DDNS配合端口转换以及IPTABLES的脚本!
时间:2006-03-22 来源:hb_li_520
今天看了下面这串代码;有的机器可以执行,放置在另外的机器上却不可以;
在命令提示符下可以,但到了crontab 就不可以了;
因为crontab下没有你的linux下的环境变量;最后用绝对的路径;
还有除错的方式也要多多学习呀!
其实有个好方法可以试一下:
0 2 * * * sh /root/mysql_backup.sh > /root/sqlback.log 2>&1
把错误输出重向到sqlback.log文件。如果执行不正常,会有报错,解决相应的错误即可。
这样查找错误就比较容易了。
crontab * 01-23/1 * * * /etc/rc.d/ipaddress.sh
* 01-23/1 * * * /etc/rc.d/iptable.sh
01-59/3 * * * * root /usr/sbin/adsl-start > /dev/null 2>&1
ipaddress.sh #!/bin/bash
cd /etc/rc.d
P=`\/sbin\/ifconfig ppp0 | grep "inet addr" | awk '{print $2}'`
#echo $p
P=`echo $P | sed 's/addr\://g'`
#echo $P
TXT=`sed '1,$s/\/sbin\/iptables -t nat -A PREROUTING -d .* -p tcp --dport 80 -j DNAT --to 192.168.0.9:80/\/sbin\/iptables -t nat -A PREROUTING -d '$P' -p tcp --dport 80 -j DNAT --to 192.168.0.9:80/g' \/etc\/rc.d\/iptable.sh`
echo "$TXT" > \/etc\/rc.d\/iptable.sh
TXT=`sed '1,$s/\/sbin\/iptables -t nat -A PREROUTING -d .* -p tcp --dport 1080 -j DNAT --to 192.168.0.7:1080/\/sbin\/iptables -t nat -A PREROUTING -d '$P' -p tcp --dport 1080 -j DNAT --to 192.168.0.7:1080/g' \/etc\/rc.d\/iptable.sh`
echo "$TXT" > \/etc\/rc.d\/iptable.sh
TXT=`sed '1,$s/\/sbin\/iptables -t nat -A PREROUTING -d .* -p tcp --dport 888 -j DNAT --to 192.168.0.4:888/\/sbin\/iptables -t nat -A PREROUTING -d '$P' -p tcp --dport 888 -j DNAT --to 192.168.0.4:888/g' \/etc\/rc.d\/iptable.sh`
echo "$TXT" > \/etc\/rc.d\/iptable.sh
TXT=`sed '1,$s/\/sbin\/iptables -t nat -A PREROUTING -d .* -p tcp --dport 23 -j DNAT --to 192.168.0.15:23/\/sbin\/iptables -t nat -A PREROUTING -d '$P' -p tcp --dport 23 -j DNAT --to 192.168.0.15:23/g' \/etc\/rc.d\/iptable.sh`
echo "$TXT" > \/etc\/rc.d\/iptable.sh
TXT=`sed '1,$s/\/sbin\/iptables -t nat -A PREROUTING -d .* -p tcp --dport 1503 -j DNAT --to 192.168.0.111:1503/\/sbin\/iptables -t nat -A PREROUTING -d '$P' -p tcp --dport 1503 -j DNAT --to 192.168.0.111:1503/g' \/etc\/rc.d\/iptable.sh`
echo "$TXT" > \/etc\/rc.d\/iptable.sh
TXT=`sed '1,$s/\/sbin\/iptables -t nat -A PREROUTING -d .* -p tcp --dport 8080 -j DNAT --to 192.168.0.20:8080/\/sbin\/iptables -t nat -A PREROUTING -d '$P' -p tcp --dport 8080 -j DNAT --to 192.168.0.20:8080/g' \/etc\/rc.d\/iptable.sh`
echo "$TXT" > \/etc\/rc.d\/iptable.sh
TXT=`sed '1,$s/\/sbin\/iptables -t nat -A PREROUTING -d .* -p tcp --dport 9090 -j DNAT --to 192.168.0.111:9090/\/sbin\/iptables -t nat -A PREROUTING -d '$P' -p tcp --dport 9090 -j DNAT --to 192.168.0.111:9090/g' \/etc\/rc.d\/iptable.sh`
echo "$TXT" > \/etc\/rc.d\/iptable.sh iptable.sh echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
modprobe ip_tables
modprobe iptable_nat
modprobe ip_conntrack
#localhost ftp
modprobe ip_conntrack_ftp
#nat ftp
modprobe ip_nat_ftp
/sbin/iptables -F -t filter
/sbin/iptables -F -t nat
#
#input to DROP
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
#/sbin/iptables -I INPUT -i ppp0 -p TCP --syn -j DROP
#/sbin/iptables -I FORWARD -i ppp0 -p TCP ! --syn -j ACCETP
#
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
#
# ALLOW loopback NET and PRIVATE
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -j ACCEPT
#FORWARD
#/sbin/iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
#/sbin/iptables -A FORWARD -P udp --dprot 53 -j ACCEPT
#/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# FTP
/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
# KEEP CONNECTIONS
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# NAT
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
# DNAT
#/sbin/iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j DNAT --to 192.168.0.9:80
/sbin/iptables -t nat -A PREROUTING -d 219.133.225.180 -p tcp --dport 80 -j DNAT --to 192.168.0.9:80
/sbin/iptables -t nat -A PREROUTING -d 219.133.225.180 -p tcp --dport 80 -j DNAT --to 192.168.0.9:80
/sbin/iptables -t nat -A PREROUTING -d 219.133.225.180 -p tcp --dport 1080 -j DNAT --to 192.168.0.7:1080
/sbin/iptables -t nat -A PREROUTING -d 219.133.225.180 -p tcp --dport 888 -j DNAT --to 192.168.0.4:888
/sbin/iptables -t nat -A PREROUTING -d 219.133.225.180 -p tcp --dport 1503 -j DNAT --to 192.168.0.111:1503
/sbin/iptables -t nat -A PREROUTING -d 219.133.225.180 -p tcp --dport 23 -j DNAT --to 192.168.0.15:23
/sbin/iptables -t nat -A PREROUTING -d 219.133.225.180 -p tcp --dport 9090 -j DNAT --to 192.168.0.111:9090
在命令提示符下可以,但到了crontab 就不可以了;
因为crontab下没有你的linux下的环境变量;最后用绝对的路径;
还有除错的方式也要多多学习呀!
其实有个好方法可以试一下:
0 2 * * * sh /root/mysql_backup.sh > /root/sqlback.log 2>&1
把错误输出重向到sqlback.log文件。如果执行不正常,会有报错,解决相应的错误即可。
这样查找错误就比较容易了。
crontab * 01-23/1 * * * /etc/rc.d/ipaddress.sh
* 01-23/1 * * * /etc/rc.d/iptable.sh
01-59/3 * * * * root /usr/sbin/adsl-start > /dev/null 2>&1
ipaddress.sh #!/bin/bash
cd /etc/rc.d
P=`\/sbin\/ifconfig ppp0 | grep "inet addr" | awk '{print $2}'`
#echo $p
P=`echo $P | sed 's/addr\://g'`
#echo $P
TXT=`sed '1,$s/\/sbin\/iptables -t nat -A PREROUTING -d .* -p tcp --dport 80 -j DNAT --to 192.168.0.9:80/\/sbin\/iptables -t nat -A PREROUTING -d '$P' -p tcp --dport 80 -j DNAT --to 192.168.0.9:80/g' \/etc\/rc.d\/iptable.sh`
echo "$TXT" > \/etc\/rc.d\/iptable.sh
TXT=`sed '1,$s/\/sbin\/iptables -t nat -A PREROUTING -d .* -p tcp --dport 1080 -j DNAT --to 192.168.0.7:1080/\/sbin\/iptables -t nat -A PREROUTING -d '$P' -p tcp --dport 1080 -j DNAT --to 192.168.0.7:1080/g' \/etc\/rc.d\/iptable.sh`
echo "$TXT" > \/etc\/rc.d\/iptable.sh
TXT=`sed '1,$s/\/sbin\/iptables -t nat -A PREROUTING -d .* -p tcp --dport 888 -j DNAT --to 192.168.0.4:888/\/sbin\/iptables -t nat -A PREROUTING -d '$P' -p tcp --dport 888 -j DNAT --to 192.168.0.4:888/g' \/etc\/rc.d\/iptable.sh`
echo "$TXT" > \/etc\/rc.d\/iptable.sh
TXT=`sed '1,$s/\/sbin\/iptables -t nat -A PREROUTING -d .* -p tcp --dport 23 -j DNAT --to 192.168.0.15:23/\/sbin\/iptables -t nat -A PREROUTING -d '$P' -p tcp --dport 23 -j DNAT --to 192.168.0.15:23/g' \/etc\/rc.d\/iptable.sh`
echo "$TXT" > \/etc\/rc.d\/iptable.sh
TXT=`sed '1,$s/\/sbin\/iptables -t nat -A PREROUTING -d .* -p tcp --dport 1503 -j DNAT --to 192.168.0.111:1503/\/sbin\/iptables -t nat -A PREROUTING -d '$P' -p tcp --dport 1503 -j DNAT --to 192.168.0.111:1503/g' \/etc\/rc.d\/iptable.sh`
echo "$TXT" > \/etc\/rc.d\/iptable.sh
TXT=`sed '1,$s/\/sbin\/iptables -t nat -A PREROUTING -d .* -p tcp --dport 8080 -j DNAT --to 192.168.0.20:8080/\/sbin\/iptables -t nat -A PREROUTING -d '$P' -p tcp --dport 8080 -j DNAT --to 192.168.0.20:8080/g' \/etc\/rc.d\/iptable.sh`
echo "$TXT" > \/etc\/rc.d\/iptable.sh
TXT=`sed '1,$s/\/sbin\/iptables -t nat -A PREROUTING -d .* -p tcp --dport 9090 -j DNAT --to 192.168.0.111:9090/\/sbin\/iptables -t nat -A PREROUTING -d '$P' -p tcp --dport 9090 -j DNAT --to 192.168.0.111:9090/g' \/etc\/rc.d\/iptable.sh`
echo "$TXT" > \/etc\/rc.d\/iptable.sh iptable.sh echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
modprobe ip_tables
modprobe iptable_nat
modprobe ip_conntrack
#localhost ftp
modprobe ip_conntrack_ftp
#nat ftp
modprobe ip_nat_ftp
/sbin/iptables -F -t filter
/sbin/iptables -F -t nat
#
#input to DROP
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
#/sbin/iptables -I INPUT -i ppp0 -p TCP --syn -j DROP
#/sbin/iptables -I FORWARD -i ppp0 -p TCP ! --syn -j ACCETP
#
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
#
# ALLOW loopback NET and PRIVATE
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -j ACCEPT
#FORWARD
#/sbin/iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
#/sbin/iptables -A FORWARD -P udp --dprot 53 -j ACCEPT
#/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# FTP
/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
# KEEP CONNECTIONS
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# NAT
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
# DNAT
#/sbin/iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j DNAT --to 192.168.0.9:80
/sbin/iptables -t nat -A PREROUTING -d 219.133.225.180 -p tcp --dport 80 -j DNAT --to 192.168.0.9:80
/sbin/iptables -t nat -A PREROUTING -d 219.133.225.180 -p tcp --dport 80 -j DNAT --to 192.168.0.9:80
/sbin/iptables -t nat -A PREROUTING -d 219.133.225.180 -p tcp --dport 1080 -j DNAT --to 192.168.0.7:1080
/sbin/iptables -t nat -A PREROUTING -d 219.133.225.180 -p tcp --dport 888 -j DNAT --to 192.168.0.4:888
/sbin/iptables -t nat -A PREROUTING -d 219.133.225.180 -p tcp --dport 1503 -j DNAT --to 192.168.0.111:1503
/sbin/iptables -t nat -A PREROUTING -d 219.133.225.180 -p tcp --dport 23 -j DNAT --to 192.168.0.15:23
/sbin/iptables -t nat -A PREROUTING -d 219.133.225.180 -p tcp --dport 9090 -j DNAT --to 192.168.0.111:9090
相关阅读 更多 +