Enhance port forwarding functionality in trojan.sh

- Add dynamic port forwarding configuration - Implement port forward rule saving and persistence - Add option to remove all port forwarding rules - Improve error handling and user experience - Update start menu to include port mapping removal option
2025-02-06 01:52:27 +08:00
parent 764858d115
commit 6bc04ed138
1 changed files with 72 additions and 3 deletions
--- a/trojan.sh
+++ b/trojan.sh
@@ -382,6 +382,10 @@ function remove_trojan(){
    rm -rf /usr/src/trojan-cert/
    rm -rf /usr/share/nginx/html/*
    rm -rf /etc/nginx/
+    
+    # 删除所有端口转发规则
+    remove_all_port_forwards
+    
    green "=============="
    green "trojan删除完毕"
    green "=============="
@@ -398,9 +402,54 @@ function check_port() {
    fi
 }
 function port_forward(){
-    iptables -t nat -A PREROUTING -p tcp --dport 49000:49010 -j REDIRECT --to-ports 443
+    # 检查是否为root用户
+    if [ $EUID -ne 0 ]; then
+        red "错误：请以root用户运行此脚本"
+        exit 1
+    fi
+    
+    # 检查iptables是否安装
+    if ! command -v iptables &> /dev/null; then
+        red "错误：iptables未安装"
+        green "正在安装iptables..."
+        $systemPackage install -y iptables
+    fi
+    
    green "=========================="
-    green "已将49000-50000端口转发至443"
+    green "请输入要转发的起始端口(默认49000):"
+    read -p "" start_port
+    start_port=${start_port:-49000}
+    
+    green "请输入要转发的结束端口(默认49010):"
+    read -p "" end_port
+    end_port=${end_port:-49010}
+    
+    # 添加端口转发规则
+    iptables -t nat -A PREROUTING -p tcp --dport ${start_port}:${end_port} -j REDIRECT --to-ports 443
+    
+    # 安装 iptables-persistent 来保存规则
+    if [ "$release" == "ubuntu" ] || [ "$release" == "debian" ]; then
+        $systemPackage install -y iptables-persistent
+        # 保存规则
+        netfilter-persistent save
+        # 设置开机自动加载
+        systemctl enable netfilter-persistent
+    elif [ "$release" == "centos" ]; then
+        # CentOS 保存规则
+        service iptables save
+        # 设置开机自动加载
+        systemctl enable iptables
+    fi
+    
+    # 验证规则是否添加成功
+    if ! iptables -t nat -C PREROUTING -p tcp --dport ${start_port}:${end_port} -j REDIRECT --to-ports 443 &>/dev/null; then
+        red "端口转发规则添加失败"
+        exit 1
+    fi
+    
+    green "=========================="
+    green "已将${start_port}-${end_port}端口转发至443"
+    green "规则已保存并设置开机自动加载"
    green "=========================="
 }
 function update_trojan(){
@@ -428,6 +477,22 @@ function update_trojan(){
   
 }
 
+function remove_all_port_forwards(){
+    # 获取所有 PREROUTING 规则
+    rules=$(iptables -t nat -L PREROUTING -n --line-numbers | grep REDIRECT | awk '{print $1}' | tac)
+    
+    for rule in $rules; do
+        iptables -t nat -D PREROUTING $rule
+    done
+    
+    # 保存更改
+    if [ "$release" == "ubuntu" ] || [ "$release" == "debian" ]; then
+        netfilter-persistent save
+    elif [ "$release" == "centos" ]; then
+        service iptables save
+    fi
+}
+
 start_menu(){
    clear
    green " ======================================="
@@ -442,7 +507,8 @@ start_menu(){
    green " 1. 安装trojan"
    red " 2. 卸载trojan"
    green " 3. 升级trojan"
-    green " 4. 端口映射"    
+    green " 4. 添加端口映射"    
+    red " 5. 删除端口映射"
    blue " 0. 退出脚本"
    echo
    read -p "请输入数字 :" num
@@ -459,6 +525,9 @@ start_menu(){
    4)
    port_forward
    ;;
+    5)
+    remove_all_port_forwards
+    ;;
    0)
    exit 1
    ;;