROUTING -i $interface -d $DNAT_MY_EXTERNAL_IP -p udp --dport $port -j DNAT --to-destination $DNAT_MY_INTERNAL_IP
   66       done
   67     done
   68   else
   69     echo "${INDENT}No UDP ports configured"
   70   fi
   71 
   72   return 0
   73 }
   74 
   75 
   76 # Plugin stop function
   77 plugin_stop()
   78 {
   79   return 0
   80 }
   81 
   82 
   83 # Plugin status function
   84 plugin_status()
   85 {
   86   return 0
   87 }
   88 
   89 
   90 # Check sanity of eg. environment
   91 plugin_sanity_check()
   92 {
   93   if [ -z "$DNAT_MY_INTERNAL_IP" -o -z "$DNAT_MY_EXTERNAL_IP" ]; then
   94     printf "\033[40m\033[1;31m${INDENT}ERROR: The plugin config file is not properly set!\033[0m\n" >&2
   95     return 1
   96   fi
   97 
   98   return 0
   99 }
  100 
  101 
  102 ############
  103 # Mainline #
  104 ############
  105 
  106 # Check where to find the config file
  107 CONF_FILE=""
  108 if [ -n "$PLUGIN_CONF_PATH" ]; then
  109   CONF_FILE="$PLUGIN_CONF_PATH/$PLUGIN_CONF_FILE"
  110 fi
  111 
  112 # Preinit to success:
  113 PLUGIN_RET_VAL=0
  114 
  115 # Check if the config file exists
  116 if [ ! -f "$CONF_FILE" ]; then
  117   printf "NOTE: Config file \"$CONF_FILE\" not found!\n        Plugin \"$PLUGIN_NAME v$PLUGIN_VERSION\" ignored!\n" >&2
  118 else
  119   # Source the plugin config file
  120   . "$CONF_FILE"
  121 
  122   if [ "$ENABLED" = "1" ] ||
  123      [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "stop" ] ||
  124      [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "status" ]; then
  125     # Show who we are:
  126     echo "${INDENT}$PLUGIN_NAME v$PLUGIN_VERSION"
  127 
  128     # Increment indention
  129     INDENT="$INDENT "
  130 
  131     # Only proceed if environment ok
  132     if ! plugin_sanity_check; then
  133       PLUGIN_RET_VAL=1
  134     else
  135       case $PLUGIN_CMD in
  136         start|'') plugin_start; PLUGIN_RET_VAL=$? ;;
  137         stop    ) plugin_stop; PLUGIN_RET_VAL=$? ;;
  138         status  ) plugin_status; PLUGIN_RET_VAL=$? ;;
  139         *       ) PLUGIN_RET_VAL=1; printf "\033[40m\033[1;31m${INDENT}ERROR: Invalid plugin option \"$PLUGIN_CMD\"!\033[0m\n" >&2 ;;
  140       esac
  141     fi
  142   fi
  143 fi