共享一个Iptables数据转发与端口映射的脚本

 

### iptables scripts ###
 
## First,define some variables##
 
loop_bak=`ifconfig lo 2>null | grep "inet addr" | awk -F: '{print $2}' | awk '{print $1}'`
eth_0=`ifconfig eth0 2>null | grep "inet addr" | awk -F: '{print $2}' | awk '{print $1}'`
eth_1=`ifconfig eth1 2>null | grep "inet addr" | awk -F: '{print $2}' | awk '{print $1}'`
ppp_0=`ifconfig ppp0 2>null | grep "inet addr" | awk -F: '{print $2}' | awk '{print $1}'`
mapped_addr="  "
 
## Second,judge the ways of the online ##
 
if [ -z $ppp_0 ];then
    echo "ppp0 is null!"
    ppp_0=$eth_0
else
      echo "ppp0 is OK!"
fi
 
## Third , exec the iptables scripts ##
 
iptables -F INPUT
iptables -F FORWARD
iptables -F POSTROUTING -t nat
iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ppp1 -m state --state ESTABLISHED,RELATED -j ACCEPT
 
##Forward the port only on Internet##
iptables -t nat -A PREROUTING -d $ppp_0 -p tcp --dport 80 -j DNAT --to 192.168.1.20:80
iptables -t nat -A POSTROUTING -d 192.168.1.20 -p tcp --dport 80 -j SNAT --to $eth_1

iptables -t nat -A PREROUTING -d $ppp_0 -p tcp --dport 22 -j DNAT --to 192.168.1.20:22
iptables -t nat -A POSTROUTING -d 192.168.1.20 -p tcp --dport 22 -j SNAT --to $eth_1

iptables -t nat -A PREROUTING -d $ppp_0 -p udp --dport 53 -j DNAT --to 192.168.1.20:53
iptables -t nat -A POSTROUTING -d 192.168.1.20 -p udp --dport 53 -j SNAT --to $eth_1
##End forward port on Internet##
 
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.1.0/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -o ppp1 -s 192.168.1.0/24 -j MASQUERADE
iptables -A INPUT -p tcp -i eth0 --syn --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -i ppp0 --syn --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -i ppp1 --syn --dport 80 -j ACCEPT
sysctl -w net.ipv4.ip_forward=1