#!/bin/bash
# 2022.2.28 by dewan
# DNAT configuration.
iptables -t nat -F
PUB_IFACE="enp125s0f0"
INT_IFACE="enp125s0f1"
LAN="10.0.0.0/8 172.16.0.0/12 192.168.0.0/16"
SERVER_IP=
for ips in $LAN
do
iptables -t nat -A POSTROUTING -o $PUB_IFACE -s $ips -j MASQUERADE
done
# 20000 ~ 23999
iptables -t nat -A PREROUTING -p tcp -i $PUB_IFACE --dport 20000:23999 -j DNAT --to-destination $SERVER_IP
iptables -t nat -A PREROUTING -p tcp -i $INT_IFACE -d x.x.x.x --dport 20000:23999 -j DNAT --to-destination $SERVER_IP
iptables -t nat -A PREROUTING -p tcp -i $INT_IFACE -d x.x.x.x --dport 20000:23999 -j DNAT --to-destination $SERVER_IP
# 24000 ~ 32000
# reserved
# 32001 ~ 32768
# sshd
for c in {1..15}
do
for s in {1..12}
do
id=$((c*12-12+s))
dport=$((32000+id))
chassis=$((130+c))
ip="172.168.$chassis.$s"
echo "$ip:22 --> $dport" >> ip_port.info
iptables -t nat -A PREROUTING -p tcp -i $PUB_IFACE --dport $dport -j DNAT --to-destination $ip:22
[ $? -eq 0 ] || echo "$ip failed!"
done
done
# net.ipv4.ip_local_port_range = 32769 48999
# 48999 ~ 60999
# reserved
# 61000 ~ 64999
# 20 range ports for every hosts
rm -f ip_port.info
for c in {1..15}
do
for s in {1..12}
do
id=$((c*12-12+s))
dport=$((60980+$id*20)):$((60999+$id*20))
chassis=$((130+c))
ip="172.168.$chassis.$s"
echo "$ip --> $dport" >> ip_port.info
if [ $c -eq 3 -a $s -eq 4 ] ;then
ip="172.168.130.2"
fi
iptables -t nat -A PREROUTING -p tcp -i $PUB_IFACE --dport $dport -j DNAT --to-destination $ip
[ $? -eq 0 ] || echo "$ip failed!"
done
done
# 65000 ~ 65536
# reserved
Similar Posts: