port forwarding

#!/bin/bash
# https://major.io/2010/07/26/adding-comments-to-iptables-rules/
# -m comment --comment "limit ssh access"

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o eth3 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth3 -o eth0 -j ACCEPT



sudo iptables -I FORWARD -p tcp -i eth0 -d 192.168.0.207 --dport 8000 -j ACCEPT -m comment --comment "limit ssh access"
sudo iptables -t nat -A PREROUTING -p tcp -i eth0 -d 10.2.33.38 --dport 8000 -j DNAT --to-destination 192.168.0.207:8000 -m comment --comment "limit ssh access"



# juju sync-watch juju plugin, HANDIG!
# http://brianckelley.com/2015/02/simple-easy-nat-port-forwarding-for-iptables-ubuntu/


sudo iptables -I FORWARD -p tcp -i eth0 -d 192.168.0.207 --dport 8000 -j ACCEPT
sudo iptables -t nat -A PREROUTING -p tcp -i eth0 -d 10.2.33.38 --dport 8000 -j DNAT --to-destination 192.168.0.207:8000

# bigmoo

sudo iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

sudo iptables -I FORWARD -p tcp -i eth4 -d 192.168.0.153 --dport 2222 -j ACCEPT
sudo iptables -t nat -A PREROUTING -p tcp -i eth4 -d 10.2.33.194 --dport 2222 -j DNAT --to-destination 192.168.0.153:22



# tunnel to openvpn

# https://docs.openvpn.net/frequently-asked-questions/

sudo iptables -I FORWARD -p udp -i eth0 -d 10.2.33.164 --dport 1194 -j ACCEPT
sudo iptables -t nat -A PREROUTING -p udp -i eth0 --dport 1194 -j DNAT --to-destination 10.2.33.164:1194


sudo iptables -I FORWARD -p tcp -i eth0 -d 10.2.33.164 --dport 443 -j ACCEPT
sudo iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 443 -j DNAT --to-destination 10.2.33.164:443


# tunnel to openvpn GENERIC

sudo echo 1 > /proc/sys/net/ipv4/ip_forward
sed -i -e "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g" /etc/sysctl.conf


# NAT
export PUB_IF=eth0
export PUB_IP=193.190.127.246
sudo iptables -t nat -A POSTROUTING -o $PUB_IF -j MASQUERADE
#sudo service iptables-persistent save
sudo iptables-save > ~/iptables-rules.fw
# Port forwarding
export PUB_PORT=443
export DEST_IP=10.2.33.185
export DEST_PORT=443
export PROTOCOL=tcp
sudo iptables -I FORWARD -p $PROTOCOL -i $PUB_IF -d $DEST_IP --dport $PUB_PORT -j ACCEPT
sudo iptables -t nat -A PREROUTING -p $PROTOCOL -i $PUB_IF -d $PUB_IP --dport $PUB_PORT -j DNAT --to-destination $DEST_IP:$DEST_PORT

export PUB_PORT=1194
export DEST_IP=10.2.33.185
export DEST_PORT=1194
export PROTOCOL=udp
sudo iptables -I FORWARD -p $PROTOCOL -i $PUB_IF -d $DEST_IP --dport $PUB_PORT -j ACCEPT
sudo iptables -t nat -A PREROUTING -p $PROTOCOL -i $PUB_IF -d $PUB_IP --dport $PUB_PORT -j DNAT --to-destination $DEST_IP:$DEST_PORT


export PUB_IF=eth0
export PUB_IP=193.190.127.232
export PUB_PORT=21
export DEST_IP=10.2.1.99
export DEST_PORT=21
export PROTOCOL=tcp
sudo iptables -I FORWARD -p $PROTOCOL -i $PUB_IF -d $DEST_IP --dport $PUB_PORT -j ACCEPT
sudo iptables -t nat -A PREROUTING -p $PROTOCOL -i $PUB_IF -d $PUB_IP --dport $PUB_PORT -j DNAT --to-destination $DEST_IP:$DEST_PORT



export PUB_IF=eth0
export PUB_IP=193.190.127.232
export PUB_PORT=8080
export DEST_IP=10.2.1.99
export DEST_PORT=8080
export PROTOCOL=tcp
sudo iptables -I FORWARD -p $PROTOCOL -i $PUB_IF -d $DEST_IP --dport $PUB_PORT -j ACCEPT
sudo iptables -t nat -A PREROUTING -p $PROTOCOL -i $PUB_IF -d $PUB_IP --dport $PUB_PORT -j DNAT --to-destination $DEST_IP:$DEST_PORT

http://flask.pocoo.org/docs/0.10/deploying/mod_wsgi/

export PUB_PORT=2222
export DEST_IP=192.168.14.167
export DEST_PORT=22
export PROTOCOL=tcp
sudo iptables -I FORWARD -p $PROTOCOL -d $DEST_IP --dport $PUB_PORT -j ACCEPT
sudo iptables -t nat -A PREROUTING -p $PROTOCOL --dport $PUB_PORT -j DNAT --to-destination $DEST_IP:$DEST_PORT


export PUB_PORT=2223
export DEST_IP=192.168.14.165
export DEST_PORT=22
export PROTOCOL=tcp
sudo iptables -I FORWARD -p $PROTOCOL -d $DEST_IP --dport $PUB_PORT -j ACCEPT
sudo iptables -t nat -A PREROUTING -p $PROTOCOL --dport $PUB_PORT -j DNAT --to-destination $DEST_IP:$DEST_PORT


export PUB_PORT=2225
export DEST_IP=192.168.14.195
export DEST_PORT=22
export PROTOCOL=tcp
sudo iptables -I FORWARD -p $PROTOCOL -d $DEST_IP --dport $PUB_PORT -j ACCEPT
sudo iptables -t nat -A PREROUTING -p $PROTOCOL --dport $PUB_PORT -j DNAT --to-destination $DEST_IP:$DEST_PORT