RDP traffic to IP Y via IP X by iptables

最後更新: 2015-03-31

Diagram:

user -> X(proxy) -> Y (win2008)

X 上的設定

sysctl net.ipv4.ip_forward=1

checking

cat /proc/sys/net/ipv4/ip_forward

portredirect.sh

#!/bin/bash
# Client -> X -> Y

_X=x.x.x.x
_Y=y.y.y.y
_IF=eth0
_PORT=3389

iptables -I FORWARD -d $_Y -i $_IF -p tcp -m tcp --dport $_PORT -j ACCEPT
iptables -t nat -I PREROUTING -d $_X -p tcp -m tcp --dport $_PORT -j DNAT --to-destination $_Y
iptables -t nat -I POSTROUTING -o $_IF -j MASQUERADE

remark

在 subinterface 情況下, _IF 仍是設定為它的主 interface

 


加強版

 

portredirect.sh

#!/bin/bash
# Client -> X(_XPORT) -> Y(_YPORT)

_X=192.168.88.151
_XPORT=8080
_Y=192.168.88.18
_YPORT=80
_IF=vmbr0

#################################################### code

_FORWARD=`cat /proc/sys/net/ipv4/ip_forward`

function clear(){
    iptables -D FORWARD -d $_Y -p tcp -m tcp --dport $_YPORT -j ACCEPT &> /dev/null
    iptables -t nat -D PREROUTING -d $_X -p tcp -m tcp --dport $_XPORT -j DNAT --to-destination $_Y:$_YPORT &> /dev/null
    iptables -t nat -D POSTROUTING -o $_IF -j SNAT --to $_X &> /dev/null
}

function setup(){
        iptables -I FORWARD -d $_Y -p tcp -m tcp --dport $_YPORT -j ACCEPT &> /dev/null
        iptables -t nat -I PREROUTING -d $_X -p tcp -m tcp --dport $_XPORT -j DNAT --to-destination $_Y:$_YPORT &> /dev/null
        iptables -t nat -I POSTROUTING -o $_IF -j SNAT --to $_X &> /dev/null
}

if [ "$1" = "clear" ]
then
        clear
        echo "Done"
fi

if [ "$1" = "setup" ]
then
        if [ $_FORWARD -eq 0 ]
        then
            echo "Setup forward"
            sysctl net.ipv4.ip_forward=1
        fi
        clear
        setup
        echo "Done"
fi

if [ "$1" = "" ]
then
        echo 'Usage: ./portredirect.sh < clear | setup >'
fi