Proxmox_Ve_Pre_Defined_Port_Nat/port-forward.sh

#!/bin/bash

if [[ $# -lt 3 ]]; then
    echo "参数错误！请提供正确的网卡名称、网络段、起始端口和每个主机号的端口数量，本机 IP。如果需要测试模式，请在最后加上 test_mode 参数。"
    echo "示例：sudo bash $0 eth0 192.168.0.0/24 21000 10"
    exit 1
fi

# 解析网络段、起始端口和每个主机号的端口数量
subnet=$2
startPort=$3
portPerHost=$4
device=$1

# 检测网络段是否 CIDR
if [[ $subnet != *"/"* ]]; then
    echo "网络段必须是 CIDR 格式！"
    exit 1
fi  


# 验证起始端口和每个主机号的端口数量大于等于0
if [[ $startPort -lt 0 || $portPerHost -lt 0 ]]; then
    echo "起始端口和每个主机号的端口数量必须大于等于0！"
    exit 1
fi


# 传递的参数：IP地址和起始端口号
ip=$2
echo "CIDR 是 ${ip}。"

iptables -t nat -A POSTROUTING -s ${ip} -o ${device} -j MASQUERADE

# 去除 ip 的主机号和网段
ip=${ip%.*}

# portPerHost + 1
portPerHost=$((portPerHost + 1))

# 清除旧的iptables规则
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -F
iptables -X
iptables -Z

# 设置默认策略
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

# 启用IP转发
echo 1 > /proc/sys/net/ipv4/ip_forward

# 计算每个主机号的端口范围
function calculatePortRanges() {
    hostNumber=$1

    startPortNumber=$((startPort + (hostNumber * portPerHost)))
    endPortNumber=$((startPortNumber + portPerHost - 1))

    echo "IP地址 ${ip}.${hostNumber} 对应的端口范围是 ${startPortNumber} 到 ${endPortNumber}。"
}

# 创建新的iptables规则
function createPortForwardingRule() {
    set -x

    hostNumber=$1

    startPortNumber=$((startPort + (hostNumber * portPerHost)))
    endPortNumber=$((startPortNumber + portPerHost - 1))

    echo "IP ${ip}.${hostNumber} 的 SSH 端口是 ${startPortNumber}。"
    # SSH端口转发
    # iptables -t nat -A PREROUTING -p tcp --dport 22 -j DNAT --to-destination ${ip}.${hostNumber}:${startPortNumber}
    # iptables -t nat -A POSTROUTING -p tcp -d ${ip}.${hostNumber} --dport ${startPortNumber} -j SNAT --to-source ${ip}
    iptables -t nat -A PREROUTING -i ${device} -p tcp --dport ${startPortNumber} -j DNAT --to ${ip}.${hostNumber}:22
    iptables -t nat -A PREROUTING -i ${device} -p udp --dport ${startPortNumber} -j DNAT --to ${ip}.${hostNumber}:22

    # RDP端口转发
    echo "IP ${ip}.${hostNumber} 的 RDP 端口是 $((startPortNumber + 1))。"
    # iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to-destination ${ip}.${hostNumber}:$((startPortNumber + 1))
    # iptables -t nat -A POSTROUTING -p tcp -d ${ip}.${hostNumber} --dport $((startPortNumber + 1)) -j SNAT --to-source ${ip}
    iptables -t nat -A PREROUTING -i ${device} -p tcp --dport $((startPortNumber + 1)) -j DNAT --to ${ip}.${hostNumber}:3389
    iptables -t nat -A PREROUTING -i ${device} -p udp --dport $((startPortNumber + 1)) -j DNAT --to ${ip}.${hostNumber}:3389

    # 实际端口范围转发
    # iptables -t nat -A PREROUTING -p tcp --dport $((startPortNumber + 2)):$endPortNumber -j DNAT --to-destination ${ip}.${hostNumber}:$((startPortNumber + 2))
    # iptables -t nat -A POSTROUTING -p tcp -d ${ip}.${hostNumber} --dport $((startPortNumber + 2)) -j SNAT --to-source ${ip}
    # iptables -t nat -A PREROUTING -i ${device} -p all -d ${ip}.${hostNumber} --dport 10000:10999 -j DNAT --to 172.22.161.170:10000-10999

    startPortNumber=$((startPortNumber + 2))
    echo "起始端口号是 ${startPortNumber}。"
    endPortNumber=$((endPortNumber))
    echo "结束端口号是 ${endPortNumber}。"

    # 实际端口范围转发
    for ((portNumber = startPortNumber; portNumber <= endPortNumber; portNumber++)); do
        echo "IP ${ip}.${hostNumber} 的端口是 ${portNumber}。"
        iptables -t nat -A PREROUTING -i ${device} -p tcp --dport ${portNumber} -j DNAT --to ${ip}.${hostNumber}:${portNumber}
        iptables -t nat -A PREROUTING -i ${device} -p udp --dport ${portNumber} -j DNAT --to ${ip}.${hostNumber}:${portNumber}
    done
    
    set +x

}

# 循环遍历主机号
for hostNumber in $(seq 1 254); do
    if [ "$5" == "test_mode" ]; then
        calculatePortRanges $hostNumber
    else
        createPortForwardingRule $hostNumber
    fi
done

# 保存iptables规则
iptables-save > /etc/iptables.rules