mirror of
https://gitee.com/devstar/devstar-devcontainer-operator
synced 2025-11-02 03:40:34 +00:00
add nat-rule.sh for master node(as NAT Server)
Some checks failed
DevStar DevContainer Operator CI Pipeline - main branch / build-and-push-devstar-devcontainer-operator (push) Failing after 1s
Some checks failed
DevStar DevContainer Operator CI Pipeline - main branch / build-and-push-devstar-devcontainer-operator (push) Failing after 1s
This commit is contained in:
see you again
93
nat_rule.sh
Executable file
93
nat_rule.sh
Executable file
@@ -0,0 +1,93 @@
|
||||
#!/bin/bash
|
||||
|
||||
# 函数:检查规则是否已存在
|
||||
# 参数: <公网端口> <内网IP> <内网端口> <网络接口>
|
||||
rule_exists() {
|
||||
local public_port="${1}"
|
||||
local internal_ip="${2}"
|
||||
local internal_port="${3}"
|
||||
local interface="${4}"
|
||||
|
||||
# 检查DNAT规则是否存在
|
||||
sudo iptables -t nat -L PREROUTING -n | \
|
||||
grep -q "tcp dpt:${public_port} to:${internal_ip}:${internal_port}"
|
||||
|
||||
return $?
|
||||
}
|
||||
|
||||
# 函数:添加NAT转发规则(如不存在则添加)
|
||||
# 参数: <公网端口> <内网IP> <内网端口> <网络接口>
|
||||
add_rules() {
|
||||
local public_port="${1}"
|
||||
local internal_ip="${2}"
|
||||
local internal_port="${3}"
|
||||
local interface="${4}"
|
||||
|
||||
# 参数检查
|
||||
if [[ -z "$public_port" || -z "$internal_ip" || -z "$internal_port" || -z "$interface" ]]; then
|
||||
echo "错误:缺少必要参数!"
|
||||
echo "用法:add_rules <公网端口> <内网IP> <内网端口> <网络接口>"
|
||||
return 1
|
||||
fi
|
||||
|
||||
# 检查规则是否已存在
|
||||
if rule_exists "$public_port" "$internal_ip" "$internal_port" "$interface"; then
|
||||
echo "[规则已存在] *:$public_port -> $internal_ip:$internal_port (接口: $interface)"
|
||||
return 0
|
||||
fi
|
||||
|
||||
echo "正在添加转发规则: *:$public_port -> $internal_ip:$internal_port (接口: $interface)"
|
||||
|
||||
# DNAT 端口转发
|
||||
sudo iptables -t nat -A PREROUTING -p tcp --dport "$public_port" \
|
||||
-j DNAT --to-destination "$internal_ip:$internal_port"
|
||||
|
||||
# 允许流量转发
|
||||
sudo iptables -A FORWARD -p tcp -d "$internal_ip" --dport "$internal_port" -j ACCEPT
|
||||
|
||||
# MASQUERADE 出口伪装
|
||||
sudo iptables -t nat -A POSTROUTING -o "$interface" -j MASQUERADE
|
||||
|
||||
echo "[添加成功] *:$public_port -> $internal_ip:$internal_port (接口: $interface)"
|
||||
}
|
||||
|
||||
# 函数:删除NAT转发规则
|
||||
# 参数: <公网端口> <内网IP> <内网端口> <网络接口>
|
||||
del_rules() {
|
||||
local public_port="${1}"
|
||||
local internal_ip="${2}"
|
||||
local internal_port="${3}"
|
||||
local interface="${4}"
|
||||
|
||||
# 参数检查
|
||||
if [[ -z "$public_port" || -z "$internal_ip" || -z "$internal_port" || -z "$interface" ]]; then
|
||||
echo "错误:缺少必要参数!"
|
||||
echo "用法:del_rules <公网端口> <内网IP> <内网端口> <网络接口>"
|
||||
return 1
|
||||
fi
|
||||
|
||||
# 检查规则是否存在
|
||||
if ! rule_exists "$public_port" "$internal_ip" "$internal_port" "$interface"; then
|
||||
echo "[规则不存在] *:$public_port -> $internal_ip:$internal_port (接口: $interface)"
|
||||
return 0
|
||||
fi
|
||||
|
||||
echo "正在删除转发规则: *:$public_port -> $internal_ip:$internal_port (接口: $interface)"
|
||||
|
||||
# 删除 DNAT 规则(忽略错误)
|
||||
sudo iptables -t nat -D PREROUTING -p tcp --dport "$public_port" \
|
||||
-j DNAT --to-destination "$internal_ip:$internal_port" 2>/dev/null || true
|
||||
|
||||
# 删除 FORWARD 规则
|
||||
sudo iptables -D FORWARD -p tcp -d "$internal_ip" --dport "$internal_port" -j ACCEPT 2>/dev/null || true
|
||||
|
||||
# 删除 MASQUERADE 规则(谨慎操作,确保无其他服务依赖)
|
||||
sudo iptables -t nat -D POSTROUTING -o "$interface" -j MASQUERADE 2>/dev/null || true
|
||||
|
||||
echo "[删除成功] *:$public_port -> $internal_ip:$internal_port (接口: $interface)"
|
||||
}
|
||||
|
||||
add_rules "25" "172.17.0.34" "22" "eth0"
|
||||
# del_rules "25" "172.17.0.34" "22" "eth0"
|
||||
# sudo iptables -t nat -L -n
|
||||
# sudo iptables -L FORWARD -n
|
||||
Reference in New Issue
Block a user