3 # /usr/sbin/dnsmasq-portforward
5 # A script which gets run when the dnsmasq DHCP lease database changes.
6 # It logs to $LOGFILE, if it exists, and maintains port-forwards using
7 # IP-tables so that they always point to the correct host. See
8 # $PORTSFILE for details on configuring this. dnsmasq must be version 2.34
11 # To enable this script, add
12 # dhcp-script=/usr/sbin/dnsmasq-portforward
13 # to /etc/dnsmasq.conf
15 # To enable logging, touch $LOGFILE
18 PORTSFILE=/etc/portforward
19 LOGFILE=/var/log/dhcp.log
20 IPTABLES=/sbin/iptables
25 # log what's going on.
26 if [ -f ${LOGFILE} ] ; then
27 date +"%D %T $*" >>${LOGFILE}
30 # If a lease gets stripped of a name, we see that as an "old" action
31 # with DNSMASQ_OLD_HOSTNAME set, convert it into a "del"
32 if [ ${DNSMASQ_OLD_HOSTNAME} ] && [ ${action} = old ] ; then
34 hostname=${DNSMASQ_OLD_HOSTNAME}
37 # action init is not relevant, and will only be seen when leasefile-ro is set.
38 if [ ${action} = init ] ; then
42 if [ ${hostname} ]; then
43 ports=$(sed -n -e "/^${hostname}\ .*/ s/^.* //p" ${PORTSFILE})
45 for port in $ports; do
48 if [ ${port:0:1} = u ] ; then
54 # delete first, to avoid multiple copies of rules.
55 ${IPTABLES} -t nat -D PREROUTING -p $protocol --destination-port $src -j DNAT --to-destination ${3}:$dst
56 if [ ${action} != del ] ; then
57 ${IPTABLES} -t nat -A PREROUTING -p $protocol --destination-port $src -j DNAT --to-destination ${3}:$dst
60 if [ -f ${LOGFILE} ] ; then
61 echo " DNAT $protocol $src to ${3}:$dst ${verb}." >>${LOGFILE}