[] CentOS7.x rinetd on lightweight TCP forwarding configuration tool installation of rinetd
HTTPS: // www.jianshu.com/p/2605d247b944 write a more comprehensive.
First, the experimental background
Port forwarding is generally under Linux with iptables is implemented using iptables makes it easy to TCP and UDP port forwarding from the firewall to the internal host.
If you need to forward traffic to the outside of your current machine on the network, try another application layer port forwarding program rinetd, configure it a lot simpler than iptables from a private address.
Rinetd is a tool in a Unix and Linux operating systems to redirect the Transmission Control Protocol (TCP) connection. Rinetd server is a single process that handles any number of connections specified in the configuration file to the etc / rinetd address / port pair, although a non-latching rinetd I / O operation as a single process, it is not possible to redirect many connections this machine is an additional burden.
Although the code a bit old, not updated versions of many years, but very short, efficient, to solve this problem is very perfect.
Second, the experimental environment
Operating System: CentOS7.5 Minimal
rinted server: 192.168.1.103
Backend server: 192.168.1.107
Third, the installation rinetd
There are two main ways to install rinted: rpm package installation and source code to compile and install
rpm installation
Internet was a source package compiled rpm installation package, the case of networking we can directly configure yum source installation, the case of offline we can download the rpm package copied to the non-network server, because the main package is not dependent on the installation extremely easy and convenient.
Configure yum install warehouse
# vim /etc/yum.repos.d/nux-misc.repo
####################################################
[nux-misc]
name=Nux Misc
baseurl=http://li.nux.ro/download/nux/misc/el7/x86_64/
enabled=0
gpgcheck=1
gpgkey=http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
#######################################################
# yum -y install rinetd --disablerepo="*" --enablerepo=nux-misc
# wget http://li.nux.ro/download/nux/misc/el7/x86_64//rinetd-0.62-9.el7.nux.x86_64.rpm
# rpm -ivh rinetd-0.62-9.el7.nux.x86_64.rpm
# Rpm -ql rinetd
# cat /etc/rc.d/init.d/rinetd
# cat /etc/rinetd.conf
# /usr/sbin/rinetd --help
# /usr/sbin/rinetd -v
# systemctl status rinetd
Source compiler installation
# yum -y install gcc make
# wget http://www.boutell.com/rinetd/http/rinetd.tar.gz
# cd rinetd
# mkdir -p /usr/man/man8
# make && make install
# which rinetd
# /usr/sbin/rinetd --help
# /usr/sbin/rinetd -v
# man rinetd
# man rinetd > rinetd.txt
四、将源码编译安装注册成系统服务
# mkdir /usr/local/rinetd
# mkdir /usr/local/rinetd/sbin
# mkdir /usr/local/rinetd/etc/
# mkdir /usr/local/rinetd/log
# mv /usr/sbin/rinetd /usr/local/rinetd/sbin
# vim mkdir /usr/local/rinetd/etc/rinetd.conf
#############################################################
# example configuration file for rinetd
# to forward connections to port 80 on 10.10.10.2 to port 80 on 192.168.0.2
# 10.10.10.2 80 192.168.0.2 80
# to forward connections to port 80 on all addresses to port 80 on 192.168.0.2
# 0.0.0.0 80 192.168.0.2 80
# access controls can be set with allow and deny rules
# allow and deny before the first forwarding rule are global
# allow and deny after a specific rule apply to it only
# this rule allows hosts from 172.16.32.0/24 netblock
# allow 172.16.32.*
# this rule denies the host 192.168.32.12
# deny 192.168.32.12
# rinetd supports logging - to enable, uncomment the following
# logfile /var/log/rinetd.log
# by default, logs are in a tab-delimited format. Web common-log format
# is available by uncommenting the following
# logcommon
#############################################################
编写Unit文件
# vim /etc/systemd/system/rinetd.service
##########################################################
[Unit]
Description=Rinetd Daemon
After=network.service
Wants=network.service
[Service]
Type=forking
PIDFile=/var/run/rinetd.pid
ExecStart=/usr/local/rinetd/sbin/rinetd -c /usr/local/rinetd/etc/rinetd.conf
Restart=on-failure
[Install]
WantedBy=multi-user.target
###############################################################
# systemctl daemon-reload
# systemctl start rinetd.service
# systemctl enable rinetd.service
# systemctl status rinetd.service
rinetd 用于网络端口转发,运行用户只能是root
五、关于rinetd 的配置文件的配置
rpm安装的配置文件默认路径是/etc/rinetd.conf,本实验中我们将编译安装的配置文件 /usr/local/rinetd/etc/rinetd.conf
注意:源端口转发到目标端口时,源端口要是空闲端口,否则会报端口已被占用
关于配置文件的更多其他配置,见参考文档
六、端口转发测试
实验:将rinted服务器(192.168.1.103)的6033端口转到Backend服务器(192.168.1.107)的3306
在Backend服务器(192.168.1.107)
# systemctl status mysqld
# ss -tan | grep 3306
# firewall-cmd --zone=public--add-port=3306/tcp --permanent
# firewall-cmd --reload
在rinted服务器(192.168.1.103)
# firewall-cmd --zone=public--add-port=6033/tcp --permanent
# firewall-cmd --reload
# vim /usr/local/rinetd/etc/rinetd.conf
#############################################
192.168.1.103 6033 192.168.1.107 3306
allow 192.168.1.*
logfile /usr/local/rinetd/log/rinetd.log
#############################################
# systemctl restart rinetd.service
# systemctl status rinetd.service
# echo > /dev/tcp/192.168.1.103/6033
# echo > /dev/tcp/192.168.1.107/3306
# tail /usr/local/rinetd/log/rinetd.log
七、参考
Linux下使用 Rinetd 来实现端口转发
https://www.hi-linux.com/posts/29683.html
RINETD(8) Unix System Manager's Manual
https://www.boutell.com/rinetd
生产环境中谨慎使用rinetd
https://blog.csdn.net/woshiaotian/article/details/78133195
Linux安装rinetd实现TCP端口转发
https://www.xiaoz.me/archives/10175
rinetd-0.62-9.el7.nux.x86_64.rpm
https://centos.pkgs.org/7/nux-misc-x86_64/rinetd-0.62-9.el7.nux.x86_64.rpm.html
Port-Forwarding With rinetd
https://www.howtoforge.com/port-forwarding-with-rinetd-on-debian-etch
Comprehensive Guide to Port Redirection using Rinetd
https://www.hackingarticles.in/comprehensive-guide-to-port-redirection-using-rinetd