Implement port mapping on Linux or Windows

Release: 2023-08-01 17:03:54
forward
1010 people have browsed it

Usually the server has many network cards, so it may be connected to different networks. In an isolated network, some services may Communication is required. At this time, the server can be configured to assume the function of forwarding data packets.

Implement port mapping on Linux or Windows

1. Implement port mapping under Windows

1. Query the port mapping situation

netsh interface portproxy show v4tov4
Copy after login

2. Query the port mapping situation of a certain IP

netsh interface portproxy show v4tov4 | find "[IP]"例:netsh interface portproxy show v4tov4 | find "192.168.1.1"
Copy after login

3. Add a port mapping

netsh interface portproxy add v4tov4 listenaddress=[外网IP] listenport=[外网端口] connectaddress=[内网IP] connectport=[内网端口]例:netsh interface portproxy add v4tov4 listenaddress=2.2.2.2 listenport=8080 connectaddress=192.168.1.50 connectport=80
Copy after login

4. Delete a port mapping

netsh interface portproxy delete v4tov4 listenaddress=[外网IP] listenport=[外网端口]例:netsh interface portproxy delete v4tov4 listenaddress=2.2.2.2 listenport=8080
Copy after login

二、Linux 下端口映射

1. 允许数据包转发

echo 1 >/proc/sys/net/ipv4/ip_forwardiptables -t nat -A POSTROUTING -j MASQUERADEiptables -A FORWARD -i [内网网卡名称] -j ACCEPTiptables -t nat -A POSTROUTING -s [内网网段] -o [外网网卡名称] -j MASQUERADE例:echo 1 >/proc/sys/net/ipv4/ip_forwardiptables -t nat -A POSTROUTING -j MASQUERADEiptables -A FORWARD -i ens33 -j ACCEPTiptables -t nat -A POSTROUTING -s 192.168.50.0/24 -o ens37 -j MASQUERADE
Copy after login

2. 设置端口映射

iptables -t nat -A PREROUTING -p tcp -m tcp --dport [外网端口] -j DNAT --to-destination [内网地址]:[内网端口]例:iptables -t nat -A PREROUTING -p tcp -m tcp --dport 6080 -j DNAT --to-destination 10.0.0.100:6090
Copy after login

实验:将部署在内网的服务映射到外网

实验环境

  1. VMWare Workstation Pro

  2. 5 台最小化安装的 centos 7 虚拟机

Experimental topology

Implement port mapping on Linux or Windows

##Internal network and External network is relative to Server4<span style="outline: 0px;font-size: 17px;"></span>.
Server1<span style="outline: 0px;font-size: 17px;"></span> and Server2<span style="outline: 0px;font-size: 17px;"></span> are two servers in the intranet environment ;
Server3<span style="outline: 0px;font-size: 17px;"></span> is a server in an external network environment;
Server4<span style="outline: 0px;font-size: 17px;"></span> is a dual network card host, connected to 192.168.50.0/24<span style="outline: 0px;font-size: 17px;"></span> and 172.16.2.0 respectively /24<span style="outline: 0px;font-size: 17px;"></span>Two networks.

配置实验环境

1. Server1,2,3 上搭建 HTTP 服务

用 Python 在<span style="outline: 0px;font-size: 17px;">Server1</span>上搭建一个简单的 HTTP 服务

cd ~echo "server1" > index.htmlpython -m SimpleHTTPServer 8080
Copy after login
Implement port mapping on Linux or Windows

<span style="outline: 0px;font-size: 17px;">Server2、Server3</span>同理

对照实验

<span style="outline: 0px;font-size: 17px;">client</span>上访问<span style="outline: 0px;font-size: 17px;">Server1</span>的资源

curl http://192.168.50.11:8080/index.html
Copy after login
Implement port mapping on Linux or Windows

<span style="outline: 0px;font-size: 17px;">client</span>上访问<span style="outline: 0px;font-size: 17px;">Server2</span>的资源

curl http://192.168.50.12:8080/index.htm
Copy after login
Implement port mapping on Linux or Windows

<span style="outline: 0px;font-size: 17px;">client</span>上访问<span style="outline: 0px;font-size: 17px;">Server3</span>的资源

curl http://172.16.2.11:8080/index.html
Copy after login
Copy after login
Implement port mapping on Linux or Windows

可以看到,外网的<span style="outline: 0px;font-size: 17px;">client</span>是无法访问内网<span style="outline: 0px;font-size: 17px;">Server1</span>,<span style="outline: 0px;font-size: 17px;">Server2</span>的资源的。

<span style="outline: 0px;font-size: 17px;">Server4</span>上配置端口映射

临时配置

#允许数据包转发echo 1 >/proc/sys/net/ipv4/ip_forwardiptables -t nat -A POSTROUTING -j MASQUERADEiptables -A FORWARD -i ens33 -j ACCEPTiptables -t nat -A POSTROUTING -s 192.168.50.0/24 -o ens37 -j MASQUERADE#设置端口映射iptables -t nat -A PREROUTING -p tcp -m tcp --dport 8081 -j DNAT --to-destination 192.168.50.11:8080iptables -t nat -A PREROUTING -p tcp -m tcp --dport 8082 -j DNAT --to-destination 192.168.50.12:8080
Copy after login

永久配置

如果需要永久配置,则将以上命令追加到<span style="outline: 0px;font-size: 17px;">/etc/rc.local</span>文件。

检查效果

<span style="outline: 0px;font-size: 17px;">client</span>上访问 Server1 的资源

curl http://172.16.2.100:8081/index.html
Copy after login

<span style="outline: 0px;font-size: 17px;">client</span>上访问<span style="outline: 0px;font-size: 17px;">Server2</span>的资源

curl http://172.16.2.100:8082/index.html
Copy after login
Implement port mapping on Linux or Windows

<span style="outline: 0px;font-size: 17px;">client</span>上访问<span style="outline: 0px;font-size: 17px;">Server3</span>的资源

curl http://172.16.2.11:8080/index.html
Copy after login
Copy after login
Implement port mapping on Linux or Windows

如果<span style="outline: 0px;font-size: 17px;">Server4</span>为 Windows,替换一下相应的命令即可

Windows 的 IP 信息如下

##Ethernet0192.168.50.105255.255.255.0-Internal network cardEthernet1172.16.2.105255.255.255.0-External network card
Implement port mapping on Linux or Windows

配置并查看端口映射情况

netsh interface portproxy add v4tov4 listenaddress=172.16.2.105 listenport=8081 connectaddress=192.168.50.11 connectport=8080netsh interface portproxy add v4tov4 listenaddress=172.16.2.105 listenport=8082 connectaddress=192.168.50.12 connectport=8080netsh interface portproxy show v4tov4
Copy after login

检查效果

<span style="outline: 0px;font-size: 17px;">client</span>节点上

curl http://172.16.2.105:8081/index.htmlcurl http://172.16.2.105:8082/index.htmlcurl http://172.16.2.11:8080/index.html
Copy after login
Implement port mapping on Linux or Windows

The above is the detailed content of Implement port mapping on Linux or Windows. For more information, please follow other related articles on the PHP Chinese website!

source:Linux中文社区
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
Network CardIP AddressSubnet MaskDefault Gateway##Remarks