| 1234567891011121314151617 |
- #!/bin/bash
- # redirects ports below 1024 to a higher range using iptables, so they can be used without elevated rights
- # MySQL SIP (3306 and 5060) are left out because they are >= 1024 anyways
- # ECHO FTP HTTP HTTPS SMB (NETBIOS UDP & TCP) SSH TELNET
- protocol=( "tcp" "tcp" "tcp" "tcp" "udp" "udp" "tcp" "tcp" "tcp" "tcp" )
- origin=( 7 21 80 443 137 138 137 139 22 23 )
- destination=( 28144 28169 28217 28580 28274 28275 28274 28276 28159 28160 ) # simply offset by 1024 + 27113
- length=${#protocol[@]} # count protocol elements
- for (( i=0; i<$length; i++ ))
- do
- # echo ${protocol[$i]} ${origin[$i]} ${destination[$i]} # debug
- iptables -t nat -A PREROUTING -p ${protocol[$i]} --dport ${origin[$i]} -j REDIRECT --to-ports ${destination[$i]}
- iptables -t nat -A OUTPUT -p ${protocol[$i]} --dport ${destination[$i]} -j REDIRECT --to-ports ${origin[$i]}
- done
|
