From 9910b9ced8a384b40f9d95845263f60a05fe49e4 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 30 Jan 2017 12:12:05 -0600 Subject: [PATCH] Fix for revproxy; adding simple-web script. --- Admin/Makefile | 2 +- Admin/{proxy => revproxy} | 16 +++++++++++----- Admin/simple-web | 2 ++ 3 files changed, 14 insertions(+), 6 deletions(-) rename Admin/{proxy => revproxy} (50%) mode change 100644 => 100755 create mode 100644 Admin/simple-web diff --git a/Admin/Makefile b/Admin/Makefile index 71df091..99859c9 100644 --- a/Admin/Makefile +++ b/Admin/Makefile @@ -1,4 +1,4 @@ -LIST=arch-update clean-exim clean-exim-input close-guest fix-sound log-guest open-guest restart-service silent-guardian proxy +LIST=arch-update clean-exim clean-exim-input close-guest fix-sound log-guest open-guest restart-service silent-guardian proxy simple-web LOCATION=/root/bin PERMISSION=0700 compile: diff --git a/Admin/proxy b/Admin/revproxy old mode 100644 new mode 100755 similarity index 50% rename from Admin/proxy rename to Admin/revproxy index ff73e0d..43bbb1a --- a/Admin/proxy +++ b/Admin/revproxy @@ -2,6 +2,10 @@ # Establish iptables-based reverse proxy +# Thanks to user55518 in http://unix.stackexchange.com/questions/111841/regular-expression-in-bash-to-validate-ip-address#111843 +re='^[1-2]\{0,1\}[0-9]\{0,1\}[0-9]\{1\}\.[1-2]\{0,1\}[0-9]\{0,1\}[0-9]\{1\}\.[1-2]\{0,1\}[0-9]\{0,1\}[0-9]\{1\}\.[1-2]\{0,1\}[0-9]\{0,1\}[0-9]\{1\}$' + + if [ ! -z "$1" ] && [ "$1" == "--reset" ]; then iptables -F -t nat exit $? @@ -12,8 +16,8 @@ if [ ! -z "$1" ] && [ "$1" == "--list" ]; then exit $? fi -if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then - printf "Usage: $0 localport remotehost remoteport [ --local ]\n" +if [ -z "$1" ] || [ -z "$2" ] || ! (echo "$2" | grep -x "$re" &> /dev/null) || [ -z "$3" ]; then + printf "Usage: $0 localport remoteIP remoteport [ --local ]\n" printf " $0 --reset\n" printf " $0 --list\n" exit 1 @@ -22,9 +26,6 @@ fi # Tell the kernel to allow forwarding packets. echo 1 > /proc/sys/net/ipv4/ip_forward -# Default forwarding rule -iptables -t nat -A PREROUTING -p tcp -m tcp --dport "$1" -j DNAT --to-destination "$2":"$3" - # Set up masquerading if not already done if [ `iptables -S -t nat | grep -c '\-A POSTROUTING -j MASQUERADE'` -ne 1 ]; then iptables -t nat -A POSTROUTING -j MASQUERADE; @@ -33,4 +34,9 @@ fi # Handle local forwarding. if [ "$4" == "--local" ] || [ "$2" == "127.0.0.1" ]; then iptables -t nat -I OUTPUT -p tcp -o lo --dport "$1" -j REDIRECT --to-ports "$3" + iptables -t nat -A PREROUTING -p tcp --dport "$1" -j REDIRECT --to "$3" +else # Handle remote + iptables -t nat -A PREROUTING -p tcp -m tcp --dport "$1" -j DNAT --to-destination "$2":"$3" fi + +echo Done -- all traffic connecting to port "$1" will be redirected to "$2":"$3" diff --git a/Admin/simple-web b/Admin/simple-web new file mode 100644 index 0000000..d62f45f --- /dev/null +++ b/Admin/simple-web @@ -0,0 +1,2 @@ +#!/bin/bash +python3 -m http.server 8000