From 66f8fdde63b0d37058185bd00d69fccefc3c0332 Mon Sep 17 00:00:00 2001 From: DarkFeather Date: Sun, 29 Jan 2017 14:27:03 -0600 Subject: [PATCH] Adding a script to setup iptables proxies --- Admin/Makefile | 2 +- Admin/proxy | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 Admin/proxy diff --git a/Admin/Makefile b/Admin/Makefile index f4cb3e3..71df091 100644 --- a/Admin/Makefile +++ b/Admin/Makefile @@ -1,4 +1,4 @@ -LIST=arch-update clean-exim clean-exim-input close-guest fix-sound log-guest open-guest restart-service silent-guardian +LIST=arch-update clean-exim clean-exim-input close-guest fix-sound log-guest open-guest restart-service silent-guardian proxy LOCATION=/root/bin PERMISSION=0700 compile: diff --git a/Admin/proxy b/Admin/proxy new file mode 100644 index 0000000..ff73e0d --- /dev/null +++ b/Admin/proxy @@ -0,0 +1,36 @@ +#!/bin/bash + +# Establish iptables-based reverse proxy + +if [ ! -z "$1" ] && [ "$1" == "--reset" ]; then + iptables -F -t nat + exit $? +fi + +if [ ! -z "$1" ] && [ "$1" == "--list" ]; then + iptables -S -t nat + exit $? +fi + +if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then + printf "Usage: $0 localport remotehost remoteport [ --local ]\n" + printf " $0 --reset\n" + printf " $0 --list\n" + exit 1 +fi + +# Tell the kernel to allow forwarding packets. +echo 1 > /proc/sys/net/ipv4/ip_forward + +# Default forwarding rule +iptables -t nat -A PREROUTING -p tcp -m tcp --dport "$1" -j DNAT --to-destination "$2":"$3" + +# Set up masquerading if not already done +if [ `iptables -S -t nat | grep -c '\-A POSTROUTING -j MASQUERADE'` -ne 1 ]; then + iptables -t nat -A POSTROUTING -j MASQUERADE; +fi + +# Handle local forwarding. +if [ "$4" == "--local" ] || [ "$2" == "127.0.0.1" ]; then + iptables -t nat -I OUTPUT -p tcp -o lo --dport "$1" -j REDIRECT --to-ports "$3" +fi