redirect-ports.sh 1.3 KB

1234567891011121314151617181920212223242526
  1. #!/bin/bash
  2. # redirects ports below 1024 to a higher range using iptables, so they can be used without elevated rights
  3. # MySQL SIP (3306 and 5060) are left out because they are >= 1024 anyways
  4. # ECHO FTP HTTP HTTPS SMB (NETBIOS UDP & TCP) SSH TELNET
  5. protocol=( "tcp" "tcp" "tcp" "tcp" "udp" "udp" "tcp" "tcp" "tcp" "tcp")
  6. origin=( 7 21 80 443 137 138 139 22 23 445)
  7. destination=( 28144 28169 28217 28580 28274 28275 28276 28159 28160 28582) # simply offset by 1024 + 27113
  8. length=${#protocol[@]} # count protocol elements
  9. # for (( i=0; i<$length; i++ ))
  10. #for i in `seq 0 9` # fix for android's annoyingly limited bash
  11. for i in 0 1 2 3 4 5 6 7 8 9 # another fix for devices missing the seq command
  12. do
  13. # echo ${protocol[$i]} ${origin[$i]} ${destination[$i]} # debug
  14. # delete previous rules to avoid duplicates
  15. iptables -t nat -D PREROUTING -p ${protocol[$i]} --dport ${origin[$i]} -j REDIRECT --to-ports ${destination[$i]}
  16. iptables -t nat -D OUTPUT -p ${protocol[$i]} --dport ${destination[$i]} -j REDIRECT --to-ports ${origin[$i]}
  17. # add new rules
  18. iptables -t nat -A PREROUTING -p ${protocol[$i]} --dport ${origin[$i]} -j REDIRECT --to-ports ${destination[$i]}
  19. iptables -t nat -A OUTPUT -p ${protocol[$i]} --dport ${destination[$i]} -j REDIRECT --to-ports ${origin[$i]}
  20. done