[LINUX] REDIRECT TO INTERNAL USING WIREGUARD - fourslickz/notes GitHub Wiki
Dokumentasi NAT & Port Forwarding
Informasi Server
- Interface Publik:
eth0
→ 103.175.216.168/23
- Interface VPN (WireGuard):
wg0
→ 10.2.0.0/24
Mapping Port
Public Port |
Private IP |
Private Port |
Keterangan |
8203 |
10.2.0.3 |
8291 |
Winbox Router |
8300 |
10.2.0.4 |
22 |
SSH Server |
8400 |
10.2.0.5 |
3389 |
RDP Windows Server |
Script Iptables port-forward.sh
#!/bin/bash
WAN_IF="eth0"
WG_IF="wg0"
# Format MAPPINGS: WAN_PORT:LAN_IP:LAN_PORT
MAPPINGS=(
"8203:10.2.0.3:8291" # Winbox Mikrotik
"8204:10.2.0.4:22" # SSH ke host lain
"8300:10.2.0.5:3000" # Web app di WireGuard host
)
for MAP in "${MAPPINGS[@]}"; do
WAN_PORT=$(echo $MAP | cut -d: -f1)
LAN_IP=$(echo $MAP | cut -d: -f2)
LAN_PORT=$(echo $MAP | cut -d: -f3)
echo "[*] Membersihkan rule lama untuk $WAN_IF:$WAN_PORT -> $LAN_IP:$LAN_PORT"
# Hapus rule lama
iptables -t nat -D PREROUTING -i $WAN_IF -p tcp --dport $WAN_PORT -j DNAT --to-destination $LAN_IP:$LAN_PORT 2>/dev/null
iptables -D FORWARD -i $WAN_IF -o $WG_IF -p tcp -d $LAN_IP --dport $LAN_PORT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT 2>/dev/null
iptables -D FORWARD -i $WG_IF -o $WAN_IF -p tcp -s $LAN_IP --sport $LAN_PORT -m state --state ESTABLISHED,RELATED -j ACCEPT 2>/dev/null
iptables -t nat -D POSTROUTING -o $WG_IF -d $LAN_IP -p tcp --dport $LAN_PORT -j MASQUERADE 2>/dev/null
echo "[*] Menambahkan rule baru $WAN_IF:$WAN_PORT -> $LAN_IP:$LAN_PORT"
# Tambahkan rule baru
iptables -t nat -A PREROUTING -i $WAN_IF -p tcp --dport $WAN_PORT -j DNAT --to-destination $LAN_IP:$LAN_PORT
iptables -A FORWARD -i $WAN_IF -o $WG_IF -p tcp -d $LAN_IP --dport $LAN_PORT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $WG_IF -o $WAN_IF -p tcp -s $LAN_IP --sport $LAN_PORT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o $WG_IF -d $LAN_IP -p tcp --dport $LAN_PORT -j MASQUERADE
done
echo "[+] Semua rule multi-port & multi-IP sudah dibersihkan & ditambahkan ulang."