用于转发端口的 Bash 脚本

Question

我在谷歌上搜索了很多，但没有找到任何问题的答案。

我想将路由器的 8080 端口转发到 192.168.1.7:5555。我试图通过路由器的 GUI 进行设置，但它不起作用。 制作一个 bash 脚本并将其放入路由器中即可。

请帮助我，如果有人知道如何使用 shell 脚本进行端口转发。

编辑

我的路由器中安装了 OpenWRT。 我无法更新我的路由器。以下是我在运行“opkg update”时得到的错误

Downloading http://downloads.openwrt.org/backfire/10.03.1/ath79/packages/Packages.gz.
wget: server returned error: HTTP/1.1 404 Not Found
Collected errors:
 * opkg_download: Failed to download http://downloads.openwrt.org/backfire/10.03.1/ath79/packages/Packages.gz, wget returned 1

所以，我将无法在其中安装任何软件包。

Answer 1

您可以使用miniupnp。

然后，从端口 8080 到 5555，运行这个命令。

upnpc -a 192.168.1.7 5555 8080 TCP

Answer 2

如果您不介意 Perl，可以使用我在 http://www.catonmat.net/blog/perl-tcp-proxy/ 上找到的解决方案：

use warnings;
use strict;

use IO::Socket::INET;
use IO::Select;

my @allowed_ips = ('all', '10.10.10.5');
my $ioset = IO::Select->new;
my %socket_map;

my $debug = 1;

sub new_conn {
    my ($host, $port) = @_;
    return IO::Socket::INET->new(
        PeerAddr => $host,
        PeerPort => $port
    ) || die "Unable to connect to $host:$port: $!";
}

sub new_server {
    my ($host, $port) = @_;
    my $server = IO::Socket::INET->new(
        LocalAddr => $host,
        LocalPort => $port,
        ReuseAddr => 1,
        Listen    => 100
    ) || die "Unable to listen on $host:$port: $!";
}

sub new_connection {
    my $server = shift;
    my $remote_host = shift;
    my $remote_port = shift;

    my $client = $server->accept;
    my $client_ip = client_ip($client);

    unless (client_allowed($client)) {
        print "Connection from $client_ip denied.\n" if $debug;
        $client->close;
        return;
    }
    print "Connection from $client_ip accepted.\n" if $debug;

    my $remote = new_conn($remote_host, $remote_port);
    $ioset->add($client);
    $ioset->add($remote);

    $socket_map{$client} = $remote;
    $socket_map{$remote} = $client;
}

sub close_connection {
    my $client = shift;
    my $client_ip = client_ip($client);
    my $remote = $socket_map{$client};

    $ioset->remove($client);
    $ioset->remove($remote);

    delete $socket_map{$client};
    delete $socket_map{$remote};

    $client->close;
    $remote->close;

    print "Connection from $client_ip closed.\n" if $debug;
}

sub client_ip {
    my $client = shift;
    return inet_ntoa($client->sockaddr);
}

sub client_allowed {
    my $client = shift;
    my $client_ip = client_ip($client);
    return grep { $_ eq $client_ip || $_ eq 'all' } @allowed_ips;
}

die "Usage: $0 <local port> <remote_host:remote_port>" unless @ARGV == 2;

my $local_port = shift;
my ($remote_host, $remote_port) = split ':', shift();


print "Starting a server on 0.0.0.0:$local_port\n";
my $server = new_server('0.0.0.0', $local_port);
$ioset->add($server);

while (1) {
    for my $socket ($ioset->can_read) {
        if ($socket == $server) {
            new_connection($server, $remote_host, $remote_port);
        }
        else {
            next unless exists $socket_map{$socket};
            my $remote = $socket_map{$socket};
            my $buffer;
            my $read = $socket->sysread($buffer, 4096);
            if ($read) {
                $remote->syswrite($buffer);
            }
            else {
                close_connection($socket);
            }
        }
    }
}

然后开始

./tcp-proxy2.pl 8080 192.168.1.7:5555 &

Answer 3

为什么不使用 iptable？ 您可以配置在端口 8080 上收到的每个数据包都将传输到端口 5555 上的 ip 192.168.1.7。

我已经检查并且 openwrt 应该支持 iptable！ 我不知道你具体的路由器型号，但你可以看看http://wiki.openwrt.org/doc/howto/netfilter# 它将向您解释如何使用 Netfilters（用户模式程序是 iptable）。

iptable 是非常有用的工具！

Answer 4

#!/bin/sh

echo "Content-type: text/html"
echo ""
echo '<html>'
echo '<head>'
echo '<body>'
echo '<br><h3 align='left'>REMOTE MANAGEMENT</h3>'

if [ -z "$QUERY_STRING" ]; then
    ext_port=$(uci get firewall.remote_redirect.src_dport)
else
    intport=`echo "$QUERY_STRING" | sed -n 's/^.*newid=\([^&]*\).*$/\1/p' | sed "s/%20/ /g" | sed "s/%40/@/g" | sed "s/%28/(/g" | sed "s/%29/)/g" | sed "s/%25/%/g" | sed "s/%2B/+/g" | sed "s/%23/#/g" | sed "s/%21/!/g" | sed "s/%24/$/g" | sed "s/%5E/^/g" | sed "s/%3D/=/g" | sed "s/%7E/~/g" | sed "s/%7C/|/g" | sed "s/%7B/{/g" | sed "s/%7D/}/g" | sed "s/%5B/[/g" | sed "s/%5D/]/g" | sed "s/%3A/:/g" | sed "s/%3B/;/g" | sed "s/%3F/?/g" | sed "s/%2C/,/g" | sed "s/%3C/</g" | sed "s/%3E/>/g"`
    extport=`echo "$QUERY_STRING" | sed -n 's/^.*newpass=\([^&]*\).*$/\1/p' | sed "s/%20/ /g" | sed "s/%40/@/g" | sed "s/%28/(/g" | sed "s/%29/)/g" | sed "s/%25/%/g" | sed "s/%2B/+/g" | sed "s/%23/#/g" | sed "s/%21/!/g" | sed "s/%24/$/g" | sed "s/%5E/^/g" | sed "s/%3D/=/g" | sed "s/%7E/~/g" | sed "s/%7C/|/g" | sed "s/%7B/{/g" | sed "s/%7D/}/g" | sed "s/%5B/[/g" | sed "s/%5D/]/g" | sed "s/%3A/:/g" | sed "s/%3B/;/g" | sed "s/%3F/?/g" | sed "s/%2C/,/g" | sed "s/%3C/</g" | sed "s/%3E/>/g"`
fi

echo '
<style type="text/css">
    table 
    {
    font-family: arial, sans-serif;
    border-collapse: collapse;
    width: 60%;
    border:2px solid #999;
    }
    td
    {
    width: 50%;
    height: 40px;
    border: 1px solid #dddddd;
    text-align: left;
    padding: 2px;
    }
    input
    {
    background-color:#e6f2ff;
    }
    #button
    {
    height: 30px;
    width: 70px;
    background: #27b3e4;
    border: 0 rgba(0,0,0,0);
    text-align: center;
    font-family:Verdana;
    font-size: 16px;
    line-height: 18px;
    color: rgb(255, 255, 255);
    }
    #button:hover
    {
    background: #0e99ca;
    }
</style>'
ext_port=$(uci get firewall.remote_redirect.src_dport)
echo "<form method=GET action=\"${SCRIPT}\" name="login">"\
'<table align="center">'\
'<tr><td>&nbsp;&nbsp;Web&nbsp;Management&nbsp;Port&nbsp;:</td><td><input type="number" name="newid" value="80"/>&nbsp;&nbsp;(Default&nbsp;Value&nbsp;is&nbsp;80)</td></tr>'\
'<tr><td>&nbsp;&nbsp;Redirect&nbsp;Port&nbsp;:</td><td><input type="number" name="newpass" value="'$ext_port'"/></td></tr>'\
'</table>'\
'<center><br><br><br><input id="button" type="submit" value="Save"/></center>'\
'</form>'
if [ "$REQUEST_METHOD" != "GET" ]; then
    echo "<hr>Script Error:"\
         "<br>Usage error, cannot complete request, REQUEST_METHOD!=GET."\
         "<br>Check your FORM declaration and be sure to use METHOD=\"GET\".            <hr>"
    exit 1
fi

if [ -z "$QUERY_STRING" ]; then
    exit 0
else
    intport=`echo "$QUERY_STRING" | sed -n 's/^.*newid=\([^&]*\).*$/\1/p' | sed "s/%20/ /g" | sed "s/%40/@/g" | sed "s/%28/(/g" | sed "s/%29/)/g" | sed "s/%25/%/g" | sed "s/%2B/+/g" | sed "s/%23/#/g" | sed "s/%21/!/g" | sed "s/%24/$/g" | sed "s/%5E/^/g" | sed "s/%3D/=/g" | sed "s/%7E/~/g" | sed "s/%7C/|/g" | sed "s/%7B/{/g" | sed "s/%7D/}/g" | sed "s/%5B/[/g" | sed "s/%5D/]/g" | sed "s/%3A/:/g" | sed "s/%3B/;/g" | sed "s/%3F/?/g" | sed "s/%2C/,/g" | sed "s/%3C/</g" | sed "s/%3E/>/g"`
    extport=`echo "$QUERY_STRING" | sed -n 's/^.*newpass=\([^&]*\).*$/\1/p' | sed "s/%20/ /g" | sed "s/%40/@/g" | sed "s/%28/(/g" | sed "s/%29/)/g" | sed "s/%25/%/g" | sed "s/%2B/+/g" | sed "s/%23/#/g" | sed "s/%21/!/g" | sed "s/%24/$/g" | sed "s/%5E/^/g" | sed "s/%3D/=/g" | sed "s/%7E/~/g" | sed "s/%7C/|/g" | sed "s/%7B/{/g" | sed "s/%7D/}/g" | sed "s/%5B/[/g" | sed "s/%5D/]/g" | sed "s/%3A/:/g" | sed "s/%3B/;/g" | sed "s/%3F/?/g" | sed "s/%2C/,/g" | sed "s/%3C/</g" | sed "s/%3E/>/g"`

t1=$(uci set firewall.remote_redirect=redirect)
t2=$(uci set firewall.remote_redirect.src=wan)
t3=$(uci set firewall.remote_redirect.src_dport=$extport)
t4=$(uci set firewall.remote_redirect.dest=lan)
t5=$(uci set firewall.remote_redirect.dest_port=$intport)
t6=$(uci set firewall.remote_redirect.target=DNAT)
t7=$(uci set firewall.remote_redirect.proto=tcp)
t8=$(uci commit firewall)
t9=$(/etc/init.d/firewall restart)

fi

echo '</head>'

echo '</body>'
echo '</html>'
exit 0

我想这会对你有所帮助，我还在 openwrt 路由器中开发了这个用于远程管理的脚本，它对我有用。