#!/bin/bash EXT_IP=$1 # eth0 IP, real IP INT_IP="10.0.3.1" # lxcbr0 IP, inner LXC gw IP EXT_IF=eth0 # external network interface INT_IF=lxcbr0 # internal network interface FAKE_PORT=$2 # 1-st parameter, ENTER port on eth0 interface LAN_IP=$3 # 2-nd parameter, LXC inner IP SRV_PORT=$4 # LXC geronimo port # Feel the power of the Dark side... iptables -t nat -A PREROUTING -d $EXT_IP -p tcp -m tcp --dport $FAKE_PORT -j DNAT --to-destination $LAN_IP:$SRV_PORT iptables -t nat -A POSTROUTING -d $LAN_IP -p tcp -m tcp --dport $SRV_PORT -j SNAT --to-source $INT_IP iptables -t nat -A OUTPUT -d $EXT_IP -p tcp -m tcp --dport $SRV_PORT -j DNAT --to-destination $LAN_IP iptables -I FORWARD 1 -i $EXT_IF -o $INT_IF -d $LAN_IP -p tcp -m tcp --dport $SRV_PORT -j ACCEPT