端口转发与rinetd在Debian蚀刻

端口转发与Debian Etch

版本1.0
作者:Falko Timme

本文介绍如何使用Debian Etch上的rinetd进行端口转发。 rinetd允许您将端口从一个系统转发到另一个系统。 如果您将网站移动到具有不同IP地址的新服务器,这将非常有用。 当然,您已经修改了DNS记录,但是可能需要几天时间才能使DNS更改生效,这就是rinetd发挥作用的地方。 如果客户端仍然使用旧的DNS记录,rinetd可以将它们重定向到新的服务器。 使用rinetd,你不必嘲弄iptables规则。

我不会保证这将为您工作!

1初步说明

在这个例子中,我试图将HTTP流量(端口80)从IP地址192.168.0.101重定向到IP地址192.168.0.100

请注意,rinetd无法重定向FTP,因为FTP需要多个套接字。

2安装和配置rinetd

要安装rinetd,我们只需运行

apt-get install rinetd

rinetd的配置文件是/etc/rinetd.conf 。 要将HTTP流量从192.168.0.101转发192.168.0.100 ,我们添加行192.168.0.101 80 192.168.0.100 80

vi /etc/rinetd.conf
#
# this is the configuration file for rinetd, the internet redirection server
#
# you may specify global allow and deny rules here
# only ip addresses are matched, hostnames cannot be specified here
# the wildcards you may use are * and ?
#
# allow 192.168.2.*
# deny 192.168.2.1?


#
# forwarding rules come here
#
# you may specify allow and deny rules after a specific forwarding rule
# to apply to only that forwarding rule
#
# bindadress    bindport  connectaddress  connectport
192.168.0.101 80 192.168.0.100 80

# logging information
logfile /var/log/rinetd.log

# uncomment the following line if you want web-server style logfile format
# logcommon

然后我们重新启动rinetd:

/etc/init.d/rinetd restart

现在跑

netstat -tap

你应该看到rinetd正在监听端口80( www ):

server2:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:sunrpc                *:*                     LISTEN     1956/portmap
tcp        0      0 server2.example.com:www *:*                     LISTEN     2485/rinetd
tcp        0      0 *:3025                  *:*                     LISTEN     2347/rpc.statd
tcp        0      0 *:auth                  *:*                     LISTEN     2306/inetd
tcp        0      0 localhost.localdom:smtp *:*                     LISTEN     2294/exim4
tcp6       0      0 *:ssh                   *:*                     LISTEN     2326/sshd
tcp6       0      0 server2.example.com:ssh ::ffff:192.168.0.3:4776 ESTABLISHED2409/0
server2:~#

现在当您将浏览器指向IP地址为192.168.0.101的网页时,应从IP地址为192.168.0.100的服务器上接收该页面。

而不是指定/etc/rinetd.conf中的端口号,也可以使用服务名称。 服务名称存储在/ etc / services中 ,因此当您打开该文件时,您将看到端口80的服务在Debian上命名为www

grep 80 /etc/services
server2:~# grep 80 /etc/services
www             80/tcp          http            # WorldWideWeb HTTP
www             80/udp                          # HyperText Transfer Protocol

socks           1080/tcp                        # socks proxy server
socks           1080/udp
amanda          10080/tcp                       # amanda backup services
amanda          10080/udp
omirr           808/tcp         omirrd          # online mirror
omirr           808/udp         omirrd
canna           5680/tcp                        # cannaserver
zope-ftp        8021/tcp                        # zope management by ftp
webcache        8080/tcp                        # WWW caching service
tproxy          8081/tcp                        # Transparent Proxy
omniorb         8088/tcp                        # OmniORB
omniorb         8088/udp
server2:~#

因此,您可以在/etc/rinetd.conf中使用以下配置,它具有与第一个相同的效果:

vi /etc/rinetd.conf
#
# this is the configuration file for rinetd, the internet redirection server
#
# you may specify global allow and deny rules here
# only ip addresses are matched, hostnames cannot be specified here
# the wildcards you may use are * and ?
#
# allow 192.168.2.*
# deny 192.168.2.1?


#
# forwarding rules come here
#
# you may specify allow and deny rules after a specific forwarding rule
# to apply to only that forwarding rule
#
# bindadress    bindport  connectaddress  connectport
192.168.0.101 www 192.168.0.100 www

# logging information
logfile /var/log/rinetd.log

# uncomment the following line if you want web-server style logfile format
# logcommon

并且要使rinetd监听在安装它的系统上配置的所有IP地址,我们可以使用0.0.0.0作为bindaddress

vi /etc/rinetd.conf
#
# this is the configuration file for rinetd, the internet redirection server
#
# you may specify global allow and deny rules here
# only ip addresses are matched, hostnames cannot be specified here
# the wildcards you may use are * and ?
#
# allow 192.168.2.*
# deny 192.168.2.1?


#
# forwarding rules come here
#
# you may specify allow and deny rules after a specific forwarding rule
# to apply to only that forwarding rule
#
# bindadress    bindport  connectaddress  connectport
0.0.0.0 80 192.168.0.100 80

# logging information
logfile /var/log/rinetd.log

# uncomment the following line if you want web-server style logfile format
# logcommon

重新启动rinetd后...

/etc/init.d/rinetd restart

... rinetd现在应该听所有接口( *:www ):

netstat -tap
server2:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:sunrpc                *:*                     LISTEN     1956/portmap
tcp        0      0 *:www                   *:*                     LISTEN     2503/rinetd
tcp        0      0 *:3025                  *:*                     LISTEN     2347/rpc.statd
tcp        0      0 *:auth                  *:*                     LISTEN     2306/inetd
tcp        0      0 localhost.localdom:smtp *:*                     LISTEN     2294/exim4
tcp        0      0 server2.example.com:www 192.168.0.3:4798        TIME_WAIT  -
tcp6       0      0 *:ssh                   *:*                     LISTEN     2326/sshd
tcp6       0    148 server2.example.com:ssh ::ffff:192.168.0.3:4776 ESTABLISHED2409/0
server2:~#

3链接

赞(52) 打赏
未经允许不得转载:优客志 » 系统运维
分享到:

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏