1 #!/bin/bash 2 # 3 # /usr/sbin/dnsmasq-portforward 4 # 5 # A script which gets run when the dnsmasq DHCP lease database changes. 6 # It logs to $LOGFILE, if it exists, and maintains port-forwards using 7 # IP-tables so that they always point to the correct host. See 8 # $PORTSFILE for details on configuring this. dnsmasq must be version 2.34 9 # or later. 10 # 11 # To enable this script, add 12 # dhcp-script=/usr/sbin/dnsmasq-portforward 13 # to /etc/dnsmasq.conf 14 # 15 # To enable logging, touch $LOGFILE 16 # 17 18 PORTSFILE=/etc/portforward 19 LOGFILE=/var/log/dhcp.log 20 IPTABLES=/sbin/iptables 21 22 action=${1:-0} 23 hostname=${4} 24 25 # log what's going on. 26 if [ -f ${LOGFILE} ] ; then 27 date +"%D %T $*" >>${LOGFILE} 28 fi 29 30 # If a lease gets stripped of a name, we see that as an "old" action 31 # with DNSMASQ_OLD_HOSTNAME set, convert it into a "del" 32 if [ ${DNSMASQ_OLD_HOSTNAME} ] && [ ${action} = old ] ; then 33 action=del 34 hostname=${DNSMASQ_OLD_HOSTNAME} 35 fi 36 37 # action init is not relevant, and will only be seen when leasefile-ro is set. 38 if [ ${action} = init ] ; then 39 exit 0 40 fi 41 42 if [ ${hostname} ]; then 43 ports=$(sed -n -e "/^${hostname}\ .*/ s/^.* //p" ${PORTSFILE}) 44 45 for port in $ports; do 46 verb=removed 47 protocol=tcp 48 if [ ${port:0:1} = u ] ; then 49 protocol=udp 50 port=${port/u/} 51 fi 52 src=${port/:*/} 53 dst=${port/*:/} 54 # delete first, to avoid multiple copies of rules. 55 ${IPTABLES} -t nat -D PREROUTING -p $protocol --destination-port $src -j DNAT --to-destination ${3}:$dst 56 if [ ${action} != del ] ; then 57 ${IPTABLES} -t nat -A PREROUTING -p $protocol --destination-port $src -j DNAT --to-destination ${3}:$dst 58 verb=added 59 fi 60 if [ -f ${LOGFILE} ] ; then 61 echo " DNAT $protocol $src to ${3}:$dst ${verb}." >>${LOGFILE} 62 fi 63 done 64 fi 65 66 exit 0 67 68 69
