-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathstart-tunneling.sh
65 lines (51 loc) · 1.35 KB
/
start-tunneling.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/bin/sh
main() {
checkRequirements
setupIptablesPrerouting
setupIptablesPostrouting
stayAlive
}
checkRequirements() {
hasNetAdminCapability
mappingFileExists
}
hasNetAdminCapability() {
if ! getpcaps 1 2>&1 | grep cap_net_admin > /dev/null; then
echo 'This container requires the "--cap-add=NET_ADMIN" flag.'
exit 1
fi
}
mappingFileExists() {
if [ ! -f 'mapping.yml' ]; then
echo "Did not find required mapping file: '${PWD}/mapping.yml'"
exit 1
fi
}
setupIptablesPrerouting() {
for i in $(tunneling-mapping-parser -s); do
acceptPort=$(tunneling-mapping-parser -m "${i}" -p acceptPort)
destinationIp=$(tunneling-mapping-parser -m "${i}" -p targetIp)
destinationPort=$(tunneling-mapping-parser -m "${i}" -p targetPort)
printf "Setting up tunneling %s..." "$(tunneling-mapping-parser -m "${i}")"
iptables -t nat -A PREROUTING -p tcp --dport "${acceptPort}" -j DNAT --to-destination "${destinationIp}":"${destinationPort}"
echo 'DONE'
done
}
setupIptablesPostrouting() {
iptables -t nat -A POSTROUTING -j MASQUERADE
for iface in $(ip address | grep eth | grep inet | awk '{print $2}'); do
iptables -t nat -A POSTROUTING -s "$iface" -j MASQUERADE
done
}
stayAlive() {
trap shutdown INT TERM
while true; do
sleep 600 &
wait $!
done
}
shutdown() {
kill -s TERM $!
exit 0
}
main