In the actual production environment, for our security, it will be a number of important services (database services) do not open the external network access, but when we have some time for some special needs, the need for external network access, we can port forwarding to achieve. , Port forwarding through the host via a service can access each other and with the host.
- Windows port forwarding
- Linux port forwarding
A, Windows port forwarding
windows mainly through netsh
port forwarding.
listenaddress # 本地监听的ip
listenport # 本地监听的端口
connectaddress # 转发请求接收的主机ip
connectport # 转发请求接收的主机的端口
# 执行命令
netsh interface portproxy add v4tov4 listenaddress=localip listenport=localport connectaddress=remoteip connectport=remoteport
# 查看现有的配置
netsh interface portproxy show all
# 删除原有的端口转发
netsh interface portproxy delete v4tov4 listenaddress=localip listenport=localport
Examples
Setting request to the local IP 192.168.15.89
port request 2222
is forwarded to 192.168.15.35
the port 22
.
NOTE: The following command to be executed by the administrator.
netsh interface portproxy add v4tov4 listenaddress=192.168.15.89 listenport=2222 connectaddress=192.168.15.35 connectport=22
PS C:\WINDOWS\system32> netsh interface portproxy show all
侦听 ipv4: 连接到 ipv4:
地址 端口 地址 端口
--------------- ---------- --------------- ----------
192.168.15.89 2222 192.168.15.35 22
Two, Linux port forwarding
1、rinetd
Brief introduction
The official document: https://boutell.com/rinetd/
Download https://boutell.com/rinetd/http/rinetd.tar.gz
rinetd
You may be TCP
connected to a IP address and port from redirected to another IP address and port. rinetd
Is a single-process services (non-blocking IO process), it can handle the profile /etc/rinetd.conf
address and any number of ports connection specified. rinetd
You can not redirect FTP, because FTP requires multiple socket
. rinetd
Can run on Linux platform, it can also be in the Windows 95/98/NT
running on the platform.
installation:
wget https://boutell.com/rinetd/http/rinetd.tar.gz
tar -xzf rinetd.tar.gz
yum install gcc -y
cd rinetd
# (修改端口范围)
sed -i 's/65536/65535/g' rinetd.c
# 创建目录
mkdir /usr/man
# 解压安装
make && make install
Profiles
Configuring Forwarding
Configuring Forwarding writing rules file, you can configure multiple forwarding.
bindaddress bindport connectaddress connectport
Example:
0.0.0.0 2222 192.168.15.89 22
0.0.0.0 3333 192.168.15.89 80
Configure filtering rules
rinetd
Filtering rules can be used to set the host can access. (Use only ip, host name not be used)
Note: The position should be filled 位于文件的开头
.
allow #设置允许访问的主机
deny #设置拒绝访问的主机
Example: reject 192.168.15
the request of the entire segment.
deny 192.168.15.*
Configuring Log Files
By default, rinetd
it does not generate a log file. To activate logging, add the following line to the configuration file:
logfile log-file-location
Example: Note logfile and only one space after the path, oh.
logfile /var/log/rinetd.log
Configuration file example:
deny 192.168.15.*
0.0.0.0 2222 192.168.15.89 22
0.0.0.0 3333 192.168.15.89 80
logfile /var/log/rinetd.log
The configuration file
echo <<EOF >/etc/rinetd.conf
deny 192.168.15.*
0.0.0.0 2222 192.168.15.89 22
0.0.0.0 3333 192.168.15.89 80
logfile /var/log/rinetd.log
EOF
Operation and Management
# 启动 rinetd
rinetd
# 设置开机自启
echo rinetd >>/etc/rc.local
# 暂停 ,通过kill pid
kill `cat /var/run/rinetd.pid`
# 使用其他配置文件
rinetd -c /opt/rinetd.conf
Port we used above, remember to add clearance rules in the firewall.
iptables
And Firewalld
port forwarding, then supplement behind us.