使用RINETD对服务器进行端口转发

下载软件

官网地址http://www.rinetd.com/

点我进行下载>>>

解压文件到服务器

unzip rinetd.zip

编译

make && make install

配置

vi /etc/rinetd.conf

可参考以下文件进行配置

Source Address Source Port Destination Address Destination Port
源地址 源端口 目的地址 目的端口
# 例子: 将本机 8080 端口重定向至 112.11.11.11 的 8080 端口
0.0.0.0 8080 112.11.11.11 8080

启动端口转发

rinetd -c /etc/rinetd.conf 

停止端口转发

pkill rinetd

设置开机自启动

将启动的命令追加到文件中

vi /etc/rc.local

检查服务是否正常运行

netstat -antup

帮助文档

rinetd: a user-mode port redirect utility

Description

Redirects TCP connections from one IP address and port to another. rinetd
is a single-process server which handles any number of connections to
the address/port pairs specified in the file /etc/rinetd.conf.
Since rinetd runs as a single process using nonblocking I/O, it is
able to redirect a large number of connections without a severe
impact on the machine. This makes it practical to run TCP services
on machines inside an IP masquerading firewall. rinetd does not
redirect FTP,
because FTP requires more than one socket.

rinetd is typically launched at boot time, using the following syntax:

/usr/sbin/rinetd

The configuration file is found in the file
/etc/rinetd.conf, unless
another file is specified using the -c command line option.

Forwarding Rules

Most entries in the configuration file are forwarding rules. The
format of a forwarding rule is as follows:

bindaddress bindport connectaddress connectport

For example:

206.125.69.81 80 10.1.1.2 80

Would redirect all connections to port 80 of the "real" IP address
206.125.69.81, which could be a virtual interface, through
rinetd to port 80 of the address 10.1.1.2, which would typically
be a machine on the inside of a firewall which has no
direct routing to the outside world.

Although responding on individual interfaces rather than on all
interfaces is one of rinetd's primary features, sometimes it is
preferable to respond on all IP addresses that belong to the server.
In this situation, the special IP address 0.0.0.0
can be used. For example:

0.0.0.0 23 10.1.1.2 23

Would redirect all connections to port 23, for all IP addresses
assigned to the server. This is the default behavior for most
other programs.

Service names can be specified instead of port numbers. On most systems,
service names are defined in the file /etc/services.

Both IP addresses and hostnames are accepted for
bindaddress and connectaddress.

Allow and Deny Rules

Configuration files can also contain allow and deny rules.

Allow rules which appear before the first forwarding rule are
applied globally: if at least one global allow rule exists,
and the address of a new connection does not
satisfy at least one of the global allow rules, that connection
is immediately rejected, regardless of any other rules.

Allow rules which appear after a specific forwarding rule apply
to that forwarding rule only. If at least one allow rule
exists for a particular forwarding rule, and the address of a new
connection does not satisfy at least one of the allow rules
for that forwarding rule, that connection is immediately
rejected, regardless of any other rules.

Deny rules which appear before the first forwarding rule are
applied globally: if the address of a new connection satisfies
any of the global allow rules, that connection
is immediately rejected, regardless of any other rules.

Deny rules which appear after a specific forwarding rule apply
to that forwarding rule only. If the address of a new
connection satisfies any of the deny rules for that forwarding rule,
that connection is immediately rejected, regardless of any other rules.

The format of an allow rule is as follows:

allow pattern

Patterns can contain the following characters: 0, 1, 2, 3, 4, 5,
6, 7, 8, 9, . (period), ?, and *. The ? wildcard matches any one
character. The * wildcard matches any number of characters, including
zero.

For example:

allow 206.125.69.*

This allow rule matches all IP addresses in the 206.125.69 class C domain.

Host names are NOT permitted in allow and deny rules. The performance
cost of looking up IP addresses to find their corresponding names
is prohibitive. Since rinetd is a single process server, all other
connections would be forced to pause during the address lookup.

Logging

rinetd is able to produce a log file in either of two formats:
tab-delimited and web server-style "common log format."

By default, rinetd does not produce a log file. To activate logging, add
the following line to the configuration file:

logfile log-file-location

Example:

logfile /var/log/rinetd.log

By default, rinetd logs in a simple tab-delimited format containing
the following information:

Date and time
Client address

Listening host

Listening port

Forwarded-to host

Forwarded-to port

Bytes received from client

Bytes sent to client

Result message

To activate web server-style "common log format" logging,
add the following line to the configuration file:

logcommon

Command line options

The -c command line option is used to specify an alternate
configuration file.

The -h command line option produces a short help message.

The -v command line option displays the version number.

Reinitializing rinetd

The kill -1 signal (SIGHUP) can be used to cause rinetd
to reload its configuration file without interrupting existing
connections. Under Linux(tm) the process id
is saved in the file /var/run/rinetd.pid
to facilitate the kill -HUP. An alternate
file name can be provided by using the pidlogfile
configuration file option.

Bugs

The server redirected to is not able to identify the host the
client really came from. This cannot be corrected; however,
the log produced by rinetd provides a way to obtain this
information. Under Unix, sockets would theoretically lose data when closed
with SO_LINGER turned off, but in Linux this is not the case
(kernel source comments support this belief on my part). On non-Linux Unix
platforms, alternate code which uses a different trick to work around
blocking close() is provided, but this code is untested.

The logging is inadequate. The duration of the connection should be logged.

License

Copyright (c) 1997-2019 Thomas Boutell.
This software is released for free use under the terms of
the GNU General Public License, version 2 or higher.

Thanks

Thanks are due to Bill Davidsen, Libor Pechachek, Sascha Ziemann,
Joel S. Noble, the Apache Group, and many others who have contributed
advice, encouragement and/or source code to this and other open
software projects.

原创文章,作者:AaronYang,如若转载,请注明出处:http://20398j03c9.zicp.fun/wordpress/?p=40240

(1)
上一篇 2021年8月6日 下午3:15
下一篇 2021年8月28日 下午9:01

相关推荐

  • 树莓派安装ansible教程(二)

    ansible是一款方便大家对集群计算机进行管理的软件,此软件通过对master节点的设置,通过配置对slave节点的免密服务,完成部署后,即可在master操作一条指令,同时对多…

    2021年9月14日
  • 解决WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

    远程连接ssh服务器时,若服务器系统发生了改变,旧的鉴权无法生效时,在登陆时会提示以下问题。 WARNING: REMOTE HOST IDENTIFICATION HAS CHA…

    2021年7月13日
  • 上手编写-柿饼UI“环境检测仪”代码

    前言 首先,感谢RTT的这次体验机会,此代码参考了Factory_Demo 先上模拟器效果图: 由于UP上班原因,所以只能下班后不偷懒情况下弄,专心搞还是花不了太多时间的~ 设计进…

    入门教程 2021年3月31日
  • 如何让自己的模糊视频变高清(4K)?

    有些视频是不是看着很模糊,又不忍心丢掉。比如一段回忆,一个瞬间。下面安利一个很好用的软件,可以通过使用AI深度学习能力,将视频像素进行提升。 演示视频 这就是这个软件带来的能力 模…

    2021年7月29日
  • SSH 连接出现 Connection reset by peer 如何解决

    以上错误一般是因为以下原因导致: 服务器改了密码,试过密码多次后出现 服务器安全策略,无法下发ssh-key-id 调试方法一般是 ssh -v root@ip_addr 检查以下…

    2021年8月6日
  • MinIO使用方法

    MinIO是一个高性能的对象存储服务器,开箱即用,适合个人搭建文件服务器,可在自己的服务器上,使用云存储的功能,类似云厂商的OSS存储业务。 下面是使用方式,若要安装请参考安装教程…

    2021年6月2日
  • Docker 存储目录的平滑迁移

    docker 目录的迁移 迁移准备 常用运维指令 查看磁盘占用情况:df -h查看docker自身的内存占用:docker system df清理磁盘,删除关闭的容器、无用的数据卷…

    2021年11月4日
  • ssr linux安装使用

    linux中安装ssr 需要python 及 pip依赖 apt-get install python apt-get install python-pip 安装ssr pip i…

    2022年5月12日
  • Docker 更改默认存储目录

    由于安装docker,默认的存储目录在根磁盘,会导致我们在拉取镜像的时候,更目录的空间越来越小,不修改存储目录的情况下,会导致我们可用空间越来越小,最终导致根目录不够用。根目录大点…

    2021年11月4日
  • CentOS安装gcc组件

    CentOS不带gcc及组件,要使用就需要安装。 一键安装 yum -y install gcc gcc-c++ kernel-devel //安装gcc、c++编译器以及内核文件

    2021年7月13日

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注