{"id":1873,"date":"2016-09-07T11:47:16","date_gmt":"2016-09-07T16:47:16","guid":{"rendered":"http:\/\/swildow.darktech.org\/wp\/?p=1873"},"modified":"2016-09-07T11:47:16","modified_gmt":"2016-09-07T16:47:16","slug":"iptables-port-forward-script","status":"publish","type":"post","link":"https:\/\/www.wildow.com\/blog\/?p=1873","title":{"rendered":"iptables port forward script"},"content":{"rendered":"<table>\n<tbody>\n<tr>\n<td class=\"votecell\">\n<div class=\"vote\"><span class=\"vote-count-post \"><br class=\"Apple-interchange-newline\" \/>3<\/span><a class=\"vote-down-off\" title=\"This answer is not useful\">down vote<\/a><\/div>\n<\/td>\n<td class=\"answercell\">\n<div class=\"post-text\">\n<p>I have created the following bash script for doing this on my linux router. It automatically infers the WAN IP and confirms your selections before proceeding.<\/p>\n<pre><code>#!\/bin\/bash\r\n\r\n# decide which action to use\r\naction=\"add\"\r\nif [[ \"-r\" == \"$1\" ]]; then\r\n  action=\"remove\"\r\n  shift\r\nfi\r\n\r\n# break out components\r\ndest_addr_lan=\"$1\"\r\ndest_port_wan=\"$2\"\r\ndest_port_lan=\"$3\"\r\n\r\n# figure out our WAN ip\r\nwan_addr=`curl -4 -s icanhazip.com`\r\n\r\n# auto fill our dest lan port if we need to\r\nif [ -z $dest_port_lan ]; then\r\n  dest_port_lan=\"$dest_port_wan\"\r\nfi\r\n\r\n# print info for review\r\necho \"Destination LAN Address: $dest_addr_lan\"\r\necho \"Destination Port WAN: $dest_port_wan\"\r\necho \"Destination Port LAN: $dest_port_lan\"\r\necho \"WAN Address: $wan_addr\"\r\n\r\n# confirm with user\r\nread -p \"Does everything look correct? \" -n 1 -r\r\necho    # (optional) move to a new line\r\nif [[ $REPLY =~ ^[Yy]$ ]]; then\r\n  if [[ \"remove\" == \"$action\" ]]; then\r\n    iptables -t nat -D PREROUTING  -p tcp -m tcp -d $wan_addr --dport     $dest_port_wan -j DNAT --to-destination $dest_addr_lan:$dest_port_lan\r\n    iptables -D FORWARD -m state -p tcp -d $dest_addr_lan --dport     $dest_port_lan --state NEW,ESTABLISHED,RELATED -j ACCEPT\r\n    iptables -t nat -D POSTROUTING -p tcp -m tcp -s $dest_addr_lan --sport     $dest_port_lan -j SNAT --to-source $wan_addr\r\n    echo \"Forwarding rule removed\"\r\n  else\r\n    iptables -t nat -A PREROUTING  -p tcp -m tcp -d $wan_addr --dport     $dest_port_wan -j DNAT --to-destination $dest_addr_lan:$dest_port_lan\r\n    iptables -A FORWARD -m state -p tcp -d $dest_addr_lan --dport     $dest_port_lan --state NEW,ESTABLISHED,RELATED -j ACCEPT\r\n    iptables -t nat -A POSTROUTING -p tcp -m tcp -s $dest_addr_lan --sport $dest_port_lan -j SNAT --to-source $wan_addr\r\n    echo \"Forwarding rule added\"\r\n  fi\r\nelse\r\n  echo \"Info not confirmed, exiting...\"\r\nfi\r\n<\/code><\/pre>\n<p>The use of the script is simple just copy and paste it to a file and then.<\/p>\n<pre><code># chmod +x port_forward.sh\r\n# .\/port_forward.sh 192.168.1.100 3000\r\n... confirm details ... press y\r\n# Forwarding rule added\r\n<\/code><\/pre>\n<p>To remove the same rule<\/p>\n<pre><code># .\/port_forward.sh -r 192.168.1.100 3000\r\n... confirm details ... press y\r\n# Forwarding rule removed\r\n<\/code><\/pre>\n<p>I thought this might save someone time on their respective router.<\/p>\n<\/div>\n<table class=\"fw\">\n<tbody>\n<tr>\n<td class=\"vt\">\n<div class=\"post-menu\"><a id=\"link-post-743017\" class=\"short-link\" title=\"short permalink to this answer\" href=\"http:\/\/serverfault.com\/a\/743017\">share<\/a><a class=\"suggest-edit-post\" title=\"\" href=\"http:\/\/serverfault.com\/posts\/743017\/edit\">improve this answer<\/a><\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>3down vote I have created the following bash script for doing this on my linux router. It automatically infers the WAN IP and confirms your selections before proceeding. #!\/bin\/bash # decide which action to use action=&#8221;add&#8221; if [[ &#8220;-r&#8221; == &#8230; <a class=\"more-link\" href=\"https:\/\/www.wildow.com\/blog\/?p=1873\">Read More &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-1873","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1873","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1873"}],"version-history":[{"count":1,"href":"https:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1873\/revisions"}],"predecessor-version":[{"id":1874,"href":"https:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1873\/revisions\/1874"}],"wp:attachment":[{"href":"https:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1873"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1873"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1873"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}