Update buildvm.sh

This commit is contained in:
spiritLHLS 2023-04-09 23:50:03 +08:00 committed by GitHub
parent d31c432375
commit 820d50f004
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -87,40 +87,40 @@ qm set $vm_num --cipassword $password --ciuser $user
qm resize $vm_num scsi0 ${disk}G
qm start $vm_num
if systemctl enable iptables > /dev/null 2>&1; then
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to ${IPV4}
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${sshn} -j DNAT --to-destination ${user_ip}:22
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${web1_port} -j DNAT --to-destination ${user_ip}:80
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${web2_port} -j DNAT --to-destination ${user_ip}:443
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${port_first}:${port_last} -j DNAT --to-destination ${user_ip}:${port_first}-${port_last}
iptables -t nat -A PREROUTING -i eth0 -p udp -m udp --dport ${port_first}:${port_last} -j DNAT --to-destination ${user_ip}:${port_first}-${port_last}
service iptables save
service iptables restart
else
if ! systemctl is-active --quiet nftables; then
systemctl start nftables
fi
if ! command -v nft >/dev/null 2>&1; then
apt-get install nftables
fi
if ! nft list tables | grep -q nat; then
nft add table nat
fi
if ! nft list table nat | grep -q postrouting; then
nft add chain nat postrouting { type nat hook postrouting priority 0 \; }
# nft add rule nat postrouting oif eth0 snat to ${IPV4}
fi
if ! nft list table nat | grep -q prerouting; then
nft add chain nat prerouting { type nat hook prerouting priority 0 \; }
fi
nft add rule nat prerouting iif eth0 tcp dport ${sshn} dnat to ${user_ip}:22
nft add rule nat prerouting iif eth0 tcp dport ${web1_port} dnat to ${user_ip}:80
nft add rule nat prerouting iif eth0 tcp dport ${web2_port} dnat to ${user_ip}:443
nft add rule nat prerouting iif eth0 tcp dport ${port_first}-${port_last} dnat to ${user_ip}:${port_first}-${port_last}
nft add rule nat prerouting iif eth0 udp dport ${port_first}-${port_last} dnat to ${user_ip}:${port_first}-${port_last}
nft list ruleset > /etc/nftables.conf
systemctl restart nftables.service
fi
# if systemctl enable iptables > /dev/null 2>&1; then
# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to ${IPV4}
# iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${sshn} -j DNAT --to-destination ${user_ip}:22
# iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${web1_port} -j DNAT --to-destination ${user_ip}:80
# iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${web2_port} -j DNAT --to-destination ${user_ip}:443
# iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport ${port_first}:${port_last} -j DNAT --to-destination ${user_ip}:${port_first}-${port_last}
# iptables -t nat -A PREROUTING -i eth0 -p udp -m udp --dport ${port_first}:${port_last} -j DNAT --to-destination ${user_ip}:${port_first}-${port_last}
# service iptables save
# service iptables restart
# else
# if ! systemctl is-active --quiet nftables; then
# systemctl start nftables
# fi
# if ! command -v nft >/dev/null 2>&1; then
# apt-get install nftables
# fi
# if ! nft list tables | grep -q nat; then
# nft add table nat
# fi
# if ! nft list table nat | grep -q postrouting; then
# nft add chain nat postrouting { type nat hook postrouting priority 0 \; }
# # nft add rule nat postrouting oif eth0 snat to ${IPV4}
# fi
# if ! nft list table nat | grep -q prerouting; then
# nft add chain nat prerouting { type nat hook prerouting priority 0 \; }
# fi
# nft add rule nat prerouting iif eth0 tcp dport ${sshn} dnat to ${user_ip}:22
# nft add rule nat prerouting iif eth0 tcp dport ${web1_port} dnat to ${user_ip}:80
# nft add rule nat prerouting iif eth0 tcp dport ${web2_port} dnat to ${user_ip}:443
# nft add rule nat prerouting iif eth0 tcp dport ${port_first}-${port_last} dnat to ${user_ip}:${port_first}-${port_last}
# nft add rule nat prerouting iif eth0 udp dport ${port_first}-${port_last} dnat to ${user_ip}:${port_first}-${port_last}
# nft list ruleset > /etc/nftables.conf
# systemctl restart nftables.service
# fi
echo "$vm_num $user $password $core $memory $disk $sshn $web1_port $web2_port $port_first $port_last $system" >> "vm${vm_num}"
cat "vm${vm_num}"