• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 591
  • Last Modified:

Help getting the output from a remote command into a variable.

The following command works fine locally but I need it executed on a remote system and the variable available locally.
natlist=( $(iptables -t nat -L -n | grep "^DNAT"|sed "s/"to:"//g"|sed "s/[a-zA-Z-]//g"|awk '{print $1 "," $2 "," $3}' ) )

I'm aware that "ssh 10.0.0.10 "command"" is the way to do it but I got a bunch of awk errors. I assume my formatting is off.
0
jasonzx
Asked:
jasonzx
  • 5
  • 3
  • 2
1 Solution
 
farzanjCommented:
Please try this:
command='iptables -t nat -L -n'
natlist=$(ssh IPADDR $command)

natlist=$(echo $natlist | grep "^DNAT"|sed "s/"to:"//g"|sed "s/[a-zA-Z-]//g"|awk '{print $1 "," $2 "," $3}' )

Open in new window

0
 
farzanjCommented:
I did not try to understand what you were trying to do.  I am sure I could have written a lot concise expression but if the above worked, this should also work remotely

Change IPADDR with 10.0.0.10
0
 
jasonzxAuthor Commented:
Sorry, was kind of vague.
I'm trying to connect to a remote machine and check the iptable for anything that is currently being NAT'd and put it into an array in the format <internal ip to NAT>, <external IP>, <ip of machine allowed to access the NAT'd address>

I tried your solution but it didn't work(works if I ssh in and run it locally).
I also tried echo'ing ${natlist[*]} between lines 2 and 4. It's all there but merged together and presumably causing it to fail at the 'grep ^DNAT'
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
farzanjCommented:
Ok, here's the deal.

In line 3 above, lets say you put

echo $natlist

Please show me what you see and explain what you want to get out of it.  I will give you the command for it.
0
 
jasonzxAuthor Commented:
echo $natlist returns:
Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT all -- 10.27.27.210 10.27.137.2 to:10.137.1.2 ACCEPT all -- 0.0.0.0/0 65.124.114.145 ACCEPT tcp -- 10.137.30.189 0.0.0.0/0 tcp dpt:80 ACCEPT tcp -- 10.137.0.15 0.0.0.0/0 tcp dpt:80 ACCEPT tcp -- 10.137.30.47 0.0.0.0/0 tcp dpt:80 ACCEPT tcp -- 10.137.30.4 0.0.0.0/0 tcp dpt:80 ACCEPT tcp -- 0.0.0.0/0 10.27.0.0/16 tcp dpt:80 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128 Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- 10.137.1.2 10.27.27.210 to:10.27.137.2 ACCEPT all -- 10.27.137.61 0.0.0.0/0 SNAT all -- !10.27.137.4 0.0.0.0/0 to:10.27.137.4 SNAT all -- !10.27.137.4 0.0.0.0/0 to:10.27.137.4 Chain OUTPUT (policy ACCEPT) target prot opt source destination

At the end, I want natlist to be:
10.27.27.210,10.27.137.2,10.137.1.2

When done locally,
# iptables -t nat -L -n | grep "^DNAT"
looks like:
DNAT       all  --  77.77.77.4           88.88.88.4          to:99.99.99.4
DNAT       all  --  77.77.77.3           88.88.88.3          to:99.99.99.3
DNAT       all  --  77.77.77.2           88.88.88.2          to:99.99.99.2
DNAT       all  --  77.77.77.1           88.88.88.1          to:99.99.99.1

When all is said and done, this is my ultimate goal:
# echo ${oldnatlist[*]}
77.77.77.4,88.88.88.4,99.99.99.4
77.77.77.3,88.88.88.3,99.99.99.3
77.77.77.2,88.88.88.2,99.99.99.2
77.77.77.1,88.88.88.1,99.99.99.1
0
 
farzanjCommented:
See if this works. It should and if it doesn't, please show me what you get
command='iptables -t nat -L -n'
natlist=$(ssh IPADDR $command)

echo "$natlist" | grep "^DNAT" | awk '{ print $4","$5","$6}'

Open in new window

0
 
wesly_chenCommented:
ssh 10.0.0.10  "iptables -t nat -L -n" > iptables.log

natlist=$( grep "^DNAT"|sed "s/"to:"//g"|sed "s/[a-zA-Z-]//g"|awk '{print $1 "," $2 "," $3}' iptables.log )
0
 
wesly_chenCommented:
Woo, it should be
-----------
ssh 10.0.0.10  "iptables -t nat -L -n" > iptables.log
natlist=$( cat iptables.log | grep "^DNAT"|sed "s/"to:"//g"|sed "s/[a-zA-Z-]//g"|awk '{print $1 "," $2 "," $3}' )
0
 
jasonzxAuthor Commented:
farznaj:
That last one worked great and cleaned up a lot of unnecessary junk I had in my code.
I made one tiny change because I wound up with 'to:' in the 3rd field that I didn't want.
 
#!/bin/bash
command='iptables -t nat -L -n'
natlist=$(ssh IPADDR $command)
natlist=$(echo "$natlist" | sed 's/to://')
echo "$natlist" | grep "^DNAT" | awk '{ print $4","$5","$6}'

Open in new window

0
 
farzanjCommented:
Ok.  Glad it worked.  Basically when you capture a file into a variable, you can retrieve your file back by quoting the variable "$var"
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now