Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- export DEBUG= # uncomment/comment to enable/disable debug mode
- # name: tomato-ftp-remote-port.sh
- # version: 1.1.0, 10-jun-2021, by eibgrad
- # purpose: assign external ftp port without changing internal ftp port
- # script type: firewall
- # installation:
- # 1. make sure ftp server is configured as "Yes, WAN and LAN"
- # 2. choose preferred external/remote port
- # 3. install this script in firewall script
- # 4. reboot
- (
- [ ${DEBUG+x} ] && set -x
- LAN_IP="$(nvram get lan_ipaddr)"
- FTP_LPORT="$(nvram get ftp_port)"
- FTP_RPORT=2121 # change to preferred external/remote port
- NUL_PORT=65535 # any *unused* internal port on router
- ipt() {
- local rule="$@"
- # precede insert/append w/ deletion to avoid dupes
- while iptables ${rule/-[IA]/-D} 2>/dev/null; do :; done
- iptables $rule
- }
- # deny access over WAN to internal/local ftp port
- ipt -t nat -I WANPREROUTING -p tcp --dport $FTP_LPORT -j DNAT --to $LAN_IP:$NUL_PORT
- # redirect external/remote ftp port to internal/local ftp port
- ipt -t nat -I WANPREROUTING -p tcp --dport $FTP_RPORT -j DNAT --to $LAN_IP:$FTP_LPORT
- ) 2>&1 | logger -t $(basename $0)[$$]
Advertisement
Add Comment
Please, Sign In to add comment
