Use script to automatically configure NAT port mapping of iptables 04/26 Update SLTechnology News&Howtos

Use script to automatically configure NAT port mapping of iptables

2025-04-26 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

The previous blog wrote about how to configure NAT under the environment of VMware ESX and XenServer, which solved the problem of internal network virtual machine accessing external network, but not the problem of external network accessing internal network.

It's too troublesome to add a few mapping rules for each additional virtual machine. If you map all the ports, you don't need to add them every time.

The port mapping rules are as follows:

Num is the last number of IP addresses in the intranet

Ssh port 22 is mapped to 10000+num

For example, a virtual machine with an intranet address of 192.168.1.5 has port 22 mapped to port 10005 of the host.

590x port of vnc (only two ports are provided)

Port 5901 is mapped to the last number of 20000 + private network addresses, x10 addresses.

Port 5902 is mapped to the last number of 20000 + private network addresses, x10 addresses.

For example, the first VNC of 192.168.1.20 is mapped to the 20000+20x10+1=20201 of the host.

Port 5 of 192.168.1.200 is mapped to the host's 20000+200x10+5=22005

Port 2 of 192.168.1.201 is mapped to the host's 20000+201x10+5=22012

Port 3389 of windows remote Desktop is mapped to 30000+num

Port 80 of http is mapped to 40000+num

Use the script to complete the configuration:

#! / bin/bash#remap port# i is the last num of the inner addressfor i in $(seq 50) doif [$I-ne 1] then#ssh port 22#port 22 is mapped to 10000+ilet "mapport=$i + 10000" / sbin/iptables-t nat-A PREROUTING-I eth2-p tcp-d 10.109.247.169-- dport $mapport-j DNAT-- to-destination 192.168.1.$i:21echo 10.109.247.169:$mapport mapped to 192.168.1.$i:22#vnc port 590x # port 590x is mapped to 20001+ix10+xlet "jacuzzi * 10" let "mapport=$j + 20001" / sbin/iptables-t nat-A PREROUTING-I eth2-p tcp-d 10.109.247.169-- dport $mapport-j DNAT-- to-destination 192.168.1.$i:5901echo 10.109.247.169:$mapport mapped to 192.168.1.$i:5901let "mapport=$mapport + 1" / sbin/iptables-t nat-A PREROUTING-I eth2-p tcp-d 10.109.247.169-dport $mapport-j DNAT-- to-destination 192.168.1.$i:5902echo 10.109.247.169:$mapport mapped to 192.168.1.$i:5902#remote desktop port 3389#port 3389 is mapped to 30000+ilet "mapport=$i + 30000" / sbin/iptables-t nat-A PREROUTING-I eth2-p tcp-d 10.109.247.169-- dport $mapport-j DNAT-- to-destination 192.168.1.$i:3389echo 10.109.247.169:$mapport mapped to 192.168.1.$i:3389#http Port 80#port 80 is mapped to 40000+ilet "mapport=$i + 40000" / sbin/iptables-t nat-A PREROUTING-I eth2-p tcp-d 10.109.247.169-- dport $mapport-j DNAT-- to-destination 192.168.1.$i:3389echo 10.109.247.169:$mapport mapped to 192.168.1.$i:80fidone

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.