#! /bin/sh
#------------------------------------------------------------------------------
# /usr/local/bin/portfw.sh - ip port forwarding
#------------------------------------------------------------------------------
# ATTENTION ATTENTION ATTENTION ATTENTION ATTENTION ATTENTION ATTENTION
# NEW ARGUMENTS, SEE BELOW !!!
# ATTENTION ATTENTION ATTENTION ATTENTION ATTENTION ATTENTION ATTENTION
#------------------------------------------------------------------------------
# Called by /etc/ppp/ip-up or ip-down everytime a new connection will
# be established or will be shutdown
#
# Either ipportfw or ipautofw can be used
#------------------------------------------------------------------------------
# Usage of portfw (NEW):
#
# add entry:
# ipmasqadm portfw -a -P PROTO -L LADDR LPORT -R HIDDENHOST RPORT [-p PREF]
# delete entry:
# ipmasqadm portfw -d -P PROTO -L LADDR LPORT [-R HIDDENHOST RPORT]
# clear table:
# ipmasqadm portfw -f
# list table:
# ipmasqadm portfw -l
# no names:
# ipmasqadm portfw <args> -n
#
# PROTO protocol, can be "tcp" or "udp"
# LADDR local interface receiving packets to be forwarded
# LPORT port being redirected
# HIDDENHOST ip address of your lan computer using the application
# RPORT the port being redirected to
# PREF preference level (load balancing, default=10)
#------------------------------------------------------------------------------
# Usage of autofw (NEW):
#
# add entry:
# ipmasqadm autofw -A -r PROTO LOW HIGH [-h HIDDENHOST] [-c ctltype ctlport]
# clear table (flush):
# ipmasqadm autofw -F
#
# PROTO protocol, can be "tcp" or "udp"
# LOW lowest port of range
# HIGH highest port of range
# HIDDENHOST ip address of your lan computer using the application
#------------------------------------------------------------------------------
# Here you will find hints to get your application run:
#
# http://www.tsmservices.com/masq/
#------------------------------------------------------------------------------
# NEW:
# This script will be called now with two arguments:
# $1 state "up" or "down" default route is up
# $2 ip x.x.x.x ip address of your wan interface, eg. isdn
#------------------------------------------------------------------------------
# Creation: 08.09.2000 fm
# Last Update: 05.11.2000 fm
#------------------------------------------------------------------------------
state=$1 # "up" or "down"
ip=$2 # ip address of wan interface
#------------------------------------------------------------------------------
# Define your PCs to forward ports to:
#------------------------------------------------------------------------------
hiddenhost1=192.168.6.2 # ip of PC in LAN: change here!
hiddenhost2=192.168.6.3 # ip of PC in LAN: change here!
hiddenhost3=192.168.6.4 # ip of PC in LAN: change here!
hiddenhost4=192.168.6.5 # ip of PC in LAN: change here!
if [ "$state" = "down" ] # state is down ...
then
echo "shutting down port forwarding ..."
else
echo "initializing port forwarding ..."
fi
/usr/sbin/ipmasqadm portfw -f # ipportfw: clear old tables
/usr/sbin/ipmasqadm autofw -F # ipautofw: flush old tables
if [ "$state" = "down" ] # state is down: exit here
then
exit 0
fi
#------------------------------------------------------------------------------
# example for ftp (internal ftp server, access from outside):
#
# Don't forget to correct the firewall ports in base.txt or config.txt, see FW_N_PORTS
# and FW_PORT_x
#
# and to enable the ftp-Masquerading module in base.txt or config.txt:
# MASQ_MODULE_1='ftp' # masquerading module: ftp
#------------------------------------------------------------------------------
#/usr/sbin/ipmasqadm autofw -A -v -r tcp 21 21 -h $hiddenhost1
#------------------------------------------------------------------------------
# example for http (internal http server, access from outside):
#
# Don't forget to correct the firewall ports in config.txt, see FW_N_PORTS
# and FW_PORT_x
#------------------------------------------------------------------------------
#/usr/sbin/ipmasqadm autofw -A -v -r tcp 80 80 -h $hiddenhost1
#------------------------------------------------------------------------------
# roger wilco by basti
#------------------------------------------------------------------------------
/usr/sbin/ipmasqadm autofw -A -v -r tcp 3782 3782 -h $hiddenhost1
/usr/sbin/ipmasqadm autofw -A -v -r udp 3782 3782 -h $hiddenhost1
#------------------------------------------------------------------------------
# counter-strike-server by basti
#------------------------------------------------------------------------------
/usr/sbin/ipmasqadm autofw -A -v -r udp 27015 27015 -h $hiddenhost1
/usr/sbin/ipmasqadm autofw -A -v -r tcp 27015 27015 -h $hiddenhost1
#------------------------------------------------------------------------------
# icq by basti (5 ports pro Client reichen zum Dateiaustausch, ICQ-Phone
# etc. aus !!!)
#
# Ich denke, dass aus Sicherheitsaspekten nur sowenige ports wie möglich
# geforwardet werden sollten.
#------------------------------------------------------------------------------
/usr/sbin/ipmasqadm autofw -A -v -r tcp 5010 5014 -h $hiddenhost2
/usr/sbin/ipmasqadm autofw -A -v -r tcp 5015 5019 -h $hiddenhost3
/usr/sbin/ipmasqadm autofw -A -v -r tcp 5020 5024 -h $hiddenhost4
#------------------------------------------------------------------------------
# example for VNC
# xx = Displaynummer
#------------------------------------------------------------------------------
#/usr/sbin/ipmasqadm autofw -A -v -r tcp 58XX 58XX -h $hiddenhost1 #VNC
#/usr/sbin/ipmasqadm autofw -A -v -r tcp 59XX 59XX -h $hiddenhost1 #Web
#/usr/sbin/ipmasqadm autofw -A -v -r tcp 5500 5500 -h $hiddenhost1 #Viewer
#------------------------------------------------------------------------------
# example for Battlecom (using ipautofw):
#------------------------------------------------------------------------------
#/usr/sbin/ipmasqadm autofw -A -v -r udp 2300 2400 -h $hiddenhost1
#/usr/sbin/ipmasqadm autofw -A -v -r tcp 2300 2400 -h $hiddenhost1
#/usr/sbin/ipmasqadm autofw -A -v -r tcp 47624 47624 -h $hiddenhost1
#/usr/sbin/ipmasqadm autofw -A -v -r udp 47624 47624 -h $hiddenhost1
#/usr/sbin/ipmasqadm autofw -A -v -r udp 28800 28900 -h $hiddenhost1
#------------------------------------------------------------------------------
# example for DIABLO II (using ipautofw):
#------------------------------------------------------------------------------
#/usr/sbin/ipmasqadm autofw -A -v -r tcp 116 116 -h $hiddenhost1
#/usr/sbin/ipmasqadm autofw -A -v -r tcp 118 118 -h $hiddenhost1
#/usr/sbin/ipmasqadm autofw -A -v -r tcp 4000 4000 -h $hiddenhost1
#/usr/sbin/ipmasqadm autofw -A -v -r udp 6112 6112 -h $hiddenhost1
#------------------------------------------------------------------------------
# example for Siedler III (using ipautofw):
#------------------------------------------------------------------------------
#/usr/sbin/ipmasqadm autofw -A -v -r udp 2300 2400 -h $hiddenhost1
#/usr/sbin/ipmasqadm autofw -A -v -r tcp 2300 2400 -h $hiddenhost1
#/usr/sbin/ipmasqadm autofw -A -v -r udp 3346 3400 -h $hiddenhost1
#/usr/sbin/ipmasqadm autofw -A -v -r udp 28800 28900 -h $hiddenhost1
#/usr/sbin/ipmasqadm autofw -A -v -r udp 47624 47624 -h $hiddenhost1
#/usr/sbin/ipmasqadm autofw -A -v -r tcp 47624 47624 -h $hiddenhost1
#------------------------------------------------------------------------------
# example for IRC (using ipautofw):
#------------------------------------------------------------------------------
#/usr/sbin/ipmasqadm autofw -A -v -r tcp 113 113 -h $hiddenhost1 #IDENTD(irc)
#/usr/sbin/ipmasqadm autofw -A -v -r tcp 2112 2114 -h $hiddenhost1 #DCC (irc)
#------------------------------------------------------------------------------
# example for UT (UNREAL TOURNAMENT) Server only
#------------------------------------------------------------------------------
#/usr/sbin/ipmasqadm autofw -A -v -r udp 7777 7779 -h $hiddenhost1
#/usr/sbin/ipmasqadm autofw -A -v -r udp 27900 27900 -h $hiddenhost1
#------------------------------------------------------------------------------
# example for QUAKE Server only
#------------------------------------------------------------------------------
#/usr/sbin/ipmasqadm autofw -A -v -r udp 27960 27960 -h $hiddenhost1
#------------------------------------------------------------------------------
# example for Napster:
# forward napster connections to 4 different intern PCs:
#
# PLEASE READ
# http://www.linuxdoc.org/HOWTO/mini/IPMasquerading+Napster-4.html
#------------------------------------------------------------------------------
#nap1=6702 # napster port of PC 1
#nap2=6703 # napster port of PC 2
#nap3=6704 # napster port of PC 3
#nap4=6705 # napster port of PC 4
#/usr/sbin/ipmasqadm portfw -a -P tcp -L $ip $nap1 -R $hiddenhost1 $nap1
#/usr/sbin/ipmasqadm portfw -a -P tcp -L $ip $nap2 -R $hiddenhost2 $nap2
#/usr/sbin/ipmasqadm portfw -a -P tcp -L $ip $nap3 -R $hiddenhost3 $nap3
#/usr/sbin/ipmasqadm portfw -a -P tcp -L $ip $nap4 -R $hiddenhost4 $nap4
#------------------------------------------------------------------------------
# example for GameVoice(TM) Software (Server 'N Client): (by Detlef Hoppe )
#------------------------------------------------------------------------------
#/usr/sbin/ipmasqadm autofw -A -v -r udp 9110 9110 -h $hiddenhost1
#------------------------------------------------------------------------------
# example for Ivisit: (by Detlef Hoppe )
#------------------------------------------------------------------------------
#/usr/sbin/ipmasqadm autofw -A -v -r udp 9943 9943 -h $hiddenhost1
#/usr/sbin/ipmasqadm autofw -A -v -r udp 56768 56768 -h $hiddenhost1
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# END
#------------------------------------------------------------------------------
echo 'done' # END
|