From eb0f71edfa155b0c1a0f8632d35bcfdbc47259f0 Mon Sep 17 00:00:00 2001
From: Oracle Public Cloud User
 <opc@hostux-tunnel.sub06171516310.hostuxfr.oraclevcn.com>
Date: Tue, 6 Feb 2024 23:21:45 +0000
Subject: [PATCH] first commit

---
 NAT_2_fastlight          | 15 ++++++++
 NAT_2_monsieurlouis      | 14 +++++++
 NAT_2_norrsken           | 19 ++++++++++
 README.md                |  3 ++
 configure_NAT_from_RULES | 81 ++++++++++++++++++++++++++++++++++++++++
 5 files changed, 132 insertions(+)
 create mode 100755 NAT_2_fastlight
 create mode 100755 NAT_2_monsieurlouis
 create mode 100755 NAT_2_norrsken
 create mode 100644 README.md
 create mode 100755 configure_NAT_from_RULES

diff --git a/NAT_2_fastlight b/NAT_2_fastlight
new file mode 100755
index 0000000..15cfb1c
--- /dev/null
+++ b/NAT_2_fastlight
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# Static configuration for the host we are NATting towards
+# * ORIGINAL_DESTINATION_IP is the private IP corresponding to the desired public IP
+# * RULES contains "original_destination_port:forward_to_port"
+INTERFACE_SOURCE="ens3"
+ORIGINAL_DESTINATION_IP="10.0.0.104"
+FORWARD_TO_IP="10.0.100.10"
+RULES=(
+    "25:25"
+)
+
+# Runs the actual script
+CURRENT_DIR="$(dirname "$(readlink -f "$0")")"
+. "$CURRENT_DIR/configure_NAT_from_RULES"
diff --git a/NAT_2_monsieurlouis b/NAT_2_monsieurlouis
new file mode 100755
index 0000000..b07a87c
--- /dev/null
+++ b/NAT_2_monsieurlouis
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# Static configuration for the host we are NATting towards
+# * ORIGINAL_DESTINATION_IP is the private IP corresponding to the desired public IP
+# * RULES contains "original_destination_port:forward_to_port"
+INTERFACE_SOURCE="ens3"
+ORIGINAL_DESTINATION_IP="10.0.0.143"
+FORWARD_TO_IP="10.0.100.30"
+RULES=(
+)
+
+# Runs the actual script
+CURRENT_DIR="$(dirname "$(readlink -f "$0")")"
+. "$CURRENT_DIR/configure_NAT_from_RULES"
diff --git a/NAT_2_norrsken b/NAT_2_norrsken
new file mode 100755
index 0000000..b733797
--- /dev/null
+++ b/NAT_2_norrsken
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# Static configuration for the host we are NATting towards
+# * ORIGINAL_DESTINATION_IP is the private IP corresponding to the desired public IP
+# * RULES contains "original_destination_port:forward_to_port"
+INTERFACE_SOURCE="ens3"
+ORIGINAL_DESTINATION_IP="10.0.0.143"
+FORWARD_TO_IP="10.0.100.20"
+RULES=(
+    "53:5300"
+    "53:5300/udp"
+    "80:8000"
+    "443:4430"
+    "443:4430/udp"
+)
+
+# Runs the actual script
+CURRENT_DIR="$(dirname "$(readlink -f "$0")")"
+. "$CURRENT_DIR/configure_NAT_from_RULES"
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..031f819
--- /dev/null
+++ b/README.md
@@ -0,0 +1,3 @@
+# NAT Rules for the Fixed IPv4 Provider
+
+In case I don't have a fixed IPv4 address, I use these rules to route the services through a fixed IPv4 provider like Oracle Cloud.
diff --git a/configure_NAT_from_RULES b/configure_NAT_from_RULES
new file mode 100755
index 0000000..fd7523e
--- /dev/null
+++ b/configure_NAT_from_RULES
@@ -0,0 +1,81 @@
+#!/bin/bash
+
+add_NAT_forwarding() {
+    if [ "$#" -ne 6 ]; then
+        echo "Usage: $0 <interface_source> <tcp_or_udp> <original_destination_ip> <original_destination_port> <forward_to_ip> <forward_to_port>"
+        exit 1
+    fi
+
+    interface_source="$1"
+    tcp_or_udp="$2"
+    original_destination_ip="$3"
+    original_destination_port="$4"
+    forward_to_ip="$5"
+    forward_to_port="$6"
+
+    firewall-cmd --add-rich-rule "rule family=\"ipv4\" destination address=\"$original_destination_ip\" forward-port port=\"$original_destination_port\" protocol=\"$tcp_or_udp\" to-addr=\"$forward_to_ip\" to-port=\"$forward_to_port\"" --permanent > /dev/null
+    firewall-cmd --reload > /dev/null
+
+    echo "+ [$interface_source][$tcp_or_udp] $original_destination_ip:$original_destination_port --> $forward_to_ip:$forward_to_port"
+}
+
+remove_NAT_forwarding() {
+    if [ "$#" -ne 6 ]; then
+        echo "Usage: $0 <interface_source> <tcp_or_udp> <original_destination_ip> <original_destination_port> <forward_to_ip> <forward_to_port>"
+        exit 1
+    fi
+
+    interface_source="$1"
+    tcp_or_udp="$2"
+    original_destination_ip="$3"
+    original_destination_port="$4"
+    forward_to_ip="$5"
+    forward_to_port="$6"
+
+    firewall-cmd --remove-rich-rule "rule family=\"ipv4\" destination address=\"$original_destination_ip\" forward-port port=\"$original_destination_port\" protocol=\"$tcp_or_udp\" to-addr=\"$forward_to_ip\" to-port=\"$forward_to_port\"" --permanent > /dev/null
+    firewall-cmd --reload > /dev/null
+
+    echo "- [$interface_source][$tcp_or_udp] $original_destination_ip:$original_destination_port --> $forward_to_ip:$forward_to_port"
+}
+
+# Actual script
+if [ `id -u` -ne 0 ]; then
+    echo "This scripts only runs as root."
+    exit 2
+fi
+
+if [ "$#" -ne 1 ]; then
+    echo "Usage: $0 <up/down>"
+    exit 1
+fi
+action="$1"
+
+
+for rule in "${RULES[@]}"; do
+    protocol="tcp"
+
+    if [[ "$rule" == */udp ]]; then
+        protocol="udp"
+        rule="${rule%/udp}" # Remove "/udp" from the end of the string
+    fi
+
+    IFS=":" read -ra parts <<< "$rule"
+    port_origin="${parts[0]}"
+    forward_port="${parts[1]}"
+
+    # Appeler la fonction appropriée en fonction de l'action spécifiée
+    case "$action" in
+        "up")
+            add_NAT_forwarding "$INTERFACE_SOURCE" "$protocol" "$ORIGINAL_DESTINATION_IP" "$port_origin" "$FORWARD_TO_IP" "$forward_port"
+            ;;
+        "down")
+            remove_NAT_forwarding "$INTERFACE_SOURCE" "$protocol" "$ORIGINAL_DESTINATION_IP" "$port_origin" "$FORWARD_TO_IP" "$forward_port"
+            ;;
+        *)
+            echo "Invalid action. Use 'up' or 'down'."
+            exit 1
+            ;;
+    esac
+done
+
+echo -e "\nDone! Don't forget to add/remove the rules in the security list."