first commit
This commit is contained in:
Oracle Public Cloud User
commit
eb0f71edfa
5 changed files with 132 additions and 0 deletions
15
NAT_2_fastlight
Executable file
15
NAT_2_fastlight
Executable file
|
|
@ -0,0 +1,15 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Static configuration for the host we are NATting towards
|
||||||
|
# * ORIGINAL_DESTINATION_IP is the private IP corresponding to the desired public IP
|
||||||
|
# * RULES contains "original_destination_port:forward_to_port"
|
||||||
|
INTERFACE_SOURCE="ens3"
|
||||||
|
ORIGINAL_DESTINATION_IP="10.0.0.104"
|
||||||
|
FORWARD_TO_IP="10.0.100.10"
|
||||||
|
RULES=(
|
||||||
|
"25:25"
|
||||||
|
)
|
||||||
|
|
||||||
|
# Runs the actual script
|
||||||
|
CURRENT_DIR="$(dirname "$(readlink -f "$0")")"
|
||||||
|
. "$CURRENT_DIR/configure_NAT_from_RULES"
|
||||||
14
NAT_2_monsieurlouis
Executable file
14
NAT_2_monsieurlouis
Executable file
|
|
@ -0,0 +1,14 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Static configuration for the host we are NATting towards
|
||||||
|
# * ORIGINAL_DESTINATION_IP is the private IP corresponding to the desired public IP
|
||||||
|
# * RULES contains "original_destination_port:forward_to_port"
|
||||||
|
INTERFACE_SOURCE="ens3"
|
||||||
|
ORIGINAL_DESTINATION_IP="10.0.0.143"
|
||||||
|
FORWARD_TO_IP="10.0.100.30"
|
||||||
|
RULES=(
|
||||||
|
)
|
||||||
|
|
||||||
|
# Runs the actual script
|
||||||
|
CURRENT_DIR="$(dirname "$(readlink -f "$0")")"
|
||||||
|
. "$CURRENT_DIR/configure_NAT_from_RULES"
|
||||||
19
NAT_2_norrsken
Executable file
19
NAT_2_norrsken
Executable file
|
|
@ -0,0 +1,19 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Static configuration for the host we are NATting towards
|
||||||
|
# * ORIGINAL_DESTINATION_IP is the private IP corresponding to the desired public IP
|
||||||
|
# * RULES contains "original_destination_port:forward_to_port"
|
||||||
|
INTERFACE_SOURCE="ens3"
|
||||||
|
ORIGINAL_DESTINATION_IP="10.0.0.143"
|
||||||
|
FORWARD_TO_IP="10.0.100.20"
|
||||||
|
RULES=(
|
||||||
|
"53:5300"
|
||||||
|
"53:5300/udp"
|
||||||
|
"80:8000"
|
||||||
|
"443:4430"
|
||||||
|
"443:4430/udp"
|
||||||
|
)
|
||||||
|
|
||||||
|
# Runs the actual script
|
||||||
|
CURRENT_DIR="$(dirname "$(readlink -f "$0")")"
|
||||||
|
. "$CURRENT_DIR/configure_NAT_from_RULES"
|
||||||
3
README.md
Normal file
3
README.md
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
# NAT Rules for the Fixed IPv4 Provider
|
||||||
|
|
||||||
|
In case I don't have a fixed IPv4 address, I use these rules to route the services through a fixed IPv4 provider like Oracle Cloud.
|
||||||
81
configure_NAT_from_RULES
Executable file
81
configure_NAT_from_RULES
Executable file
|
|
@ -0,0 +1,81 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
add_NAT_forwarding() {
|
||||||
|
if [ "$#" -ne 6 ]; then
|
||||||
|
echo "Usage: $0 <interface_source> <tcp_or_udp> <original_destination_ip> <original_destination_port> <forward_to_ip> <forward_to_port>"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
interface_source="$1"
|
||||||
|
tcp_or_udp="$2"
|
||||||
|
original_destination_ip="$3"
|
||||||
|
original_destination_port="$4"
|
||||||
|
forward_to_ip="$5"
|
||||||
|
forward_to_port="$6"
|
||||||
|
|
||||||
|
firewall-cmd --add-rich-rule "rule family=\"ipv4\" destination address=\"$original_destination_ip\" forward-port port=\"$original_destination_port\" protocol=\"$tcp_or_udp\" to-addr=\"$forward_to_ip\" to-port=\"$forward_to_port\"" --permanent > /dev/null
|
||||||
|
firewall-cmd --reload > /dev/null
|
||||||
|
|
||||||
|
echo "+ [$interface_source][$tcp_or_udp] $original_destination_ip:$original_destination_port --> $forward_to_ip:$forward_to_port"
|
||||||
|
}
|
||||||
|
|
||||||
|
remove_NAT_forwarding() {
|
||||||
|
if [ "$#" -ne 6 ]; then
|
||||||
|
echo "Usage: $0 <interface_source> <tcp_or_udp> <original_destination_ip> <original_destination_port> <forward_to_ip> <forward_to_port>"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
interface_source="$1"
|
||||||
|
tcp_or_udp="$2"
|
||||||
|
original_destination_ip="$3"
|
||||||
|
original_destination_port="$4"
|
||||||
|
forward_to_ip="$5"
|
||||||
|
forward_to_port="$6"
|
||||||
|
|
||||||
|
firewall-cmd --remove-rich-rule "rule family=\"ipv4\" destination address=\"$original_destination_ip\" forward-port port=\"$original_destination_port\" protocol=\"$tcp_or_udp\" to-addr=\"$forward_to_ip\" to-port=\"$forward_to_port\"" --permanent > /dev/null
|
||||||
|
firewall-cmd --reload > /dev/null
|
||||||
|
|
||||||
|
echo "- [$interface_source][$tcp_or_udp] $original_destination_ip:$original_destination_port --> $forward_to_ip:$forward_to_port"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Actual script
|
||||||
|
if [ `id -u` -ne 0 ]; then
|
||||||
|
echo "This scripts only runs as root."
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$#" -ne 1 ]; then
|
||||||
|
echo "Usage: $0 <up/down>"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
action="$1"
|
||||||
|
|
||||||
|
|
||||||
|
for rule in "${RULES[@]}"; do
|
||||||
|
protocol="tcp"
|
||||||
|
|
||||||
|
if [[ "$rule" == */udp ]]; then
|
||||||
|
protocol="udp"
|
||||||
|
rule="${rule%/udp}" # Remove "/udp" from the end of the string
|
||||||
|
fi
|
||||||
|
|
||||||
|
IFS=":" read -ra parts <<< "$rule"
|
||||||
|
port_origin="${parts[0]}"
|
||||||
|
forward_port="${parts[1]}"
|
||||||
|
|
||||||
|
# Appeler la fonction appropriée en fonction de l'action spécifiée
|
||||||
|
case "$action" in
|
||||||
|
"up")
|
||||||
|
add_NAT_forwarding "$INTERFACE_SOURCE" "$protocol" "$ORIGINAL_DESTINATION_IP" "$port_origin" "$FORWARD_TO_IP" "$forward_port"
|
||||||
|
;;
|
||||||
|
"down")
|
||||||
|
remove_NAT_forwarding "$INTERFACE_SOURCE" "$protocol" "$ORIGINAL_DESTINATION_IP" "$port_origin" "$FORWARD_TO_IP" "$forward_port"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Invalid action. Use 'up' or 'down'."
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
echo -e "\nDone! Don't forget to add/remove the rules in the security list."
|
||||||
Loading…
Reference in a new issue