服务器端口转发,服务器网络中转脚本使用教程
wget -N --no-check-certificate https://raw.githubusercontent.com/ToyoDAdoubiBackup/doubi/master/iptables-pf.sh && chmod +x iptables-pf.sh && bash iptables-pf.sh
以下是配置过程的步骤
请输入 iptables 欲转发至的 远程端口 [1-65535] (支持端口段 如 2333-6666, 被转发服务器):
比如输入:10000-11000
欲转发端口 : 10000-11000
请输入 iptables 欲转发至的 远程IP(被转发服务器):
比如输入:223.3.3.3
欲转发服务器IP : 223.3.3.3
请输入 iptables 本地监听端口 [1-65535] (支持端口段 如 2333-6666)
(默认端口: 10000-11000):
比如输入:10000-11000
本地监听端口 : 10000-11000
请输入 本服务器的 公网IP网卡IP(注意是网卡绑定的IP,而不仅仅是公网IP,回车自动检测):
本服务器IP : 1.1.1.1
比如输入:1.1.1.1
请输入数字 来选择 iptables 转发类型:
1. TCP
2. UDP
3. TCP+UDP
(默认: TCP+UDP):
比如输入:3
请检查 iptables 端口转发规则配置是否有误 !
本地监听端口 : 10000-11000
服务器 IP : 223.3.3.3
欲转发的端口 : 10000-11000
欲转发 IP : 1.1.1.1
转发类型 : TCP+UDP
脚本内容备份(防止哪天上面链接里的脚本被删):
#!/usr/bin/env bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
#=================================================
# System Required: CentOS/Debian/Ubuntu
# Description: iptables Port forwarding
# Version: 1.1.1
# Author: Toyo
#=================================================
sh_ver="1.1.1"
Green_font_prefix="�[32m" && Red_font_prefix="�[31m" && Green_background_prefix="�[42;37m" && Red_background_prefix="�[41;37m" && Font_color_suffix="�[0m"
Info="${Green_font_prefix}[信息]${Font_color_suffix}"
Error="${Red_font_prefix}[错误]${Font_color_suffix}"
Tip="${Green_font_prefix}[注意]${Font_color_suffix}"
check_iptables(){
iptables_exist=$(iptables -V)
[[ ${iptables_exist} = "" ]] && echo -e "${Error} 没有安装iptables,请检查 !" && exit 1
}
check_sys(){
if [[ -f /etc/redhat-release ]]; then
release="centos"
elif cat /etc/issue | grep -q -E -i "debian"; then
release="debian"
elif cat /etc/issue | grep -q -E -i "ubuntu"; then
release="ubuntu"
elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat"; then
release="centos"
elif cat /proc/version | grep -q -E -i "debian"; then
release="debian"
elif cat /proc/version | grep -q -E -i "ubuntu"; then
release="ubuntu"
elif cat /proc/version | grep -q -E -i "centos|red hat|redhat"; then
release="centos"
fi
#bit=`uname -m`
}
install_iptables(){
iptables_exist=$(iptables -V)
if [[ ${iptables_exist} != "" ]]; then
echo -e "${Info} 已经安装iptables,继续..."
else
echo -e "${Info} 检测到未安装 iptables,开始安装..."
if [[ ${release} == "centos" ]]; then
yum update
yum install -y iptables
else
apt-get update
apt-get install -y iptables
fi
iptables_exist=$(iptables -V)
if [[ ${iptables_exist} = "" ]]; then
echo -e "${Error} 安装iptables失败,请检查 !" && exit 1
else
echo -e "${Info} iptables 安装完成 !"
fi
fi
echo -e "${Info} 开始配置 iptables !"
Set_iptables
echo -e "${Info} iptables 配置完毕 !"
}
Set_forwarding_port(){
read -e -p "请输入 iptables 欲转发至的 远程端口 [1-65535] (支持端口段 如 2333-6666, 被转发服务器):" forwarding_port
[[ -z "${forwarding_port}" ]] && echo "取消..." && exit 1
echo && echo -e " 欲转发端口 : ${Red_font_prefix}${forwarding_port}${Font_color_suffix}" && echo
}
Set_forwarding_ip(){
read -e -p "请输入 iptables 欲转发至的 远程IP(被转发服务器):" forwarding_ip
[[ -z "${forwarding_ip}" ]] && echo "取消..." && exit 1
echo && echo -e " 欲转发服务器IP : ${Red_font_prefix}${forwarding_ip}${Font_color_suffix}" && echo
}
Set_local_port(){
echo -e "请输入 iptables 本地监听端口 [1-65535] (支持端口段 如 2333-6666)"
read -e -p "(默认端口: ${forwarding_port}):" local_port
[[ -z "${local_port}" ]] && local_port="${forwarding_port}"
echo && echo -e " 本地监听端口 : ${Red_font_prefix}${local_port}${Font_color_suffix}" && echo
}
Set_local_ip(){
read -e -p "请输入 本服务器的 网卡IP(注意是网卡绑定的IP,而不仅仅是公网IP,回车自动检测外网IP):" local_ip
if [[ -z "${local_ip}" ]]; then
local_ip=$(wget -qO- -t1 -T2 ipinfo.io/ip)
if [[ -z "${local_ip}" ]]; then
echo "${Error} 无法检测到本服务器的公网IP,请手动输入"
read -e -p "请输入 本服务器的 网卡IP(注意是网卡绑定的IP,而不仅仅是公网IP):" local_ip
[[ -z "${local_ip}" ]] && echo "取消..." && exit 1
fi
fi
echo && echo -e " 本服务器IP : ${Red_font_prefix}${local_ip}${Font_color_suffix}" && echo
}
Set_forwarding_type(){
echo -e "请输入数字 来选择 iptables 转发类型:
1. TCP
2. UDP
3. TCP+UDP
"
read -e -p "(默认: TCP+UDP):" forwarding_type_num
[[ -z "${forwarding_type_num}" ]] && forwarding_type_num="3"
if [[ ${forwarding_type_num} == "1" ]]; then
forwarding_type="TCP"
elif [[ ${forwarding_type_num} == "2" ]]; then
forwarding_type="UDP"
elif [[ ${forwarding_type_num} == "3" ]]; then
forwarding_type="TCP+UDP"
else
forwarding_type="TCP+UDP"
fi
}
Set_Config(){
Set_forwarding_port
Set_forwarding_ip
Set_local_port
Set_local_ip
Set_forwarding_type
echo && echo -e "——————————————————————————————
请检查 iptables 端口转发规则配置是否有误 !
本地监听端口 : ${Green_font_prefix}${local_port}${Font_color_suffix}
服务器 IP : ${Green_font_prefix}${local_ip}${Font_color_suffix}
欲转发的端口 : ${Green_font_prefix}${forwarding_port}${Font_color_suffix}
欲转发 IP : ${Green_font_prefix}${forwarding_ip}${Font_color_suffix}
转发类型 : ${Green_font_prefix}${forwarding_type}${Font_color_suffix}
——————————————————————————————
"
read -e -p "请按任意键继续,如有配置错误请使用 Ctrl+C 退出。" var
}
Add_forwarding(){
check_iptables
Set_Config
local_port=$(echo ${local_port} | sed 's/-/:/g')
forwarding_port_1=$(echo ${forwarding_port} | sed 's/-/:/g')
if [[ ${forwarding_type} == "TCP" ]]; then
Add_iptables "tcp"
elif [[ ${forwarding_type} == "UDP" ]]; then
Add_iptables "udp"
elif [[ ${forwarding_type} == "TCP+UDP" ]]; then
Add_iptables "tcp"
Add_iptables "udp"
fi
Save_iptables
clear && echo && echo -e "——————————————————————————————
iptables 端口转发规则配置完成 !
本地监听端口 : ${Green_font_prefix}${local_port}${Font_color_suffix}
服务器 IP : ${Green_font_prefix}${local_ip}${Font_color_suffix}
欲转发的端口 : ${Green_font_prefix}${forwarding_port_1}${Font_color_suffix}
欲转发 IP : ${Green_font_prefix}${forwarding_ip}${Font_color_suffix}
转发类型 : ${Green_font_prefix}${forwarding_type}${Font_color_suffix}
——————————————————————————————
"
}
View_forwarding(){
check_iptables
forwarding_text=$(iptables -t nat -vnL PREROUTING|tail -n +3)
[[ -z ${forwarding_text} ]] && echo -e "${Error} 没有发现 iptables 端口转发规则,请检查 !" && exit 1
forwarding_total=$(echo -e "${forwarding_text}"|wc -l)
forwarding_list_all=""
for((integer = 1; integer <= ${forwarding_total}; integer++))
do
forwarding_type=$(echo -e "${forwarding_text}"|awk '{print $4}'|sed -n "${integer}p")
forwarding_listen=$(echo -e "${forwarding_text}"|awk '{print $11}'|sed -n "${integer}p"|awk -F "dpt:" '{print $2}')
[[ -z ${forwarding_listen} ]] && forwarding_listen=$(echo -e "${forwarding_text}"| awk '{print $11}'|sed -n "${integer}p"|awk -F "dpts:" '{print $2}')
forwarding_fork=$(echo -e "${forwarding_text}"| awk '{print $12}'|sed -n "${integer}p"|awk -F "to:" '{print $2}')
forwarding_list_all=${forwarding_list_all}"${Green_font_prefix}"${integer}".${Font_color_suffix} 类型: ${Green_font_prefix}"${forwarding_type}"${Font_color_suffix} 监听端口: ${Red_font_prefix}"${forwarding_listen}"${Font_color_suffix} 转发IP和端口: ${Red_font_prefix}"${forwarding_fork}"${Font_color_suffix}
"
done
echo && echo -e "当前有 ${Green_background_prefix} "${forwarding_total}" ${Font_color_suffix} 个 iptables 端口转发规则。"
echo -e ${forwarding_list_all}
}
Del_forwarding(){
check_iptables
while true
do
View_forwarding
read -e -p "请输入数字 来选择要删除的 iptables 端口转发规则(默认回车取消):" Del_forwarding_num
[[ -z "${Del_forwarding_num}" ]] && Del_forwarding_num="0"
echo $((${Del_forwarding_num}+0)) &>/dev/null
if [[ $? -eq 0 ]]; then
if [[ ${Del_forwarding_num} -ge 1 ]] && [[ ${Del_forwarding_num} -le ${forwarding_total} ]]; then
forwarding_type=$(echo -e "${forwarding_text}"| awk '{print $4}' | sed -n "${Del_forwarding_num}p")
forwarding_listen=$(echo -e "${forwarding_text}"| awk '{print $11}' | sed -n "${Del_forwarding_num}p" | awk -F "dpt:" '{print $2}' | sed 's/-/:/g')
[[ -z ${forwarding_listen} ]] && forwarding_listen=$(echo -e "${forwarding_text}"| awk '{print $11}' |sed -n "${Del_forwarding_num}p" | awk -F "dpts:" '{print $2}')
Del_iptables "${forwarding_type}" "${Del_forwarding_num}"
Save_iptables
echo && echo -e "${Info} iptables 端口转发规则删除完成 !" && echo
else
echo -e "${Error} 请输入正确的数字 !"
fi
else
break && echo "取消..."
fi
done
}
Uninstall_forwarding(){
check_iptables
echo -e "确定要清空 iptables 所有端口转发规则 ? [y/N]"
read -e -p "(默认: n):" unyn
[[ -z ${unyn} ]] && unyn="n"
if [[ ${unyn} == [Yy] ]]; then
forwarding_text=$(iptables -t nat -vnL PREROUTING|tail -n +3)
[[ -z ${forwarding_text} ]] && echo -e "${Error} 没有发现 iptables 端口转发规则,请检查 !" && exit 1
forwarding_total=$(echo -e "${forwarding_text}"|wc -l)
for((integer = 1; integer <= ${forwarding_total}; integer++))
do
forwarding_type=$(echo -e "${forwarding_text}"|awk '{print $4}'|sed -n "${integer}p")
forwarding_listen=$(echo -e "${forwarding_text}"|awk '{print $11}'|sed -n "${integer}p"|awk -F "dpt:" '{print $2}')
[[ -z ${forwarding_listen} ]] && forwarding_listen=$(echo -e "${forwarding_text}"| awk '{print $11}'|sed -n "${integer}p"|awk -F "dpts:" '{print $2}')
# echo -e "${forwarding_text} ${forwarding_type} ${forwarding_listen}"
Del_iptables "${forwarding_type}" "${integer}"
done
Save_iptables
echo && echo -e "${Info} iptables 已清空 所有端口转发规则 !" && echo
else
echo && echo "清空已取消..." && echo
fi
}
Add_iptables(){
iptables -t nat -A PREROUTING -p "$1" --dport "${local_port}" -j DNAT --to-destination "${forwarding_ip}":"${forwarding_port}"
iptables -t nat -A POSTROUTING -p "$1" -d "${forwarding_ip}" --dport "${forwarding_port_1}" -j SNAT --to-source "${local_ip}"
echo "iptables -t nat -A PREROUTING -p $1 --dport ${local_port} -j DNAT --to-destination ${forwarding_ip}:${forwarding_port}"
echo "iptables -t nat -A POSTROUTING -p $1 -d ${forwarding_ip} --dport ${forwarding_port_1} -j SNAT --to-source ${local_ip}"
echo "${local_port}"
iptables -I INPUT -m state --state NEW -m "$1" -p "$1" --dport "${local_port}" -j ACCEPT
}
Del_iptables(){
iptables -t nat -D POSTROUTING "$2"
iptables -t nat -D PREROUTING "$2"
iptables -D INPUT -m state --state NEW -m "$1" -p "$1" --dport "${forwarding_listen}" -j ACCEPT
}
Save_iptables(){
if [[ ${release} == "centos" ]]; then
service iptables save
else
iptables-save > /etc/iptables.up.rules
fi
}
Set_iptables(){
echo -e "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p
if [[ ${release} == "centos" ]]; then
service iptables save
chkconfig --level 2345 iptables on
else
iptables-save > /etc/iptables.up.rules
echo -e '#!/bin/bash
/sbin/iptables-restore < /etc/iptables.up.rules' > /etc/network/if-pre-up.d/iptables
chmod +x /etc/network/if-pre-up.d/iptables
fi
}
Update_Shell(){
sh_new_ver=$(wget --no-check-certificate -qO- -t1 -T3 "https://raw.githubusercontent.com/ToyoDAdoubiBackup/doubi/master/iptables-pf.sh"|grep 'sh_ver="'|awk -F "=" '{print $NF}'|sed 's/"//g'|head -1)
[[ -z ${sh_new_ver} ]] && echo -e "${Error} 无法链接到 Github !" && exit 0
wget -N --no-check-certificate "https://raw.githubusercontent.com/ToyoDAdoubiBackup/doubi/master/iptables-pf.sh" && chmod +x iptables-pf.sh
echo -e "脚本已更新为最新版本[ ${sh_new_ver} ] !(注意:因为更新方式为直接覆盖当前运行的脚本,所以可能下面会提示一些报错,无视即可)" && exit 0
}
check_sys
echo && echo -e " iptables 端口转发一键管理脚本 ${Red_font_prefix}[v${sh_ver}]${Font_color_suffix}
-- Toyo | doub.io/wlzy-20 --
${Green_font_prefix}0.${Font_color_suffix} 升级脚本
————————————
${Green_font_prefix}1.${Font_color_suffix} 安装 iptables
${Green_font_prefix}2.${Font_color_suffix} 清空 iptables 端口转发
————————————
${Green_font_prefix}3.${Font_color_suffix} 查看 iptables 端口转发
${Green_font_prefix}4.${Font_color_suffix} 添加 iptables 端口转发
${Green_font_prefix}5.${Font_color_suffix} 删除 iptables 端口转发
————————————
注意:初次使用前请请务必执行 ${Green_font_prefix}1. 安装 iptables${Font_color_suffix}(不仅仅是安装)" && echo
read -e -p " 请输入数字 [0-5]:" num
case "$num" in
0)
Update_Shell
;;
1)
install_iptables
;;
2)
Uninstall_forwarding
;;
3)
View_forwarding
;;
4)
Add_forwarding
;;
5)
Del_forwarding
;;
*)
echo "请输入正确数字 [0-5]"
;;
esac
