-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
508 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,288 @@ | ||
| #!/usr/bin/env bash | ||
| PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin | ||
| export PATH | ||
|
|
||
| #================================================= | ||
| # System Required: CentOS/Debian/Ubuntu | ||
| # Description: iptables Port forwarding | ||
| # Version: 1.1.1 | ||
| # Author: Toyo | ||
| # Blog: https://doub.io/wlzy-20/ | ||
| #================================================= | ||
| sh_ver="1.1.1" | ||
|
|
||
| Green_font_prefix="\033[32m" && Red_font_prefix="\033[31m" && Green_background_prefix="\033[42;37m" && Red_background_prefix="\033[41;37m" && Font_color_suffix="\033[0m" | ||
| Info="${Green_font_prefix}[信息]${Font_color_suffix}" | ||
| Error="${Red_font_prefix}[错误]${Font_color_suffix}" | ||
| Tip="${Green_font_prefix}[注意]${Font_color_suffix}" | ||
|
|
||
| check_iptables(){ | ||
| iptables_exist=$(iptables -V) | ||
| [[ ${iptables_exist} = "" ]] && echo -e "${Error} 没有安装iptables,请检查 !" && exit 1 | ||
| } | ||
| check_sys(){ | ||
| if [[ -f /etc/redhat-release ]]; then | ||
| release="centos" | ||
| elif cat /etc/issue | grep -q -E -i "debian"; then | ||
| release="debian" | ||
| elif cat /etc/issue | grep -q -E -i "ubuntu"; then | ||
| release="ubuntu" | ||
| elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat"; then | ||
| release="centos" | ||
| elif cat /proc/version | grep -q -E -i "debian"; then | ||
| release="debian" | ||
| elif cat /proc/version | grep -q -E -i "ubuntu"; then | ||
| release="ubuntu" | ||
| elif cat /proc/version | grep -q -E -i "centos|red hat|redhat"; then | ||
| release="centos" | ||
| fi | ||
| #bit=`uname -m` | ||
| } | ||
| install_iptables(){ | ||
| iptables_exist=$(iptables -V) | ||
| if [[ ${iptables_exist} != "" ]]; then | ||
| echo -e "${Info} 已经安装iptables,继续..." | ||
| else | ||
| echo -e "${Info} 检测到未安装 iptables,开始安装..." | ||
| if [[ ${release} == "centos" ]]; then | ||
| yum update | ||
| yum install -y iptables | ||
| else | ||
| apt-get update | ||
| apt-get install -y iptables | ||
| fi | ||
| iptables_exist=$(iptables -V) | ||
| if [[ ${iptables_exist} = "" ]]; then | ||
| echo -e "${Error} 安装iptables失败,请检查 !" && exit 1 | ||
| else | ||
| echo -e "${Info} iptables 安装完成 !" | ||
| fi | ||
| fi | ||
| echo -e "${Info} 开始配置 iptables !" | ||
| Set_iptables | ||
| echo -e "${Info} iptables 配置完毕 !" | ||
| } | ||
| Set_forwarding_port(){ | ||
| read -e -p "请输入 iptables 欲转发至的 远程端口 [1-65535] (支持端口段 如 2333-6666, 被转发服务器):" forwarding_port | ||
| [[ -z "${forwarding_port}" ]] && echo "取消..." && exit 1 | ||
| echo && echo -e " 欲转发端口 : ${Red_font_prefix}${forwarding_port}${Font_color_suffix}" && echo | ||
| } | ||
| Set_forwarding_ip(){ | ||
| read -e -p "请输入 iptables 欲转发至的 远程IP(被转发服务器):" forwarding_ip | ||
| [[ -z "${forwarding_ip}" ]] && echo "取消..." && exit 1 | ||
| echo && echo -e " 欲转发服务器IP : ${Red_font_prefix}${forwarding_ip}${Font_color_suffix}" && echo | ||
| } | ||
| Set_local_port(){ | ||
| echo -e "请输入 iptables 本地监听端口 [1-65535] (支持端口段 如 2333-6666)" | ||
| read -e -p "(默认端口: ${forwarding_port}):" local_port | ||
| [[ -z "${local_port}" ]] && local_port="${forwarding_port}" | ||
| echo && echo -e " 本地监听端口 : ${Red_font_prefix}${local_port}${Font_color_suffix}" && echo | ||
| } | ||
| Set_local_ip(){ | ||
| read -e -p "请输入 本服务器的 网卡IP(注意是网卡绑定的IP,而不仅仅是公网IP,回车自动检测外网IP):" local_ip | ||
| if [[ -z "${local_ip}" ]]; then | ||
| local_ip=$(wget -qO- -t1 -T2 ipinfo.io/ip) | ||
| if [[ -z "${local_ip}" ]]; then | ||
| echo "${Error} 无法检测到本服务器的公网IP,请手动输入" | ||
| read -e -p "请输入 本服务器的 网卡IP(注意是网卡绑定的IP,而不仅仅是公网IP):" local_ip | ||
| [[ -z "${local_ip}" ]] && echo "取消..." && exit 1 | ||
| fi | ||
| fi | ||
| echo && echo -e " 本服务器IP : ${Red_font_prefix}${local_ip}${Font_color_suffix}" && echo | ||
| } | ||
| Set_forwarding_type(){ | ||
| echo -e "请输入数字 来选择 iptables 转发类型: | ||
| 1. TCP | ||
| 2. UDP | ||
| 3. TCP+UDP\n" | ||
| read -e -p "(默认: TCP+UDP):" forwarding_type_num | ||
| [[ -z "${forwarding_type_num}" ]] && forwarding_type_num="3" | ||
| if [[ ${forwarding_type_num} == "1" ]]; then | ||
| forwarding_type="TCP" | ||
| elif [[ ${forwarding_type_num} == "2" ]]; then | ||
| forwarding_type="UDP" | ||
| elif [[ ${forwarding_type_num} == "3" ]]; then | ||
| forwarding_type="TCP+UDP" | ||
| else | ||
| forwarding_type="TCP+UDP" | ||
| fi | ||
| } | ||
| Set_Config(){ | ||
| Set_forwarding_port | ||
| Set_forwarding_ip | ||
| Set_local_port | ||
| Set_local_ip | ||
| Set_forwarding_type | ||
| echo && echo -e "—————————————————————————————— | ||
| 请检查 iptables 端口转发规则配置是否有误 !\n | ||
| 本地监听端口 : ${Green_font_prefix}${local_port}${Font_color_suffix} | ||
| 服务器 IP\t: ${Green_font_prefix}${local_ip}${Font_color_suffix}\n | ||
| 欲转发的端口 : ${Green_font_prefix}${forwarding_port}${Font_color_suffix} | ||
| 欲转发 IP\t: ${Green_font_prefix}${forwarding_ip}${Font_color_suffix} | ||
| 转发类型\t: ${Green_font_prefix}${forwarding_type}${Font_color_suffix} | ||
| ——————————————————————————————\n" | ||
| read -e -p "请按任意键继续,如有配置错误请使用 Ctrl+C 退出。" var | ||
| } | ||
| Add_forwarding(){ | ||
| check_iptables | ||
| Set_Config | ||
| local_port=$(echo ${local_port} | sed 's/-/:/g') | ||
| forwarding_port_1=$(echo ${forwarding_port} | sed 's/-/:/g') | ||
| if [[ ${forwarding_type} == "TCP" ]]; then | ||
| Add_iptables "tcp" | ||
| elif [[ ${forwarding_type} == "UDP" ]]; then | ||
| Add_iptables "udp" | ||
| elif [[ ${forwarding_type} == "TCP+UDP" ]]; then | ||
| Add_iptables "tcp" | ||
| Add_iptables "udp" | ||
| fi | ||
| Save_iptables | ||
| clear && echo && echo -e "—————————————————————————————— | ||
| iptables 端口转发规则配置完成 !\n | ||
| 本地监听端口 : ${Green_font_prefix}${local_port}${Font_color_suffix} | ||
| 服务器 IP\t: ${Green_font_prefix}${local_ip}${Font_color_suffix}\n | ||
| 欲转发的端口 : ${Green_font_prefix}${forwarding_port_1}${Font_color_suffix} | ||
| 欲转发 IP\t: ${Green_font_prefix}${forwarding_ip}${Font_color_suffix} | ||
| 转发类型\t: ${Green_font_prefix}${forwarding_type}${Font_color_suffix} | ||
| ——————————————————————————————\n" | ||
| } | ||
| View_forwarding(){ | ||
| check_iptables | ||
| forwarding_text=$(iptables -t nat -vnL PREROUTING|tail -n +3) | ||
| [[ -z ${forwarding_text} ]] && echo -e "${Error} 没有发现 iptables 端口转发规则,请检查 !" && exit 1 | ||
| forwarding_total=$(echo -e "${forwarding_text}"|wc -l) | ||
| forwarding_list_all="" | ||
| for((integer = 1; integer <= ${forwarding_total}; integer++)) | ||
| do | ||
| forwarding_type=$(echo -e "${forwarding_text}"|awk '{print $4}'|sed -n "${integer}p") | ||
| forwarding_listen=$(echo -e "${forwarding_text}"|awk '{print $11}'|sed -n "${integer}p"|awk -F "dpt:" '{print $2}') | ||
| [[ -z ${forwarding_listen} ]] && forwarding_listen=$(echo -e "${forwarding_text}"| awk '{print $11}'|sed -n "${integer}p"|awk -F "dpts:" '{print $2}') | ||
| forwarding_fork=$(echo -e "${forwarding_text}"| awk '{print $12}'|sed -n "${integer}p"|awk -F "to:" '{print $2}') | ||
| forwarding_list_all=${forwarding_list_all}"${Green_font_prefix}"${integer}".${Font_color_suffix} 类型: ${Green_font_prefix}"${forwarding_type}"${Font_color_suffix} 监听端口: ${Red_font_prefix}"${forwarding_listen}"${Font_color_suffix} 转发IP和端口: ${Red_font_prefix}"${forwarding_fork}"${Font_color_suffix}\n" | ||
| done | ||
| echo && echo -e "当前有 ${Green_background_prefix} "${forwarding_total}" ${Font_color_suffix} 个 iptables 端口转发规则。" | ||
| echo -e ${forwarding_list_all} | ||
| } | ||
| Del_forwarding(){ | ||
| check_iptables | ||
| while true | ||
| do | ||
| View_forwarding | ||
| read -e -p "请输入数字 来选择要删除的 iptables 端口转发规则(默认回车取消):" Del_forwarding_num | ||
| [[ -z "${Del_forwarding_num}" ]] && Del_forwarding_num="0" | ||
| echo $((${Del_forwarding_num}+0)) &>/dev/null | ||
| if [[ $? -eq 0 ]]; then | ||
| if [[ ${Del_forwarding_num} -ge 1 ]] && [[ ${Del_forwarding_num} -le ${forwarding_total} ]]; then | ||
| forwarding_type=$(echo -e "${forwarding_text}"| awk '{print $4}' | sed -n "${Del_forwarding_num}p") | ||
| forwarding_listen=$(echo -e "${forwarding_text}"| awk '{print $11}' | sed -n "${Del_forwarding_num}p" | awk -F "dpt:" '{print $2}' | sed 's/-/:/g') | ||
| [[ -z ${forwarding_listen} ]] && forwarding_listen=$(echo -e "${forwarding_text}"| awk '{print $11}' |sed -n "${Del_forwarding_num}p" | awk -F "dpts:" '{print $2}') | ||
| Del_iptables "${forwarding_type}" "${Del_forwarding_num}" | ||
| Save_iptables | ||
| echo && echo -e "${Info} iptables 端口转发规则删除完成 !" && echo | ||
| else | ||
| echo -e "${Error} 请输入正确的数字 !" | ||
| fi | ||
| else | ||
| break && echo "取消..." | ||
| fi | ||
| done | ||
| } | ||
| Uninstall_forwarding(){ | ||
| check_iptables | ||
| echo -e "确定要清空 iptables 所有端口转发规则 ? [y/N]" | ||
| read -e -p "(默认: n):" unyn | ||
| [[ -z ${unyn} ]] && unyn="n" | ||
| if [[ ${unyn} == [Yy] ]]; then | ||
| forwarding_text=$(iptables -t nat -vnL PREROUTING|tail -n +3) | ||
| [[ -z ${forwarding_text} ]] && echo -e "${Error} 没有发现 iptables 端口转发规则,请检查 !" && exit 1 | ||
| forwarding_total=$(echo -e "${forwarding_text}"|wc -l) | ||
| for((integer = 1; integer <= ${forwarding_total}; integer++)) | ||
| do | ||
| forwarding_type=$(echo -e "${forwarding_text}"|awk '{print $4}'|sed -n "${integer}p") | ||
| forwarding_listen=$(echo -e "${forwarding_text}"|awk '{print $11}'|sed -n "${integer}p"|awk -F "dpt:" '{print $2}') | ||
| [[ -z ${forwarding_listen} ]] && forwarding_listen=$(echo -e "${forwarding_text}"| awk '{print $11}'|sed -n "${integer}p"|awk -F "dpts:" '{print $2}') | ||
| # echo -e "${forwarding_text} ${forwarding_type} ${forwarding_listen}" | ||
| Del_iptables "${forwarding_type}" "${integer}" | ||
| done | ||
| Save_iptables | ||
| echo && echo -e "${Info} iptables 已清空 所有端口转发规则 !" && echo | ||
| else | ||
| echo && echo "清空已取消..." && echo | ||
| fi | ||
| } | ||
| Add_iptables(){ | ||
| iptables -t nat -A PREROUTING -p "$1" --dport "${local_port}" -j DNAT --to-destination "${forwarding_ip}":"${forwarding_port}" | ||
| iptables -t nat -A POSTROUTING -p "$1" -d "${forwarding_ip}" --dport "${forwarding_port_1}" -j SNAT --to-source "${local_ip}" | ||
| echo "iptables -t nat -A PREROUTING -p $1 --dport ${local_port} -j DNAT --to-destination ${forwarding_ip}:${forwarding_port}" | ||
| echo "iptables -t nat -A POSTROUTING -p $1 -d ${forwarding_ip} --dport ${forwarding_port_1} -j SNAT --to-source ${local_ip}" | ||
| echo "${local_port}" | ||
| iptables -I INPUT -m state --state NEW -m "$1" -p "$1" --dport "${local_port}" -j ACCEPT | ||
| } | ||
| Del_iptables(){ | ||
| iptables -t nat -D POSTROUTING "$2" | ||
| iptables -t nat -D PREROUTING "$2" | ||
| iptables -D INPUT -m state --state NEW -m "$1" -p "$1" --dport "${forwarding_listen}" -j ACCEPT | ||
| } | ||
| Save_iptables(){ | ||
| if [[ ${release} == "centos" ]]; then | ||
| service iptables save | ||
| else | ||
| iptables-save > /etc/iptables.up.rules | ||
| fi | ||
| } | ||
| Set_iptables(){ | ||
| echo -e "net.ipv4.ip_forward=1" >> /etc/sysctl.conf | ||
| sysctl -p | ||
| if [[ ${release} == "centos" ]]; then | ||
| service iptables save | ||
| chkconfig --level 2345 iptables on | ||
| else | ||
| iptables-save > /etc/iptables.up.rules | ||
| echo -e '#!/bin/bash\n/sbin/iptables-restore < /etc/iptables.up.rules' > /etc/network/if-pre-up.d/iptables | ||
| chmod +x /etc/network/if-pre-up.d/iptables | ||
| fi | ||
| } | ||
| Update_Shell(){ | ||
| sh_new_ver=$(wget --no-check-certificate -qO- -t1 -T3 "https://raw.githubusercontent.com/ToyoDAdoubiBackup/doubi/master/iptables-pf.sh"|grep 'sh_ver="'|awk -F "=" '{print $NF}'|sed 's/\"//g'|head -1) | ||
| [[ -z ${sh_new_ver} ]] && echo -e "${Error} 无法链接到 Github !" && exit 0 | ||
| wget -N --no-check-certificate "https://raw.githubusercontent.com/ToyoDAdoubiBackup/doubi/master/iptables-pf.sh" && chmod +x iptables-pf.sh | ||
| echo -e "脚本已更新为最新版本[ ${sh_new_ver} ] !(注意:因为更新方式为直接覆盖当前运行的脚本,所以可能下面会提示一些报错,无视即可)" && exit 0 | ||
| } | ||
| check_sys | ||
| echo && echo -e " iptables 端口转发一键管理脚本 ${Red_font_prefix}[v${sh_ver}]${Font_color_suffix} | ||
| -- Toyo | doub.io/wlzy-20 -- | ||
| ${Green_font_prefix}0.${Font_color_suffix} 升级脚本 | ||
| ———————————— | ||
| ${Green_font_prefix}1.${Font_color_suffix} 安装 iptables | ||
| ${Green_font_prefix}2.${Font_color_suffix} 清空 iptables 端口转发 | ||
| ———————————— | ||
| ${Green_font_prefix}3.${Font_color_suffix} 查看 iptables 端口转发 | ||
| ${Green_font_prefix}4.${Font_color_suffix} 添加 iptables 端口转发 | ||
| ${Green_font_prefix}5.${Font_color_suffix} 删除 iptables 端口转发 | ||
| ———————————— | ||
| 注意:初次使用前请请务必执行 ${Green_font_prefix}1. 安装 iptables${Font_color_suffix}(不仅仅是安装)" && echo | ||
| read -e -p " 请输入数字 [0-5]:" num | ||
| case "$num" in | ||
| 0) | ||
| Update_Shell | ||
| ;; | ||
| 1) | ||
| install_iptables | ||
| ;; | ||
| 2) | ||
| Uninstall_forwarding | ||
| ;; | ||
| 3) | ||
| View_forwarding | ||
| ;; | ||
| 4) | ||
| Add_forwarding | ||
| ;; | ||
| 5) | ||
| Del_forwarding | ||
| ;; | ||
| *) | ||
| echo "请输入正确数字 [0-5]" | ||
| ;; | ||
| esac |
Oops, something went wrong.