How to forward a range of ports (TCP and UDP) with a script?

V

VA2016-05-30 17:25:59

linux

VA, 2016-05-30 17:25:59

Hi all!
There is CentOS in it Windows VM (ip vm=192.168.122.253)
For the software to work, it is necessary to forward the range of ports 6601 to 6615 TCP and UDP (immediately the question is: How to register TCP and UDP in one script in one file?
1st version of the script (file for example /etc/libvirt/hooks/qemu_6601-6615):

spoiler

#!/bin/bash
# used some from advanced script to have multiple ports: use an equal number of guest and host ports
# Update the following variables to fit your setup
Guest_name=wsvm
Guest_ipaddr=192.168.122.253
Host_ipaddr=ВНЕШНИЙ АЙПИ
Host_port=(  '6601-6615' )
Guest_port=( '6601-6615' )

length=$(( ${#Host_port[@]} - 1 ))
if [ "${1}" = "${Guest_name}" ]; then
   if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then
       for i in `seq 0 $length`; do
               iptables -t nat -D PREROUTING -d ${Host_ipaddr} -p tcp --dport ${Host_port[$i]} -j DNAT --to ${Guest_ipaddr}:${Guest_port[$i]}
               iptables -D FORWARD -d ${Guest_ipaddr}/32 -p tcp -m state --state NEW -m tcp --dport ${Guest_port[$i]} -j ACCEPT
       done
   fi
   if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ]; then
       for i in `seq 0 $length`; do
               iptables -t nat -A PREROUTING -d ${Host_ipaddr} -p tcp --dport ${Host_port[$i]} -j DNAT --to ${Guest_ipaddr}:${Guest_port[$i]}
               iptables -I FORWARD -d ${Guest_ipaddr}/32 -p tcp -m state --state NEW -m tcp --dport ${Guest_port[$i]} -j ACCEPT
       done
   fi
fi

then restart libvirtd
chmod +x /etc/libvirt/hooks/qemu_6601-6615
OR
2nd option, script (file for example qemu_superscript_6601-6615):

spoiler

#!/bin/bash

hostif="eth0"
hostip=$(/sbin/ifconfig "$hostif" | /usr/bin/awk -F: '/inet addr/ {split($2, a, " "); print a[1]}')

# Format: guestname,sourceip,hostpt,guestip,guestpt per string
# leave sourceip field empty for connect from anywhere
datafile="/etc/libvirt/hooks/server_port_map"
iptables='/sbin/iptables'

while IFS=, read -r guestname sourceip hostpt guestip guestpt ; do
if [ -z $sourceip ] ; then
 sourceip="0.0.0.0/0"
fi
if [ $1 = $guestname ] ; then
 if  ; then
  $iptables -w -t nat -D PREROUTING -i $hostif -s $sourceip -d $hostip -p tcp --dport $hostpt -j DNAT --to-destination ${guestip}:${guestpt}
  $iptables -w -D FORWARD -i $hostif -s $sourceip -m state --state NEW -m tcp -p tcp -d $guestip --dport $guestpt -j ACCEPT
 fi
 if  ; then
  $iptables -w -t nat -I PREROUTING -i $hostif -s $sourceip -d $hostip -p tcp --dport $hostpt -j DNAT --to-destination ${guestip}:${guestpt}
  $iptables -w -I FORWARD -i $hostif -s $sourceip -m state --state NEW -m tcp -p tcp -d $guestip --dport $guestpt -j ACCEPT
 fi
fi
done < $datafile

Second file (/etc/libvirt/hooks/server_port_map):

spoiler

wsvm,$remote_ip1,6601-6615,192.168.122.253,6601-6615
надо ли писать в нем $remote_ip1 ? в скрипте я так понял нет этой переменной. или вместо него внешний IP написать?

also then
chmod +x /etc/libvirt/hooks/qemu_superscript_6601-6615
---------------------------
Which script is better, or can you recommend an alternative

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

vreitech, 2016-05-30
@fzfx

my advice to you - deal with the brackets.