Here's the script with comments: #!/bin/sh # TCP Proxy using IPTables IPTABLES=/sbin/iptables
echo 1 > /proc/sys/net/ipv4/ip_forward # Flush nat table $IPTABLES -t nat -F $IPTABLES -F ### Set up the redirect ## redirects all traffic directed at port 192.168.0.3:8443 ## to host 10.152.3.56 $IPTABLES -t nat -A PREROUTING --dst 192.168.0.3 -p tcp --dport 8443 -j DNAT --to-destination 10.152.3.56:8443 ## Same as above line; for traffic originating on local machine $IPTABLES -t nat -A OUTPUT --dst 192.168.0.3 -p tcp --dport 8443 -j DNAT --to-destination 10.152.3.56:8443 ## These two lines do the same, for 10.0.2.2 instead of 192.168.0.3 $IPTABLES -t nat -A PREROUTING --dst 10.0.2.2 -p tcp --dport 8443 -j DNAT --to-destination 10.152.3.56:8443 $IPTABLES -t nat -A OUTPUT --dst 10.0.2.2 -p tcp --dport 8443 -j DNAT --to-destination 10.152.3.56:8443 ### Set up SNAT ## Any traffic that's routed out through eth0 gets SNAT'd to appear to ## the network as though it has originated from eth0. $IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE ## Same as above, but for eth1. $IPTABLES -t nat -A POSTROUTING -o eth1 -j MASQUERADE ### Firewalling (New lines) ## Allow all traffic coming in through 192.168.0.3 on port 8443 $IPTABLES -A INPUT -p tcp --dst 192.168.0.3 --dport 8443 -j ACCEPT ## Drop all other traffic coming in through 192.168.0.3 $IPTABLES -A INPUT -p tcp --dst 192.168.0.3 -j DROP
pgpMdi1mIhmMz.pgp
Description: PGP signature
