Tag Archives: Linux Script Example

Linux Script Example: iptables-nat.sh

#!/bin/bash
# 2022.2.28 by dewan
# DNAT configuration.

iptables -t nat -F

PUB_IFACE="enp125s0f0"
INT_IFACE="enp125s0f1"

LAN="10.0.0.0/8 172.16.0.0/12 192.168.0.0/16"
SERVER_IP=

for ips in $LAN
do
  iptables -t nat -A POSTROUTING -o $PUB_IFACE -s $ips -j MASQUERADE
done

# 20000 ~ 23999
iptables -t nat -A PREROUTING -p tcp -i $PUB_IFACE --dport 20000:23999 -j DNAT --to-destination $SERVER_IP
iptables -t nat -A PREROUTING -p tcp -i $INT_IFACE -d x.x.x.x --dport 20000:23999 -j DNAT --to-destination $SERVER_IP
iptables -t nat -A PREROUTING -p tcp -i $INT_IFACE -d x.x.x.x --dport 20000:23999 -j DNAT --to-destination $SERVER_IP

# 24000 ~ 32000
# reserved

# 32001 ~ 32768
# sshd

for c in {1..15}
do
        for s in {1..12}
        do
                id=$((c*12-12+s))
                dport=$((32000+id))
                chassis=$((130+c))
                ip="172.168.$chassis.$s"
                echo "$ip:22 --> $dport" >> ip_port.info

                iptables -t nat -A PREROUTING -p tcp -i $PUB_IFACE --dport $dport -j DNAT --to-destination $ip:22
                [ $? -eq 0 ] || echo "$ip failed!"
        done
done

# net.ipv4.ip_local_port_range = 32769  48999

# 48999 ~ 60999
# reserved

# 61000 ~ 64999
# 20 range ports for every hosts

rm -f ip_port.info
for c in {1..15}
do
        for s in {1..12}
        do
                id=$((c*12-12+s))
                dport=$((60980+$id*20)):$((60999+$id*20))
                chassis=$((130+c))
                ip="172.168.$chassis.$s"
                echo "$ip --> $dport" >> ip_port.info

                if [ $c -eq 3 -a $s -eq 4 ] ;then
                        ip="172.168.130.2"
                fi

                iptables -t nat -A PREROUTING -p tcp -i $PUB_IFACE --dport $dport -j DNAT --to-destination $ip
                [ $? -eq 0 ] || echo "$ip failed!"
        done
done

# 65000 ~ 65536
# reserved