public bool ConfigSNAT(FWDeviceForm fw_dev, string EthName, string devIP, string EthIP, bool add_delete)
{
string flag = ""; string configEth_bridge = ""; string configInfo = ""; string configEth_IP = ""; string sql_rule = "";
string rule = "iptables -t nat -A POSTROUTING -s " + devIP + " -o br0 -j SNAT --to-source " + fw_dev.getDev_IP();
if (add_delete)
{
flag = "NAT1";
configEth_bridge = "brctl delif br0 " + EthName;//先将网口从网桥上删除
configEth_IP = "ifconfig " + EthName + " " + EthIP + " netmask 255.255.255.0" + " up";
configInfo = flag + configEth_bridge + " && " + configEth_IP + " && " + rule;
sql_rule = "INSERT INTO SNAT values " + "('" + fw_dev.getDev_IP() + "','" + devIP + "','" + EthName + "','" + EthIP + "','" + fw_dev.getDev_IP() + "')";
}
else if (!add_delete)
{
flag = "NAT0";
configEth_bridge = "brctl addif br0 " + EthName;
configEth_IP = "ifconfig " + EthName + " " + "0.0.0.0 up";
configInfo = flag + configEth_IP + " && " + configEth_bridge + " && " + rule;
sql_rule = "DELETE FROM SNAT where (fwIP='" + fw_dev.getDev_IP() + "' and origin_devIP='" + devIP + "'" +
" and EthName='" + EthName + "' and EthIP='" + EthIP + "' and NATIP='" + fw_dev.getDev_IP() + "')";
}
fw_dev.setDev_port(22222);
NATdb_operate.dboperate(sql_rule);
SendInfo sendcmd = new SendInfo(fw_dev);
return(sendcmd.SendConfigInfo(configInfo));
}
public bool ConfigSNAT(FWDeviceForm fw_dev, string EthName, string devIP, string EthIP, bool add_delete)
{
string flag = ""; string configEth_bridge = ""; string configInfo = ""; string configEth_IP = "";
string rule = "iptables -t nat -A POSTROUTING -s " + devIP + " -o br0 -j SNAT --to-source " + fw_dev.getDev_IP();
if (add_delete)
{
flag = "$";
configEth_bridge = "brctl delif br0 " + EthName;//先将网口从网桥上删除
configEth_IP = "ifconfig " + EthName + " " + EthIP + " netmask 255.255.255.0" + " up";
configInfo = flag + configEth_bridge + " & " + configEth_IP + " & " + rule;
}
if (!add_delete)
{
flag = "#";
configEth_bridge = "brctl addif br0 " + EthName;
configEth_IP = "ifconfig " + EthName + " " + "0.0.0.0 up";
configInfo = flag + configEth_IP + " & " + configEth_bridge + " & " + rule;
}
fw_dev.setDev_port(22222);
SendInfo sendcmd = new SendInfo(fw_dev);
if (sendcmd.SendConfigInfo(configInfo))
{
return(true);
}
else
{
return(false);
}
}
bool INoIPConfig.NoipConfig(FWDeviceForm fw_dev)
{
string cmd = "ifconfig br0 down && ifconfig br0 0.0.0.0 up";
fw_dev.setDev_port(22222);
/*
*本身就无IP的防火墙不能配置为无IP模式
*/
if (fw_dev.getDev_IP() == "0.0.0.0")
{
return(false);
}
SendInfo sendcmd = new SendInfo(fw_dev);
if (sendcmd.SendConfigInfo(cmd))
{
fw_dev.setDev_IP("0.0.0.0");
return(true);
}
else
{
return(false);
}
}
public bool ClearNATRules(FWDeviceForm fw_dev)
{
string rule = "iptables -t nat -F";
fw_dev.setDev_port(22222);
SendInfo sendcmd = new SendInfo(fw_dev);
return(sendcmd.SendConfigInfo(rule));
}
/* 监听扫描返回数据包端口 */
public void listenCheckResult()
{
while (true)
{
byte[] content = listener.Receive(ref groupEP);
confirm = Encoding.Default.GetString(content);
if ((confirm.IndexOf("firedeviceConfirm")) != -1)
{
#if debug
Console.WriteLine("捕获到返回信息!!!");
#endif
string[] sArray_IP_MAC = confirm.Split('&');
string fw_IP = sArray_IP_MAC[0]; //防火墙IP
string dev_mac = sArray_IP_MAC[1]; //受保护设备MAC
string fw_mac = sArray_IP_MAC[2]; //防火墙MAC
string dev_IP = sArray_IP_MAC[4]; //受保护设备IP
if (fw_IP != "0.0.0.0" && (fwMAC_list.Contains(fw_mac))) //如果已经存在
{
foreach (FWDeviceForm fwdev in fw_list)
{
if (fwdev.getDev_MAC() == fw_mac)
{
if (!fwdev.getProtecDevIP_list().Contains(dev_IP))
{
ProtecDeviceForm protecDev = new ProtecDeviceForm(dev_IP, dev_mac);
fwdev.addProtecDev(protecDev);
fwdev.addProtecDevIP(dev_IP);
}
}
}
}
else
{
FWDeviceForm fw_dev = new FWDeviceForm(fw_IP, 22222, fw_mac);
fw_dev.addProtecDev(new ProtecDeviceForm(dev_IP, dev_mac));
fw_dev.addProtecDevIP(dev_IP);
fwMAC_list.Add(fw_mac);
fw_list.Add(fw_dev);
}
#if debug
Console.WriteLine("保存设备信息!!!");
#endif
}
else
{
Console.WriteLine("未扫描到设备");
}
}
}
public bool ConfigDNAT(FWDeviceForm fw_dev, string Original_DIP, string Original_dport, string Map_IP, string Map_port, bool add_delete)
{
string flag = ""; string pre_rule = "";//string post_rule = "";
string sql_rule = "";
if (Original_dport != "any" & Map_port != "any")
{
pre_rule = "iptables -t nat -A PREROUTING -d" + " " + Original_DIP + " " + "-p tcp --dport " + Original_dport
+ " -j DNAT --to-destination " + Map_IP + ":" + Map_port;
//post_rule = "iptables -t nat -A POSTROUTING -d"+" "+Map_IP+" "+"-p tcp --dport "+Map_port
// +" -j SNAT --to "+Original_DIP+":"+Original_dport;
}
if (Original_dport != "any" & Map_port == "any")
{
pre_rule = "iptables -t nat -A PREROUTING -d" + " " + Original_DIP + " " + "-p tcp --dport " + Original_dport
+ " -j DNAT --to-destination " + Map_IP;
}
if (Original_dport == "any" & Map_port != "any")
{
pre_rule = "iptables -t nat -A PREROUTING -d" + " " + Original_DIP + " " + "-p tcp " + " -j DNAT --to-destination " + Map_IP + ":" + Map_port;
}
if (Original_dport == "any" & Map_port == "any")
{
pre_rule = "iptables -t nat -A PREROUTING -d" + " " + Original_DIP + " " + "-p tcp " + " -j DNAT --to-destination " + Map_IP;
}
if (add_delete)
{
flag = "NAT1";
sql_rule = "INSERT INTO dnat values " + "('" + fw_dev.getDev_IP() + "','" + Original_DIP + "','" + Original_dport + "','" + Map_IP + "','" + Map_port + "')";
}
else if (!add_delete)
{
flag = "NAT0";
sql_rule = "DELETE FROM DNAT where " + "(fwIP='" + fw_dev.getDev_IP() + "' and origin_dstIP='" + Original_DIP + "'" +
" and origin_dport='" + Original_dport + "' and map_IP='" + Map_IP + "' and map_port='" + Map_port + "')";
}
string configrule = flag + pre_rule;
fw_dev.setDev_port(22222);
SendInfo sendcmd = new SendInfo(fw_dev);
NATdb_operate.dboperate(sql_rule);
return(sendcmd.SendConfigInfo(configrule));
}
public bool ConfigDNAT(FWDeviceForm fw_dev, string Original_DIP, string Original_dport, string Map_IP, string Map_port, bool add_delete)
{
string flag = ""; string pre_rule = "";//string post_rule = "";
if (Original_dport != "any" & Map_port != "any")
{
pre_rule = "iptables -t nat -A PREROUTING -d" + " " + Original_DIP + " " + "-p tcp --dport " + Original_dport
+ " -j DNAT --to-destination " + Map_IP + ":" + Map_port;
//post_rule = "iptables -t nat -A POSTROUTING -d"+" "+Map_IP+" "+"-p tcp --dport "+Map_port
// +" -j SNAT --to "+Original_DIP+":"+Original_dport;
}
if (Original_dport != "any" & Map_port == "any")
{
pre_rule = "iptables -t nat -A PREROUTING -d" + " " + Original_DIP + " " + "-p tcp --dport " + Original_dport
+ " -j DNAT --to-destination " + Map_IP;
}
if (Original_dport == "any" & Map_port != "any")
{
pre_rule = "iptables -t nat -A PREROUTING -d" + " " + Original_DIP + " " + "-p tcp " + " -j DNAT --to-destination " + Map_IP + ":" + Map_port;
}
if (Original_dport == "any" & Map_port == "any")
{
pre_rule = "iptables -t nat -A PREROUTING -d" + " " + Original_DIP + " " + "-p tcp " + " -j DNAT --to-destination " + Map_IP;
}
if (add_delete)
{
flag = "NAT1";
string rfule = fw_dev.getDev_IP() + " " + Original_DIP + " " + Original_dport + " " + Map_IP + " " + Map_port;
of.SaveRules(rfule, "dnat");
}
else if (!add_delete)
{
flag = "NAT0";
string rfule = fw_dev.getDev_IP() + " " + Original_DIP + " " + Original_dport + " " + Map_IP + " " + Map_port;
of.DeleteRules(rfule, "dnat");
}
string configrule = flag + pre_rule;
fw_dev.setDev_port(22222);
SendInfo sendcmd = new SendInfo(fw_dev);
return(sendcmd.SendConfigInfo(configrule));
}
static void Main(string[] args)
{
//IAPCRulesManage apc = new APCRulesManage();
//apc.ApplicationProtocolControl("172.16.10.1", "http", true);
//IARPProtect arp = new ARPProtect();
//arp.configARPRules("172.16.10.1", "172.16.10.2", "172.16.10.254", false);
//ICNCRulesManage cnc = new CNCRulesManage();
//cnc.DelCNCRules("172.16.10.1", true, 52, "172.16.10.2", "172.16.10.3", "502", "205");
DeviceForm dev = new DeviceForm("172.16.10.1", 502);
FWDeviceForm fw = new FWDeviceForm("172.16.10.2", 22222, "ff:ff:ff:ff:ff:ff");
//IConfigRules dpi = new ConfigDPIRules(dev);
//ModbusTcpRulesForm modbus = new ModbusTcpRulesForm();
//OPCRulesForm opc = new OPCRulesForm();
//DNP3RulesForm dnp = new DNP3RulesForm();
////dpi.ConfigModbusTcpRules(modbus,true,false);
////dpi.ConfigOPCRules(opc,true,false);
//dpi.ConfigDNP3Rules(dnp,true,false);
IConfigureNAT nat = new ConfigureNAT();
//nat.ConfigSNAT(fw,"eth0","192.168.10.3","172.16.10.3",false);
//nat.ConfigDNAT(fw,"192.16.10.1","55","172.16.10.1","55",false);
IConfigWhiteLists whl = new ConfigWhiteLists();
//whl.ChangeWhiteLists("172.16.10.1", "172.16.10.2", "172.16.10.254","205","502",true,false);
IPRTRulesManage prt = new PRTRulesManage();
//prt.DefaultRouteConfig("172.16.10.1",false,"eth0","172.16.10.254");
//prt.HostRouteConfig("172.16.10.1",false,"172.16.10.2","eth0","172.16.10.254");
//prt.NetRouteConfig("172.16.10.1", false, "172.16.10.2", "255.255.255.0","eth0", "172.16.10.254");
ISTDRulesManage std = new STDRulesManage();
std.DelSTDRules("172.16.10.1", true, "tcp", "172.16.10.2", "172.16.10.3", "22222", "33333");
// IDevicesCheck devConfirm = new DevicesCheck();
// List<FWDeviceForm> fws = devConfirm.CheckDevices("172.16.10.9", "172.16.10.10");
// Console.WriteLine("打印扫描结果 :");
// IReceiveLog log = new ReceiveLog();
// log.Save_DisplayLog(true);
// foreach (FWDeviceForm fw in fws)
// {
// string fwip = fw.getDev_IP();
// string fwmac = fw.getDev_MAC();
// List<ProtecDeviceForm> protecDev_list = fw.getProtecDev_list();
// Console.WriteLine("防火墙设备IP : {0} 防火墙设备MAC : {1}", fwip, fwmac);
// Console.WriteLine("关联的受保护设备 :");
// if (fwip != "0.0.0.0")
// {
// foreach (var item in protecDev_list)
// {
// string dev_type = item.getDev_type();
// Console.WriteLine("IP {0} MAC {1} 设备制造商 {2}", item.getDev_IP(), item.getDev_MAC(), dev_type);
// }
// }
// else Console.WriteLine("防火墙为无IP模式");
// }
// //IARPProtect tes = new ARPProtect();
// //tes.configARPRules("172.16.10.9", "172.16.10.254", "08:57:00:e5:87:a7", true);
#if debug
Console.ReadLine();
#endif
}