Because there is a project at work, only the citrix server can communicate between the headquarters and each branch. The headquarters client wants to access the branch intranet resources through the branch citrix. The basic idea is to modify the IP address and port in the ICA file obtained by the program, and return the modified ICA file to the client, so that the client can automatically jump to the citrix of another network by connecting to the local citrix. I used haproxy before, but the interaction between haproxy and the program is not very good. If there is only one citrix server in each branch, it is OK to write it statically in advance, but in general, there will be multiple citrix servers in the branch, and it is uncertain which one is used each time. A citrix server, so it is more difficult to dynamically add mapping entries through the program.
-----haproxy is mainly used for load, if only one is loaded, it becomes port mapping, but after all, it is a program under linux.
----- There is also a small tool under Windows: portforward.exe, the graphical interface is easy to operate, and it can be used by individuals, but there is no way to interact with the program.
After searching on the Internet, I found that the windows system, including xp , 2003, 2008, etc. ( testing 2012 is also supported ) , has its own portproxy function. Currently, only port forwarding of tcp protocol is supported. The premise is that IPV6 needs to be installed as the host of portproxy. IPV6 can not be enabled during installation.
A. Configuration method
Assuming that you need to connect to port 1494 of 192.168.1.118 through port 14941 of 192.168.1.8, you need to enter the following statement on the command line of the 192.168.1.8 host:
netsh interface ipv6 install
netsh interface portproxy add v4tov4 listenaddress=192.168.1.8 listenport= 14941 connectaddress=192.168.1.118 connectport=1494
---If IPV6 has been installed, the first item is not necessary
---if the operating system has opened the host firewall, you need to release the inbound connection of TCP 14941
---2008 firewall is older than the previous version There are major changes, you can refer to the following links:
http://pcedu.pconline.com.cn/soft/virus/safe/0710/1130476.html If you want to cancel the port forwarding configured above, you can use the following statement: netsh interface portproxy delete v4tov4 listenaddress=192.168.1.8 listenport=33891 If you want to see which port forwarding has been configured, you can use the following statement: netsh interface portproxy show v4tov4 B. The advantage Like HAproxy, you need to restart HAproxy after modifying the configuration file. Some people on the Internet say that xp configuration port forwarding does not work. It is estimated that IPV6 is not installed. Using xp to test, port forwarding can be achieved after IPV6 is installed, and there is no need to enable routing and remote access services. In addition, considering the redundancy of port forwarding, you can configure port forwarding on multiple hosts without specifying a local listening address, so that redundancy can be achieved by providing a floating address by the operating system: netsh interface portproxy add v4tov4 listenport=14941 connectaddress=192.168. 1.118 When the connectport=1494 program realizes dynamic addition, you can telnet to each machine to add entries, or you can only contact the virtual address, and check whether there is a corresponding mapping entry each time (according to the IP of the citrix server that needs to be connected in the ica file) address to check), if not, add it from the command line. When adding, make sure that the local port cannot be occupied, and also need to consider the firewall, and use netsh to add inbound port access rules.
----The citrix host needs to open the telnet service, and set the access control to allow only specific hosts to connect.
本文出自 “httpyuntianjxxll.spac..” 博客,请务必保留此出处http://333234.blog.51cto.com/323234/1135361