devstar/devstar-devcontainer-operator
1
0
Fork 0
mirror of https://gitee.com/devstar/devstar-devcontainer-operator synced 2025-07-08 02:54:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
main
devstar-devcontainer-operator/nat_rule.sh
see you again f3879c45fc
Some checks failed
DevStar DevContainer Operator CI Pipeline - main branch / build-and-push-devstar-devcontainer-operator (push) Failing after 1s
Details
add nat-rule.sh for master node(as NAT Server)
2025-06-01 16:13:14 +08:00

94 lines
3.3 KiB
Bash
Executable File
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# 函数:检查规则是否已存在
# 参数: <公网端口> <内网IP> <内网端口> <网络接口>
rule_exists() {
local public_port="${1}"
local internal_ip="${2}"
local internal_port="${3}"
local interface="${4}"
# 检查DNAT规则是否存在
sudo iptables -t nat -L PREROUTING -n | \
grep -q "tcp dpt:${public_port} to:${internal_ip}:${internal_port}"
return $?
}
# 函数添加NAT转发规则如不存在则添加
# 参数: <公网端口> <内网IP> <内网端口> <网络接口>
add_rules() {
local public_port="${1}"
local internal_ip="${2}"
local internal_port="${3}"
local interface="${4}"
# 参数检查
if [[ -z "$public_port" || -z "$internal_ip" || -z "$internal_port" || -z "$interface" ]]; then
echo "错误:缺少必要参数!"
echo "用法add_rules <公网端口> <内网IP> <内网端口> <网络接口>"
return 1
fi
# 检查规则是否已存在
if rule_exists "$public_port" "$internal_ip" "$internal_port" "$interface"; then
echo "[规则已存在] *:$public_port -> $internal_ip:$internal_port (接口: $interface)"
return 0
fi
echo "正在添加转发规则: *:$public_port -> $internal_ip:$internal_port (接口: $interface)"
# DNAT 端口转发
sudo iptables -t nat -A PREROUTING -p tcp --dport "$public_port" \
-j DNAT --to-destination "$internal_ip:$internal_port"
# 允许流量转发
sudo iptables -A FORWARD -p tcp -d "$internal_ip" --dport "$internal_port" -j ACCEPT
# MASQUERADE 出口伪装
sudo iptables -t nat -A POSTROUTING -o "$interface" -j MASQUERADE
echo "[添加成功] *:$public_port -> $internal_ip:$internal_port (接口: $interface)"
}
# 函数删除NAT转发规则
# 参数: <公网端口> <内网IP> <内网端口> <网络接口>
del_rules() {
local public_port="${1}"
local internal_ip="${2}"
local internal_port="${3}"
local interface="${4}"
# 参数检查
if [[ -z "$public_port" || -z "$internal_ip" || -z "$internal_port" || -z "$interface" ]]; then
echo "错误:缺少必要参数!"
echo "用法del_rules <公网端口> <内网IP> <内网端口> <网络接口>"
return 1
fi
# 检查规则是否存在
if ! rule_exists "$public_port" "$internal_ip" "$internal_port" "$interface"; then
echo "[规则不存在] *:$public_port -> $internal_ip:$internal_port (接口: $interface)"
return 0
fi
echo "正在删除转发规则: *:$public_port -> $internal_ip:$internal_port (接口: $interface)"
# 删除 DNAT 规则(忽略错误)
sudo iptables -t nat -D PREROUTING -p tcp --dport "$public_port" \
-j DNAT --to-destination "$internal_ip:$internal_port" 2>/dev/null || true
# 删除 FORWARD 规则
sudo iptables -D FORWARD -p tcp -d "$internal_ip" --dport "$internal_port" -j ACCEPT 2>/dev/null || true
# 删除 MASQUERADE 规则(谨慎操作,确保无其他服务依赖)
sudo iptables -t nat -D POSTROUTING -o "$interface" -j MASQUERADE 2>/dev/null || true
echo "[删除成功] *:$public_port -> $internal_ip:$internal_port (接口: $interface)"
}
add_rules "25" "172.17.0.34" "22" "eth0"
# del_rules "25" "172.17.0.34" "22" "eth0"
# sudo iptables -t nat -L -n
# sudo iptables -L FORWARD -n
Reference in New Issue View Git Blame Copy Permalink