diff --git a/buildvm.sh b/buildvm.sh index c71cd4e..c5627db 100644 --- a/buildvm.sh +++ b/buildvm.sh @@ -87,40 +87,40 @@ qm set $vm_num --cipassword $password --ciuser $user qm resize $vm_num scsi0 ${disk}G qm start $vm_num -if systemctl enable iptables > /dev/null 2>&1; then - iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to ${IPV4} - iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${sshn} -j DNAT --to-destination ${user_ip}:22 - iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${web1_port} -j DNAT --to-destination ${user_ip}:80 - iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${web2_port} -j DNAT --to-destination ${user_ip}:443 - iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${port_first}:${port_last} -j DNAT --to-destination ${user_ip}:${port_first}-${port_last} - iptables -t nat -A PREROUTING -i eth0 -p udp -m udp --dport ${port_first}:${port_last} -j DNAT --to-destination ${user_ip}:${port_first}-${port_last} - service iptables save - service iptables restart -else - if ! systemctl is-active --quiet nftables; then - systemctl start nftables - fi - if ! command -v nft >/dev/null 2>&1; then - apt-get install nftables - fi - if ! nft list tables | grep -q nat; then - nft add table nat - fi - if ! nft list table nat | grep -q postrouting; then - nft add chain nat postrouting { type nat hook postrouting priority 0 \; } -# nft add rule nat postrouting oif eth0 snat to ${IPV4} - fi - if ! nft list table nat | grep -q prerouting; then - nft add chain nat prerouting { type nat hook prerouting priority 0 \; } - fi - nft add rule nat prerouting iif eth0 tcp dport ${sshn} dnat to ${user_ip}:22 - nft add rule nat prerouting iif eth0 tcp dport ${web1_port} dnat to ${user_ip}:80 - nft add rule nat prerouting iif eth0 tcp dport ${web2_port} dnat to ${user_ip}:443 - nft add rule nat prerouting iif eth0 tcp dport ${port_first}-${port_last} dnat to ${user_ip}:${port_first}-${port_last} - nft add rule nat prerouting iif eth0 udp dport ${port_first}-${port_last} dnat to ${user_ip}:${port_first}-${port_last} - nft list ruleset > /etc/nftables.conf - systemctl restart nftables.service -fi +# if systemctl enable iptables > /dev/null 2>&1; then +# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to ${IPV4} +# iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${sshn} -j DNAT --to-destination ${user_ip}:22 +# iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${web1_port} -j DNAT --to-destination ${user_ip}:80 +# iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${web2_port} -j DNAT --to-destination ${user_ip}:443 +# iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${port_first}:${port_last} -j DNAT --to-destination ${user_ip}:${port_first}-${port_last} +# iptables -t nat -A PREROUTING -i eth0 -p udp -m udp --dport ${port_first}:${port_last} -j DNAT --to-destination ${user_ip}:${port_first}-${port_last} +# service iptables save +# service iptables restart +# else +# if ! systemctl is-active --quiet nftables; then +# systemctl start nftables +# fi +# if ! command -v nft >/dev/null 2>&1; then +# apt-get install nftables +# fi +# if ! nft list tables | grep -q nat; then +# nft add table nat +# fi +# if ! nft list table nat | grep -q postrouting; then +# nft add chain nat postrouting { type nat hook postrouting priority 0 \; } +# # nft add rule nat postrouting oif eth0 snat to ${IPV4} +# fi +# if ! nft list table nat | grep -q prerouting; then +# nft add chain nat prerouting { type nat hook prerouting priority 0 \; } +# fi +# nft add rule nat prerouting iif eth0 tcp dport ${sshn} dnat to ${user_ip}:22 +# nft add rule nat prerouting iif eth0 tcp dport ${web1_port} dnat to ${user_ip}:80 +# nft add rule nat prerouting iif eth0 tcp dport ${web2_port} dnat to ${user_ip}:443 +# nft add rule nat prerouting iif eth0 tcp dport ${port_first}-${port_last} dnat to ${user_ip}:${port_first}-${port_last} +# nft add rule nat prerouting iif eth0 udp dport ${port_first}-${port_last} dnat to ${user_ip}:${port_first}-${port_last} +# nft list ruleset > /etc/nftables.conf +# systemctl restart nftables.service +# fi echo "$vm_num $user $password $core $memory $disk $sshn $web1_port $web2_port $port_first $port_last $system" >> "vm${vm_num}" cat "vm${vm_num}"