#!/bin/bash
#############################################################
#
# 全局定义部分
#
#############################################################
#到网关的主目录
cd /ssl/bin
#
# 全局定义部分
#
#############################################################
#到网关的主目录
cd /ssl/bin
#定义一个null的变量
NULL=/dev/null
NULL=/dev/null
#使网关开启路由转发功能
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_forward
#卸载cp的别名,程序拷贝文件时,不需要交互。
alias cp='cp -i'
unalias cp
alias cp='cp -i'
unalias cp
#创建nc脚本使用的目录
if [ ! -d /ssl/bin/.nc ] ; then
mkdir .nc
fi
#创建文件,用于比较是否相同
touch .nc/ipaddandport3
touch .nc/ipaddandport4
touch .nc/dnsipaddport2
touch .nc/awk.txt2
touch .nc/ipaddandport3
touch .nc/ipaddandport4
touch .nc/dnsipaddport2
touch .nc/awk.txt2
#判断程序是否能开机启动
START=`grep /ssl/bin/nc.sh /etc/rc.local >$NULL ; echo $? `
if [ $START -eq 1 ] ; then
START=`grep /ssl/bin/nc.sh /etc/rc.local >$NULL ; echo $? `
if [ $START -eq 1 ] ; then
echo "nohup /ssl/bin/nc.sh &" >>/etc/rc.local
fi
#创建数据库脚本文件
if [ ! -e /ssl/bin/.nc/derby.sql ] ; then
#创建数据查询语句
echo "connect 'jdbc:derby:/ssl/bin/.nc/Server.Box.Derby2';" > .nc/derby.sql
echo "select * from NCMAPTABLE ;" >> .nc/derby.sql
fi
#更新数据库文件,可以让开机再加载一次NC的配置
DIFFFILE=`grep "touch /ssl/bin/.nc/Server.Box.Derby2/diff" /etc/rc.local >$NULL; echo $?`
if [ ! -e /ssl/bin/.nc/derby.sql ] ; then
#创建数据查询语句
echo "connect 'jdbc:derby:/ssl/bin/.nc/Server.Box.Derby2';" > .nc/derby.sql
echo "select * from NCMAPTABLE ;" >> .nc/derby.sql
fi
#更新数据库文件,可以让开机再加载一次NC的配置
DIFFFILE=`grep "touch /ssl/bin/.nc/Server.Box.Derby2/diff" /etc/rc.local >$NULL; echo $?`
if [ $DIFFFILE -eq 1 ] ; then
echo " touch /ssl/bin/.nc/Server.Box.Derby2/diff " >> /etc/rc.local
fi
#############################################################
#
# 脚本循环执行部分
#
#############################################################
#############################################################
#
# 脚本循环执行部分
#
#############################################################
while [ 1 ]
do
do
#比较俩个目录是否相同,用来确定是否需要重新复制数据库
DIRFC=`diff -r Server.Box.Derby .nc/Server.Box.Derby2/ &>$NULL ; echo $?`
DIRFC=`diff -r Server.Box.Derby .nc/Server.Box.Derby2/ &>$NULL ; echo $?`
if [ ! $DIRFC -eq 0 ] ; then
#复制数据库文件
rm -rf .nc/Server.Box.Derby2
cp /ssl/bin/Server.Box.Derby/ /ssl/bin/.nc/Server.Box.Derby2 -r
logger "cp /ssl/bin/Server.Box.Derby/ /ssl/bin/.nc/Server.Box.Derby2 -r"
fi
#复制数据库文件
rm -rf .nc/Server.Box.Derby2
cp /ssl/bin/Server.Box.Derby/ /ssl/bin/.nc/Server.Box.Derby2 -r
logger "cp /ssl/bin/Server.Box.Derby/ /ssl/bin/.nc/Server.Box.Derby2 -r"
fi
#运行数据库程序,提取NC数据库文件
java -jar /ssl/tomcat/webapps/SSL/WEB-INF/lib/derbyrun.jar ij /ssl/bin/.nc/derby.sql > .nc/ncmap
java -jar /ssl/tomcat/webapps/SSL/WEB-INF/lib/derbyrun.jar ij /ssl/bin/.nc/derby.sql > .nc/ncmap
#判断NC服务是否启动,定义一个值。
NCSTAT=`ifconfig | grep t[trap.tun0] >$NULL ; echo $?`
NCSTAT=`ifconfig | grep t[trap.tun0] >$NULL ; echo $?`
#获取NC服务的原地址段,就是客户机启动虚拟地址段。
SNATSADD=`cat NcServ.config | grep Client |awk -F'<Client>' '{print $2}' |awk -F'</Client>' '{print $1}' `
SNATSADD=`cat NcServ.config | grep Client |awk -F'<Client>' '{print $2}' |awk -F'</Client>' '{print $1}' `
#提取nc服务的配置信息,提取目的服务器ip地址,端口信息。
cat .nc/ncmap |egrep -v '^-|rows|ij|MAPID' |column -t |awk '{print $2" "$3}' |awk -F'|' '{print $2 $3 $5}' |egrep ^[a-z] > .nc/dnsipaddport
cat .nc/ncmap |egrep -v 'ij|'^-'|rows|MAPID' |column -t |awk '{print $2" "$3}'|awk -F'|' '{print $2 $3 $5}' |egrep -v ^[a-z] | grep -v - > .nc/ipaddandport
cat .nc/ncmap |egrep -v 'ij|'^-'|rows|MAPID' |column -t |awk '{print $2" "$3}'|awk -F'|' '{print $2 $3 $5}' |egrep -v ^[a-z]|grep - | sed s/-/:/g >.nc/ipaddandport2
cat .nc/ncmap |egrep -v '^-|rows|ij|MAPID' |column -t |grep ';TCP' |awk -F'|' '{print $2" "$3}' |awk -F';' '{print $1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "$10" "$11" "$12" "$13" "$14" "$15" "$16" "$17" "$18 }' | awk -F: '{print $1" "$3" "$5" "$7" "$9" "$11" "$13" "$15" "$17" "$19" "$21""$23" "$25" "$27" "$29" "$31" "$33" "$35" "$37 }' |sed s/-/:/g > .nc/awk.txt
cat .nc/ncmap |egrep -v '^-|rows|ij|MAPID' |column -t |awk '{print $2" "$3}' |awk -F'|' '{print $2 $3 $5}' |egrep ^[a-z] > .nc/dnsipaddport
cat .nc/ncmap |egrep -v 'ij|'^-'|rows|MAPID' |column -t |awk '{print $2" "$3}'|awk -F'|' '{print $2 $3 $5}' |egrep -v ^[a-z] | grep -v - > .nc/ipaddandport
cat .nc/ncmap |egrep -v 'ij|'^-'|rows|MAPID' |column -t |awk '{print $2" "$3}'|awk -F'|' '{print $2 $3 $5}' |egrep -v ^[a-z]|grep - | sed s/-/:/g >.nc/ipaddandport2
cat .nc/ncmap |egrep -v '^-|rows|ij|MAPID' |column -t |grep ';TCP' |awk -F'|' '{print $2" "$3}' |awk -F';' '{print $1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "$10" "$11" "$12" "$13" "$14" "$15" "$16" "$17" "$18 }' | awk -F: '{print $1" "$3" "$5" "$7" "$9" "$11" "$13" "$15" "$17" "$19" "$21""$23" "$25" "$27" "$29" "$31" "$33" "$35" "$37 }' |sed s/-/:/g > .nc/awk.txt
#比较俩个文件是否相同,生成值。
diff .nc/ipaddandport .nc/ipaddandport3 >$NULL; echo $? > .nc/FC
diff .nc/ipaddandport2 .nc/ipaddandport4 >$NULL; echo $? >>.nc/FC
diff .nc/dnsipaddport .nc/dnsipaddport2 >$NULL; echo $? >>.nc/FC
diff .nc/awk.txt .nc/awk.txt2 >$NULL; echo $? >>.nc/FC
#判断ipaddandport文件是否更改过,定义一个值
FCSTAT=`grep 1 .nc/FC >$NULL ; echo $?`
diff .nc/ipaddandport .nc/ipaddandport3 >$NULL; echo $? > .nc/FC
diff .nc/ipaddandport2 .nc/ipaddandport4 >$NULL; echo $? >>.nc/FC
diff .nc/dnsipaddport .nc/dnsipaddport2 >$NULL; echo $? >>.nc/FC
diff .nc/awk.txt .nc/awk.txt2 >$NULL; echo $? >>.nc/FC
#判断ipaddandport文件是否更改过,定义一个值
FCSTAT=`grep 1 .nc/FC >$NULL ; echo $?`
if [ $NCSTAT -eq 0 ] ;then
#判断ipaddandport文件是否更改过,更改过就执行下面的配置。
if [ $FCSTAT -eq 0 ] ; then
#复制一个nc服务的配置文件,作为旧的与新的做比较
cp .nc/ipaddandport .nc/ipaddandport3
cp .nc/ipaddandport2 .nc/ipaddandport4
cp .nc/dnsipaddport .nc/dnsipaddport2
cp .nc/awk.txt .nc/awk.txt2
#判断ipaddandport文件是否更改过,更改过就执行下面的配置。
if [ $FCSTAT -eq 0 ] ; then
#复制一个nc服务的配置文件,作为旧的与新的做比较
cp .nc/ipaddandport .nc/ipaddandport3
cp .nc/ipaddandport2 .nc/ipaddandport4
cp .nc/dnsipaddport .nc/dnsipaddport2
cp .nc/awk.txt .nc/awk.txt2
#清空iptables脚本文件
> .nc/iptables.sh
#清空用DNS解析得到的ip地址文件
>.nc/dnsip
#清空存放网关地址的文件
>.nc/gatewayadd
> .nc/iptables.sh
#清空用DNS解析得到的ip地址文件
>.nc/dnsip
#清空存放网关地址的文件
>.nc/gatewayadd
#清空存放目的服务地址的文件
>.nc/targetadd
>.nc/targetadd
#定义每个文件的行数。
IPADDLINE=`wc -l .nc/ipaddandport |awk '{print $1}'`
IPADDLINE2=`wc -l .nc/ipaddandport2 |awk '{print $1}'`
IPADDLINE3=`wc -l .nc/dnsipaddport |awk '{print $1}'`
AWKFILELINE=`wc -l .nc/awk.txt |awk '{print $1}'`
##用于生成iptables.sh脚本文件
#定义循环的次数,根据配置文件ip地址的行数判断
for ((i=1;i<=$IPADDLINE;i++))
do
#提取目标服务器的ip地址
for i1 in `cat .nc/ipaddandport |awk '{print $1}' | head -n $i | tail -n 1 `
do
#提取目标地址到文件
echo $i1 >> .nc/targetadd
#提取到达目标服务器的网关地址
for i2 in `tracepath -n $i1 | head -n 1 |awk '{print $2}'`
do
logger tracepath -n $i1 route address $i2
#提取网关地址到文件
echo $i2 >> .nc/gatewayadd
#生成iptables脚本文件
cat .nc/ipaddandport |awk -F: '{print $1" "$2" "$3}' | awk -vSNAT="$SNATSADD" '{print "iptables -t nat -I POSTROUTING -s"" "SNAT" ""-d"" "$1" ""-p"" "$2" ""--dport"" "$4" ""-j SNAT --to"}' | awk -vSNATTOADD="$i2" '{print $1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "$10" "$11" "$12" "$13" "$14" "$15" "$16" "$17" " SNATTOADD}' |head -n $i |tail -n 1 >> .nc/iptables.sh
done
done
done
#用于生成iptables.sh脚本文件
for ((i=1;i<=$IPADDLINE2;i++))
do
TIME=`date +%s`
echo $TIME > .nc/time
sh -x .nc/while &>$NULL &
#提取目标服务器的ip地址
for i2 in `cat .nc/ipaddandport2 |awk '{print $1}' | head -n $i | tail -n 1 `
do
#提取目标地址到文件
echo $i2 >> .nc/targetadd
#提取到达目标服务器的网关地址
for i3 in `tracepath -n $i2 | head -n 1 |awk '{print $2}'`
do
logger tracepath $i2 route address $i3
#提取网关地址到文件
echo $i3 >> .nc/gatewayadd
IPADDLINE=`wc -l .nc/ipaddandport |awk '{print $1}'`
IPADDLINE2=`wc -l .nc/ipaddandport2 |awk '{print $1}'`
IPADDLINE3=`wc -l .nc/dnsipaddport |awk '{print $1}'`
AWKFILELINE=`wc -l .nc/awk.txt |awk '{print $1}'`
##用于生成iptables.sh脚本文件
#定义循环的次数,根据配置文件ip地址的行数判断
for ((i=1;i<=$IPADDLINE;i++))
do
#提取目标服务器的ip地址
for i1 in `cat .nc/ipaddandport |awk '{print $1}' | head -n $i | tail -n 1 `
do
#提取目标地址到文件
echo $i1 >> .nc/targetadd
#提取到达目标服务器的网关地址
for i2 in `tracepath -n $i1 | head -n 1 |awk '{print $2}'`
do
logger tracepath -n $i1 route address $i2
#提取网关地址到文件
echo $i2 >> .nc/gatewayadd
#生成iptables脚本文件
cat .nc/ipaddandport |awk -F: '{print $1" "$2" "$3}' | awk -vSNAT="$SNATSADD" '{print "iptables -t nat -I POSTROUTING -s"" "SNAT" ""-d"" "$1" ""-p"" "$2" ""--dport"" "$4" ""-j SNAT --to"}' | awk -vSNATTOADD="$i2" '{print $1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "$10" "$11" "$12" "$13" "$14" "$15" "$16" "$17" " SNATTOADD}' |head -n $i |tail -n 1 >> .nc/iptables.sh
done
done
done
#用于生成iptables.sh脚本文件
for ((i=1;i<=$IPADDLINE2;i++))
do
TIME=`date +%s`
echo $TIME > .nc/time
sh -x .nc/while &>$NULL &
#提取目标服务器的ip地址
for i2 in `cat .nc/ipaddandport2 |awk '{print $1}' | head -n $i | tail -n 1 `
do
#提取目标地址到文件
echo $i2 >> .nc/targetadd
#提取到达目标服务器的网关地址
for i3 in `tracepath -n $i2 | head -n 1 |awk '{print $2}'`
do
logger tracepath $i2 route address $i3
#提取网关地址到文件
echo $i3 >> .nc/gatewayadd
#生成iptables脚本文件
cat .nc/ipaddandport2 |cut -d : -f 1,3-4 | awk -F: '{print $1" "$2" "$3$4}' | awk -vSNAT="$SNATSADD" '{print "iptables -t nat -I POSTROUTING -s"" "SNAT" ""-d"" "$1" ""-p"" "$2" ""--dport"" "$3":"$4" ""-j SNAT --to"}' | grep -v ': -j' |grep -v ';' | awk -vSNATTOADD="$i3" '{print $1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "$10" "$11" "$12" "$13" "$14" "$15" "$16" "$17" " SNATTOADD}' |head -n $i |tail -n 1 >>.nc/iptables.sh
done
done
done
##用于生成iptables.sh脚本文件
#定义循环的次数,根据配置文件ip地址的行数判断
for ((i=1;i<=$IPADDLINE3;i++))
do
#提取目标服务的域名地址
for i2 in `cat .nc/dnsipaddport |awk '{print $1}' | head -n $i |tail -n 1 `
do
#将域解析成iP地址
nslookup $i2 |tail -n 2 |awk '{print $2}' |head -n 1 |head -n $i |tail -n 1 >> .nc/dnsip
#提取解析完成的iP地址
for i5 in `cat .nc/dnsip | head -n $i | tail -n 1 `
do
#提取目标地址到文件
echo $i5 >> .nc/targetadd
#提取到达目标服务器的网关地址
for i3 in `tracepath -n $i5 | head -n 1 |awk '{print $2}'`
do
logger tracepath $i5 route address $i3
#提取网关地址到文件
echo $i3 >> .nc/gatewayadd
#生成iptables的脚本文件
cat .nc/dnsipaddport | cut -d : -f 1,3-4 | awk -vIPADD="$i5" -F: '{print IPADD" "$1" "$2 }'|awk '{print $1" "$3" "$4}' | awk -vSNAT="$SNATSADD" '{print "iptables -t nat -I POSTROUTING -s"" "SNAT" ""-d"" " $1 " ""-p"" "$2" ""--dport"" "$3" "$4" ""-j SNAT --to"}' | awk -vSNATTOADD="$i3" '{print $1 " "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "$10" "$11" "$12" "$13" "$14" "$15" "$16" "$17" " SNATTOADD}' |head -n $i |tail -n 1 >> .nc/iptables.sh
done
done
done
done
for ((i=0;i<=$AWKFILELINE;i++))
do
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$2" "$3}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$4" "$5}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$6" "$7}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$8" "$9}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$10" "$11}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$12" "$13}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$14" "$15}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$16" "$17}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$18" "$19}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$20" "$21}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$22" "$23}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$24" "$25}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$26" "$27}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$28" "$29}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$30" "$31}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$32" "$33}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$34" "$35}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$36" "$37}' >>.nc/awkaddre.txt
cat .nc/awkaddre.txt |sort -u | grep TCP > .nc/awkadd ; cat .nc/awkadd >> .nc/awkaddress.txt
cat .nc/awkaddre.txt |sort -u | grep UDP > .nc/awkadd ; cat .nc/awkadd >> .nc/awkaddress.txt
done
#生成包含一次配置很多条目的iptables脚本
AWKFILELINE=`wc -l .nc/awkaddress.txt |awk '{print $1}'`
for ((i=1;i<=$AWKFILELINE;i++))
do
for i2 in `cat .nc/awkaddress.txt |awk '{print $1}' | head -n $i | tail -n 1 `
do
#提取目标地址到文件
echo $i2 >> .nc/targetadd
#提取到达目标服务器的网关地址
for i3 in `tracepath -n $i2 | head -n 1 |awk '{print $2}'`
do
logger tracepath $i2 route address $i3
#提取网关地址到文件
echo $i3 >> .nc/gatewayadd
#生成iptables脚本文件
filestatus=`grep ':' .nc/awkaddress.txt > $NULL ; echo $?`
#当filestatus等于0时,说明包含多个有同个ip地址有多个端口的条目
if [ $filestatus -eq 0 ] ; then
cat .nc/awkaddress.txt | grep -v ':' > .nc/awkadd ; cat .nc/awkadd > .nc/awkaddress2.txt
cat .nc/awkaddress2.txt | awk -vSNAT="$SNATSADD" '{print "iptables -t nat -I POSTROUTING -s"" "SNAT" ""-d"" "$1" ""-p"" "$2" ""--dport"" "$3" ""-j SNAT --to"}' | awk -vSNATTOADD="$i3" '{print $1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "$10" "$11" "$12" "$13" "$14" "$15" "$16" "$17" " SNATTOADD}' |head -n $i |tail -n 1 >>.nc/iptables.sh
cat .nc/awkaddress.txt | grep ':' > .nc/awkadd ; cat .nc/awkadd > .nc/awkaddress3.txt
cat .nc/awkaddress3.txt | awk -vSNAT="$SNATSADD" '{print "iptables -t nat -I POSTROUTING -s"" "SNAT" ""-d"" "$1" ""-p"" "$2" ""--dport"" "$3":"$4}' | cut -d : -f 1,2 | awk -vSNATTOADD="$i3" '{print $1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "$10" "$11" "$12" "$13" "$14" "$15" "$16" "$17 "-j SNAT --to"" " SNATTOADD}' | head -n $i |tail -n 1 >>.nc/iptables.sh
else
cat .nc/ipaddandport2 |cut -d : -f 1,3-4 | awk -F: '{print $1" "$2" "$3$4}' | awk -vSNAT="$SNATSADD" '{print "iptables -t nat -I POSTROUTING -s"" "SNAT" ""-d"" "$1" ""-p"" "$2" ""--dport"" "$3":"$4" ""-j SNAT --to"}' | grep -v ': -j' |grep -v ';' | awk -vSNATTOADD="$i3" '{print $1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "$10" "$11" "$12" "$13" "$14" "$15" "$16" "$17" " SNATTOADD}' |head -n $i |tail -n 1 >>.nc/iptables.sh
done
done
done
##用于生成iptables.sh脚本文件
#定义循环的次数,根据配置文件ip地址的行数判断
for ((i=1;i<=$IPADDLINE3;i++))
do
#提取目标服务的域名地址
for i2 in `cat .nc/dnsipaddport |awk '{print $1}' | head -n $i |tail -n 1 `
do
#将域解析成iP地址
nslookup $i2 |tail -n 2 |awk '{print $2}' |head -n 1 |head -n $i |tail -n 1 >> .nc/dnsip
#提取解析完成的iP地址
for i5 in `cat .nc/dnsip | head -n $i | tail -n 1 `
do
#提取目标地址到文件
echo $i5 >> .nc/targetadd
#提取到达目标服务器的网关地址
for i3 in `tracepath -n $i5 | head -n 1 |awk '{print $2}'`
do
logger tracepath $i5 route address $i3
#提取网关地址到文件
echo $i3 >> .nc/gatewayadd
#生成iptables的脚本文件
cat .nc/dnsipaddport | cut -d : -f 1,3-4 | awk -vIPADD="$i5" -F: '{print IPADD" "$1" "$2 }'|awk '{print $1" "$3" "$4}' | awk -vSNAT="$SNATSADD" '{print "iptables -t nat -I POSTROUTING -s"" "SNAT" ""-d"" " $1 " ""-p"" "$2" ""--dport"" "$3" "$4" ""-j SNAT --to"}' | awk -vSNATTOADD="$i3" '{print $1 " "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "$10" "$11" "$12" "$13" "$14" "$15" "$16" "$17" " SNATTOADD}' |head -n $i |tail -n 1 >> .nc/iptables.sh
done
done
done
done
for ((i=0;i<=$AWKFILELINE;i++))
do
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$2" "$3}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$4" "$5}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$6" "$7}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$8" "$9}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$10" "$11}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$12" "$13}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$14" "$15}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$16" "$17}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$18" "$19}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$20" "$21}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$22" "$23}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$24" "$25}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$26" "$27}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$28" "$29}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$30" "$31}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$32" "$33}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$34" "$35}' >>.nc/awkaddre.txt
cat .nc/awk.txt |head -n $i |tail -n 1 | awk '{print $1" "$36" "$37}' >>.nc/awkaddre.txt
cat .nc/awkaddre.txt |sort -u | grep TCP > .nc/awkadd ; cat .nc/awkadd >> .nc/awkaddress.txt
cat .nc/awkaddre.txt |sort -u | grep UDP > .nc/awkadd ; cat .nc/awkadd >> .nc/awkaddress.txt
done
#生成包含一次配置很多条目的iptables脚本
AWKFILELINE=`wc -l .nc/awkaddress.txt |awk '{print $1}'`
for ((i=1;i<=$AWKFILELINE;i++))
do
for i2 in `cat .nc/awkaddress.txt |awk '{print $1}' | head -n $i | tail -n 1 `
do
#提取目标地址到文件
echo $i2 >> .nc/targetadd
#提取到达目标服务器的网关地址
for i3 in `tracepath -n $i2 | head -n 1 |awk '{print $2}'`
do
logger tracepath $i2 route address $i3
#提取网关地址到文件
echo $i3 >> .nc/gatewayadd
#生成iptables脚本文件
filestatus=`grep ':' .nc/awkaddress.txt > $NULL ; echo $?`
#当filestatus等于0时,说明包含多个有同个ip地址有多个端口的条目
if [ $filestatus -eq 0 ] ; then
cat .nc/awkaddress.txt | grep -v ':' > .nc/awkadd ; cat .nc/awkadd > .nc/awkaddress2.txt
cat .nc/awkaddress2.txt | awk -vSNAT="$SNATSADD" '{print "iptables -t nat -I POSTROUTING -s"" "SNAT" ""-d"" "$1" ""-p"" "$2" ""--dport"" "$3" ""-j SNAT --to"}' | awk -vSNATTOADD="$i3" '{print $1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "$10" "$11" "$12" "$13" "$14" "$15" "$16" "$17" " SNATTOADD}' |head -n $i |tail -n 1 >>.nc/iptables.sh
cat .nc/awkaddress.txt | grep ':' > .nc/awkadd ; cat .nc/awkadd > .nc/awkaddress3.txt
cat .nc/awkaddress3.txt | awk -vSNAT="$SNATSADD" '{print "iptables -t nat -I POSTROUTING -s"" "SNAT" ""-d"" "$1" ""-p"" "$2" ""--dport"" "$3":"$4}' | cut -d : -f 1,2 | awk -vSNATTOADD="$i3" '{print $1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "$10" "$11" "$12" "$13" "$14" "$15" "$16" "$17 "-j SNAT --to"" " SNATTOADD}' | head -n $i |tail -n 1 >>.nc/iptables.sh
else
cat .nc/awkaddress.txt | awk -vSNAT="$SNATSADD" '{print "iptables -t nat -I POSTROUTING -s"" "SNAT" ""-d"" "$1" ""-p"" "$2" ""--dport"" "$3" ""-j SNAT --to"}' | awk -vSNATTOADD="$i3" '{print $1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "$10" "$11" "$12" "$13" "$14" "$15" "$16" "$17" " SNATTOADD}' |head -n $i |tail -n 1 >>.nc/iptables.sh
fi
done
done
done
#配置icmp的iptables,允许ping。
ICMPFILELINE=`wc -l .nc/gatewayadd |awk '{print $1}'`
fi
done
done
done
#配置icmp的iptables,允许ping。
ICMPFILELINE=`wc -l .nc/gatewayadd |awk '{print $1}'`
for ((i=1;i<=$ICMPFILELINE;i++))
do
for i2 in `cat .nc/gatewayadd |head -n $i |tail -n 1 `
do
for i3 in `cat .nc/targetadd |head -n $i |tail -n 1 `
do
echo "iptables -t nat -I POSTROUTING -s $SNATSADD -p icmp -d $i3 -j SNAT --to $i2" >> .nc/iptables.sh
done
done
done
#清空之前配置的iptables,并执行iptables.sh脚本
cat .nc/iptables.sh |sort -u > .nc/awkipadd ; cat .nc/awkipadd > .nc/iptables.sh
iptables -t nat -F
iptables -t nat -X
chmod a+x .nc/iptables.sh
./.nc/iptables.sh
fi
fi
sleep 5
done
do
for i2 in `cat .nc/gatewayadd |head -n $i |tail -n 1 `
do
for i3 in `cat .nc/targetadd |head -n $i |tail -n 1 `
do
echo "iptables -t nat -I POSTROUTING -s $SNATSADD -p icmp -d $i3 -j SNAT --to $i2" >> .nc/iptables.sh
done
done
done
#清空之前配置的iptables,并执行iptables.sh脚本
cat .nc/iptables.sh |sort -u > .nc/awkipadd ; cat .nc/awkipadd > .nc/iptables.sh
iptables -t nat -F
iptables -t nat -X
chmod a+x .nc/iptables.sh
./.nc/iptables.sh
fi
fi
sleep 5
done
本文转自zhaoyun00 51CTO博客,原文链接:http://blog.51cto.com/zhaoyun/717052
