端口转发与Debian Etch
版本1.0
作者:Falko Timme
本文介绍如何使用Debian Etch上的rinetd进行端口转发。 rinetd允许您将端口从一个系统转发到另一个系统。 如果您将网站移动到具有不同IP地址的新服务器,这将非常有用。 当然,您已经修改了DNS记录,但是可能需要几天时间才能使DNS更改生效,这就是rinetd发挥作用的地方。 如果客户端仍然使用旧的DNS记录,rinetd可以将它们重定向到新的服务器。 使用rinetd,你不必嘲弄iptables规则。
我不会保证这将为您工作!
1初步说明
在这个例子中,我试图将HTTP流量(端口80)从IP地址192.168.0.101重定向到IP地址192.168.0.100 。
请注意,rinetd无法重定向FTP,因为FTP需要多个套接字。
2安装和配置rinetd
要安装rinetd,我们只需运行
apt-get install rinetd
rinetd的配置文件是/etc/rinetd.conf 。 要将HTTP流量从192.168.0.101转发到192.168.0.100 ,我们添加行192.168.0.101 80 192.168.0.100 80 :
vi /etc/rinetd.conf
# # this is the configuration file for rinetd, the internet redirection server # # you may specify global allow and deny rules here # only ip addresses are matched, hostnames cannot be specified here # the wildcards you may use are * and ? # # allow 192.168.2.* # deny 192.168.2.1? # # forwarding rules come here # # you may specify allow and deny rules after a specific forwarding rule # to apply to only that forwarding rule # # bindadress bindport connectaddress connectport 192.168.0.101 80 192.168.0.100 80 # logging information logfile /var/log/rinetd.log # uncomment the following line if you want web-server style logfile format # logcommon |
然后我们重新启动rinetd:
/etc/init.d/rinetd restart
现在跑
netstat -tap
你应该看到rinetd正在监听端口80( www ):
server2:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:sunrpc *:* LISTEN 1956/portmap
tcp 0 0 server2.example.com:www *:* LISTEN 2485/rinetd
tcp 0 0 *:3025 *:* LISTEN 2347/rpc.statd
tcp 0 0 *:auth *:* LISTEN 2306/inetd
tcp 0 0 localhost.localdom:smtp *:* LISTEN 2294/exim4
tcp6 0 0 *:ssh *:* LISTEN 2326/sshd
tcp6 0 0 server2.example.com:ssh ::ffff:192.168.0.3:4776 ESTABLISHED2409/0
server2:~#
现在当您将浏览器指向IP地址为192.168.0.101的网页时,应从IP地址为192.168.0.100的服务器上接收该页面。
而不是指定/etc/rinetd.conf中的端口号,也可以使用服务名称。 服务名称存储在/ etc / services中 ,因此当您打开该文件时,您将看到端口80的服务在Debian上命名为www 。
grep 80 /etc/services
server2:~# grep 80 /etc/services
www 80/tcp http # WorldWideWeb HTTP
www 80/udp # HyperText Transfer Protocol
socks 1080/tcp # socks proxy server
socks 1080/udp
amanda 10080/tcp # amanda backup services
amanda 10080/udp
omirr 808/tcp omirrd # online mirror
omirr 808/udp omirrd
canna 5680/tcp # cannaserver
zope-ftp 8021/tcp # zope management by ftp
webcache 8080/tcp # WWW caching service
tproxy 8081/tcp # Transparent Proxy
omniorb 8088/tcp # OmniORB
omniorb 8088/udp
server2:~#
因此,您可以在/etc/rinetd.conf中使用以下配置,它具有与第一个相同的效果:
vi /etc/rinetd.conf
# # this is the configuration file for rinetd, the internet redirection server # # you may specify global allow and deny rules here # only ip addresses are matched, hostnames cannot be specified here # the wildcards you may use are * and ? # # allow 192.168.2.* # deny 192.168.2.1? # # forwarding rules come here # # you may specify allow and deny rules after a specific forwarding rule # to apply to only that forwarding rule # # bindadress bindport connectaddress connectport 192.168.0.101 www 192.168.0.100 www # logging information logfile /var/log/rinetd.log # uncomment the following line if you want web-server style logfile format # logcommon |
并且要使rinetd监听在安装它的系统上配置的所有IP地址,我们可以使用0.0.0.0作为bindaddress :
vi /etc/rinetd.conf
# # this is the configuration file for rinetd, the internet redirection server # # you may specify global allow and deny rules here # only ip addresses are matched, hostnames cannot be specified here # the wildcards you may use are * and ? # # allow 192.168.2.* # deny 192.168.2.1? # # forwarding rules come here # # you may specify allow and deny rules after a specific forwarding rule # to apply to only that forwarding rule # # bindadress bindport connectaddress connectport 0.0.0.0 80 192.168.0.100 80 # logging information logfile /var/log/rinetd.log # uncomment the following line if you want web-server style logfile format # logcommon |
重新启动rinetd后...
/etc/init.d/rinetd restart
... rinetd现在应该听所有接口( *:www ):
netstat -tap
server2:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:sunrpc *:* LISTEN 1956/portmap
tcp 0 0 *:www *:* LISTEN 2503/rinetd
tcp 0 0 *:3025 *:* LISTEN 2347/rpc.statd
tcp 0 0 *:auth *:* LISTEN 2306/inetd
tcp 0 0 localhost.localdom:smtp *:* LISTEN 2294/exim4
tcp 0 0 server2.example.com:www 192.168.0.3:4798 TIME_WAIT -
tcp6 0 0 *:ssh *:* LISTEN 2326/sshd
tcp6 0 148 server2.example.com:ssh ::ffff:192.168.0.3:4776 ESTABLISHED2409/0
server2:~#
3链接
- rinetd: http : //www.boutell.com/rinetd
- Debian: http : //www.debian.org
