blob: 5b38ade61e37f53e575014bac51a04efef4475bd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
#!/bin/sh
#
# Port forwarding from one address to another address in the same network,
# using source and destination network address translation (SNAT & DNAT).
#
# The machine A performs this port forwarding to the target machine B,
# which is in the same network as A.
# The machine A behaves like a proxy, which allows e.g., external machine
# access the services (e.g., SSH) on machine B which only allow access
# from the internal network.
#
#
# References:
# [1] How to do the port forwarding from one ip to another ip in the same network?
# https://serverfault.com/a/586553/387898
# [2] Source and Destination Network Address Translation with iptables
# https://thewiringcloset.wordpress.com/2013/03/27/linux-iptable-snat-dnat/
# [3] How to List and Delete IPtables Firewall Rules
# https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules
#
#
# Weitian LI
# 2016-11-29
#
# Enable IP forwarding
sysctl net.ipv4.ip_forward=1
# Save current rules
iptables-save > iptables_rules.txt
# Set default chain policy
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# Flush existing rules
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -F
iptables -X
# Port forwarding using SNAT & DNAT
THIS_IP="192.168.1.234"
THIS_PORT="21127"
TARGET_IP="192.168.1.248"
TARGET_PORT="9999"
echo "Port forwarding: ${THIS_IP}:${THIS_PORT} <-> ${TARGET_IP}:${TARGET_PORT}"
iptables -t nat -A PREROUTING \
-p tcp --dport ${THIS_PORT} \
-j DNAT --to-destination ${TARGET_IP}:${TARGET_PORT}
iptables -t nat -A POSTROUTING \
-p tcp -d ${TARGET_IP} --dport ${TARGET_PORT} \
-j SNAT --to-source ${THIS_IP}:${THIS_PORT}
|
