Linux-Windows port forwarding

In the actual production environment, for our security, it will be a number of important services (database services) do not open the external network access, but when we have some time for some special needs, the need for external network access, we can port forwarding to achieve. , Port forwarding through the host via a service can access each other and with the host.

• Windows port forwarding
• Linux port forwarding

A, Windows port forwarding

windows mainly through netshport forwarding.

listenaddress  # 本地监听的ip
listenport # 本地监听的端口

connectaddress # 转发请求接收的主机ip
connectport # 转发请求接收的主机的端口
# 执行命令
netsh  interface  portproxy    add  v4tov4  listenaddress=localip  listenport=localport connectaddress=remoteip  connectport=remoteport
# 查看现有的配置
netsh  interface  portproxy show all
# 删除原有的端口转发
 netsh  interface  portproxy    delete   v4tov4  listenaddress=localip listenport=localport

Examples

Setting request to the local IP 192.168.15.89port request 2222is forwarded to 192.168.15.35the port 22.

NOTE: The following command to be executed by the administrator.

netsh  interface  portproxy    add  v4tov4  listenaddress=192.168.15.89  listenport=2222  connectaddress=192.168.15.35  connectport=22

PS C:\WINDOWS\system32> netsh  interface  portproxy show all

侦听 ipv4:                 连接到 ipv4:

地址            端口        地址            端口
--------------- ----------  --------------- ----------
192.168.15.89   2222        192.168.15.35   22

Two, Linux port forwarding

1、rinetd

Brief introduction

The official document: https://boutell.com/rinetd/

Download https://boutell.com/rinetd/http/rinetd.tar.gz

rinetdYou may be TCPconnected to a IP address and port from redirected to another IP address and port. rinetdIs a single-process services (non-blocking IO process), it can handle the profile /etc/rinetd.confaddress and any number of ports connection specified. rinetdYou can not redirect FTP, because FTP requires multiple socket. rinetdCan run on Linux platform, it can also be in the Windows 95/98/NTrunning on the platform.

installation:

wget https://boutell.com/rinetd/http/rinetd.tar.gz
tar -xzf  rinetd.tar.gz
yum  install gcc -y
cd  rinetd
# (修改端口范围)
sed -i 's/65536/65535/g' rinetd.c 
# 创建目录
mkdir /usr/man
# 解压安装
make && make install

Profiles

Configuring Forwarding

Configuring Forwarding writing rules file, you can configure multiple forwarding.

bindaddress bindport connectaddress connectport

Example:

0.0.0.0 2222  192.168.15.89 22
0.0.0.0 3333  192.168.15.89 80

Configure filtering rules

rinetdFiltering rules can be used to set the host can access. (Use only ip, host name not be used)

Note: The position should be filled 位于文件的开头.

allow  #设置允许访问的主机
deny   #设置拒绝访问的主机

Example: reject 192.168.15the request of the entire segment.

deny 192.168.15.*

Configuring Log Files

By default, rinetdit does not generate a log file. To activate logging, add the following line to the configuration file:

logfile log-file-location

Example: Note logfile and only one space after the path, oh.

logfile /var/log/rinetd.log

Configuration file example:

deny 192.168.15.*
0.0.0.0 2222  192.168.15.89 22
0.0.0.0 3333  192.168.15.89 80
logfile /var/log/rinetd.log

The configuration file

echo  <<EOF  >/etc/rinetd.conf
deny 192.168.15.*
0.0.0.0 2222  192.168.15.89 22
0.0.0.0 3333  192.168.15.89 80
logfile /var/log/rinetd.log
EOF

Operation and Management

# 启动 rinetd
rinetd

# 设置开机自启
echo rinetd >>/etc/rc.local

# 暂停 ，通过kill pid
kill `cat   /var/run/rinetd.pid`

# 使用其他配置文件
rinetd -c  /opt/rinetd.conf

Port we used above, remember to add clearance rules in the firewall.

iptablesAnd Firewalldport forwarding, then supplement behind us.