devstar/devstar-devcontainer-operator
2
0
Fork 0
mirror of https://gitee.com/devstar/devstar-devcontainer-operator synced 2025-11-02 03:40:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
f3879c45fc30a52be1a8382f6ae46a9eebed343c
devstar-devcontainer-operator/nat_rule.sh

94 lines
3.3 KiB
Bash
Raw Normal View History

add nat-rule.sh for master node(as NAT Server)
2025-06-01 16:13:14 +08:00
#!/bin/bash
# 函数:检查规则是否已存在
# 参数: <公网端口> <内网IP> <内网端口> <网络接口>
rule_exists() {
local public_port="${1}"
local internal_ip="${2}"
local internal_port="${3}"
local interface="${4}"
# 检查DNAT规则是否存在
sudo iptables -t nat -L PREROUTING -n | \
grep -q "tcp dpt:${public_port} to:${internal_ip}:${internal_port}"
return $?
}
# 函数添加NAT转发规则如不存在则添加
# 参数: <公网端口> <内网IP> <内网端口> <网络接口>
add_rules() {
local public_port="${1}"
local internal_ip="${2}"
local internal_port="${3}"
local interface="${4}"
# 参数检查
if [[ -z "$public_port" || -z "$internal_ip" || -z "$internal_port" || -z "$interface" ]]; then
echo "错误:缺少必要参数!"
echo "用法add_rules <公网端口> <内网IP> <内网端口> <网络接口>"
return 1
fi
# 检查规则是否已存在
if rule_exists "$public_port" "$internal_ip" "$internal_port" "$interface"; then
echo "[规则已存在] *:$public_port -> $internal_ip:$internal_port (接口: $interface)"
return 0
fi
echo "正在添加转发规则: *:$public_port -> $internal_ip:$internal_port (接口: $interface)"
# DNAT 端口转发
sudo iptables -t nat -A PREROUTING -p tcp --dport "$public_port" \
-j DNAT --to-destination "$internal_ip:$internal_port"
# 允许流量转发
sudo iptables -A FORWARD -p tcp -d "$internal_ip" --dport "$internal_port" -j ACCEPT
# MASQUERADE 出口伪装
sudo iptables -t nat -A POSTROUTING -o "$interface" -j MASQUERADE
echo "[添加成功] *:$public_port -> $internal_ip:$internal_port (接口: $interface)"
}
# 函数删除NAT转发规则
# 参数: <公网端口> <内网IP> <内网端口> <网络接口>
del_rules() {
local public_port="${1}"
local internal_ip="${2}"
local internal_port="${3}"
local interface="${4}"
# 参数检查
if [[ -z "$public_port" || -z "$internal_ip" || -z "$internal_port" || -z "$interface" ]]; then
echo "错误:缺少必要参数!"
echo "用法del_rules <公网端口> <内网IP> <内网端口> <网络接口>"
return 1
fi
# 检查规则是否存在
if ! rule_exists "$public_port" "$internal_ip" "$internal_port" "$interface"; then
echo "[规则不存在] *:$public_port -> $internal_ip:$internal_port (接口: $interface)"
return 0
fi
echo "正在删除转发规则: *:$public_port -> $internal_ip:$internal_port (接口: $interface)"
# 删除 DNAT 规则(忽略错误)
sudo iptables -t nat -D PREROUTING -p tcp --dport "$public_port" \
-j DNAT --to-destination "$internal_ip:$internal_port" 2>/dev/null || true
# 删除 FORWARD 规则
sudo iptables -D FORWARD -p tcp -d "$internal_ip" --dport "$internal_port" -j ACCEPT 2>/dev/null || true
# 删除 MASQUERADE 规则(谨慎操作,确保无其他服务依赖)
sudo iptables -t nat -D POSTROUTING -o "$interface" -j MASQUERADE 2>/dev/null || true
echo "[删除成功] *:$public_port -> $internal_ip:$internal_port (接口: $interface)"
}
add_rules "25" "172.17.0.34" "22" "eth0"
# del_rules "25" "172.17.0.34" "22" "eth0"
# sudo iptables -t nat -L -n
# sudo iptables -L FORWARD -n
Reference in New Issue Copy Permalink