Adding a script to setup iptables proxies

2017-01-29 14:27:03 -06:00 · 2017-01-29 14:27:03 -06:00 · 66f8fdde63
commit 66f8fdde63
parent 92d4293efe
2 changed files with 37 additions and 1 deletions
--- a/Admin/Makefile
+++ b/Admin/Makefile
@ -1,4 +1,4 @@
-LIST=arch-update clean-exim clean-exim-input close-guest fix-sound log-guest open-guest restart-service silent-guardian
+LIST=arch-update clean-exim clean-exim-input close-guest fix-sound log-guest open-guest restart-service silent-guardian proxy
 LOCATION=/root/bin
 PERMISSION=0700
 compile: 
--- a/Admin/proxy
+++ b/Admin/proxy
@ -0,0 +1,36 @@
+#!/bin/bash
+
+# Establish iptables-based reverse proxy
+
+if [ ! -z "$1" ] && [ "$1" == "--reset" ]; then
+    iptables -F -t nat
+    exit $?
+fi
+
+if [ ! -z "$1" ] && [ "$1" == "--list" ]; then
+    iptables -S -t nat
+    exit $?
+fi
+
+if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then
+    printf "Usage: $0 localport remotehost remoteport [ --local ]\n"
+    printf "       $0 --reset\n"
+    printf "       $0 --list\n"
+    exit 1
+fi
+
+# Tell the kernel to allow forwarding packets.
+echo 1 > /proc/sys/net/ipv4/ip_forward
+
+# Default forwarding rule
+iptables -t nat -A PREROUTING -p tcp -m tcp --dport "$1" -j DNAT --to-destination "$2":"$3"
+
+# Set up masquerading if not already done
+if [ `iptables -S -t nat | grep -c '\-A POSTROUTING -j MASQUERADE'` -ne 1 ]; then
+    iptables -t nat -A POSTROUTING -j MASQUERADE;
+fi
+
+# Handle local forwarding.
+if [ "$4" == "--local" ] || [ "$2" == "127.0.0.1" ]; then
+    iptables -t nat -I OUTPUT -p tcp -o lo --dport "$1" -j REDIRECT --to-ports "$3"
+fi