def test_rules():
redir = Redirector()
redir.localaddr = "1.2.3.4"
assert "-j DNAT -p tcp -m multiport --destination-ports 123 --to-destination 1.2.3.4:555" == \
redir._create_nat_rule("tcp", [123], 555)
assert "-j DNAT -p tcp -m multiport --destination-ports 123,456 --to-destination 1.2.3.4:555" == \
redir._create_nat_rule("tcp", [123, 456], 555)
assert "-j DNAT -p tcp -m multiport --destination-ports 123,456 --to-destination 1.2.3.4" == \
redir._create_nat_rule("tcp", [123, 456], None)
assert "-j DNAT -p tcp --to-destination 1.2.3.4:555" == redir._create_nat_rule(
"tcp", [], outport=555)
assert "-j DNAT --to-destination 1.2.3.4" == redir._create_nat_rule(
None, [], None)
def test_rules():
redir = Redirector()
redir.localaddr = "1.2.3.4"
assert "-j DNAT -p tcp -m multiport --destination-ports 123 --to-destination 1.2.3.4:555" == \
redir._create_nat_rule("tcp", [123], 555)
assert "-j DNAT -p tcp -m multiport --destination-ports 123,456 --to-destination 1.2.3.4:555" == \
redir._create_nat_rule("tcp", [123, 456], 555)
assert "-j DNAT -p tcp -m multiport --destination-ports 123,456 --to-destination 1.2.3.4" == \
redir._create_nat_rule("tcp", [123, 456], None)
assert "-j DNAT -p tcp --to-destination 1.2.3.4:555" == redir._create_nat_rule("tcp", [], outport=555)
assert "-j DNAT --to-destination 1.2.3.4" == redir._create_nat_rule(None, [], None)
def redirection(config, listeners):
"""Setup port forwarding and redirection for the given listeners/config.
"""
if not Redirector.available():
log.warn("Connection redirection enabled but not available. "
"Ensure 'iptables' is installed and current user has sufficient privileges.")
return
if Redirector.existing_rules():
log.warn("Existing rules found in iptables. Not enabling connection redirection in case of conflict.")
return
redir = Redirector()
# pass through all listener ports
for listener in [ x for x in listeners if x.socktype in ['SSL', 'TCP'] ]:
redir.add_forwarding("tcp", listener.ports)
# pass through any explicitly excluded ports
exclusions = list(parseints(config.cfg.get("redirection", "port_exclusions")))
if exclusions:
redir.add_forwarding("tcp", exclusions)
# forward all other ports to generic listener
generic = config.cfg.get("redirection", "port_forwarding")
if generic:
redir.add_forwarding("tcp", outport=generic)
# forward all protocols to local address
redir.add_forwarding()
def redirection(config, listeners):
"""Setup port forwarding and redirection for the given listeners/config.
"""
if not Redirector.available():
log.warn(
"Connection redirection enabled but not available. "
"Ensure 'iptables' is installed and current user has sufficient privileges."
)
return
if Redirector.existing_rules():
log.warn(
"Existing rules found in iptables. Not enabling connection redirection in case of conflict."
)
return
redir = Redirector()
# pass through all listener ports
for listener in [x for x in listeners if x.socktype in ['SSL', 'TCP']]:
redir.add_forwarding("tcp", listener.ports)
# pass through any explicitly excluded ports
exclusions = list(
parseints(config.cfg.get("redirection", "port_exclusions")))
if exclusions:
redir.add_forwarding("tcp", exclusions)
# forward all other ports to generic listener
generic = config.cfg.get("redirection", "port_forwarding")
if generic:
redir.add_forwarding("tcp", outport=generic)
# forward all protocols to local address
redir.add_forwarding()
