This is originally taken from Merlin's Wiki. I have adapted the script so that I can make multiple ports forward with one script. However I need a fresh pair of eyes, it isn't working properly. I can't access the forwarded port. It tries for a while and eventually fails. Any insight? My scripting ability is a work in progress.
Code:
#!/bin/sh
##EXAMPLE
#bfs_portforward eth0 QBELT 3443 192.168.1.241 60 5
IFACE=$1
NAME=$2
PORT=$3
SERVER=$4
SECONDS=$5
HITCOUNT=$6
logger "firewall" "Applying $NAME Brute Force rules"
# create a new chain $NAMEVSBFP
iptables --new "$NAME"VSBFP --table nat
# add rule: add the source IP to the $NAMEVS match list table using the 'recent' match extension
iptables --append "$NAME"VSBFP --table nat --match recent --set --name "$NAME"VS --rsource
# add rule: deny if address has been seen in the $NAMEVS match list more than $HITCOUNT times in the last $SECONDS seconds
iptables --append "$NAME"VSBFP --table nat --match recent --update --name "$NAME"VS --seconds $SECONDS --hitcount $HITCOUNT --rsource --jump RETURN
# add rule: forward packets on port $PORT to $SERVER using the DNAT target extension
iptables --append "$NAME"VSBFP --table nat --proto tcp --dport $PORT --match state --state NEW --jump DNAT --to-destination $SERVER
# add the chain created above to the VSERVER chain and apply to interface $IFACE (public interface)
iptables --insert VSERVER --table nat --in-interface $IFACE --proto tcp --dport $PORT --match state --state NEW --jump "$NAME"VSBFP
