端口映射工具Rinetd

虽然Linux本身自带的iptables可以实现端口转发功能，但其配置相对复杂。

将TCP连接从一个IP地址和端口重定向到另一个IP地址和端口。rinetd是一个单进程服务器，处理与文件中指定的地址/端口对的任意数量的连接/etc/rinetd.conf。由于rinetd使用非阻塞I / O作为单个进程运行，因此它能够重定向大量连接，而不会严重影响计算机。rinetd 不会重定向FTP，因为FTP需要多个套接字。

<pre spellcheck="false" class="md-fences md-end-block md-fences-with-lineno ty-contain-cm modeLoaded" lang="shell" cid="n4" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: var(--monospace); font-size: 0.9em; display: block; break-inside: avoid; text-align: left; white-space: normal; background-image: inherit; background-position: inherit; background-size: inherit; background-repeat: inherit; background-attachment: inherit; background-origin: inherit; background-clip: inherit; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px 0px; margin-bottom: 15px; margin-top: 15px; width: inherit; color: rgb(51, 51, 51); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;"> socket 的原意是“插座”，在计算机通信领域，socket 被翻译为“套接字”，它是计算机之间进行通信的一种约定或一种方式。通过 socket 这种约定，一台计算机可以接收其他计算机的数据，也可以向其他计算机发送数据。</pre>

当访问某IP的某个端口，会自动转发到指定的IP和端口

官网> https://boutell.com/rinetd/

实战环境

<pre spellcheck="false" class="md-fences md-end-block md-fences-with-lineno ty-contain-cm modeLoaded" lang="shell" cid="n8" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: var(--monospace); font-size: 0.9em; display: block; break-inside: avoid; text-align: left; white-space: normal; background-image: inherit; background-position: inherit; background-size: inherit; background-repeat: inherit; background-attachment: inherit; background-origin: inherit; background-clip: inherit; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px 0px; margin-bottom: 15px; margin-top: 15px; width: inherit; color: rgb(51, 51, 51); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;"> # 准备环境--三台机器
rinetd-server----192.168.201.134
web-1----192.168.201.133 (nginx)

所有机器关闭防火墙和selinux</pre>

一、部署rinetd服务

<pre spellcheck="false" class="md-fences md-end-block md-fences-with-lineno ty-contain-cm modeLoaded" lang="shell" cid="n10" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: var(--monospace); font-size: 0.9em; display: block; break-inside: avoid; text-align: left; white-space: normal; background-image: inherit; background-position: inherit; background-size: inherit; background-repeat: inherit; background-attachment: inherit; background-origin: inherit; background-clip: inherit; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px 0px; margin-bottom: 15px; margin-top: 15px; width: inherit; color: rgb(51, 51, 51); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;"> 1.安装编译环境
[root@rinetd-server ~]# yum install ncurses ncurses-devel openssl-devel bison gcc gcc-c++ make cmake -y
2.进入安装目录
[root@rinetd-server ~]# cd /usr/local/
3.获取源码包
[root@rinetd-server local]# wget https://boutell.com/rinetd/http/rinetd.tar.gz
4.解压
[root@rinetd-server local]# tar xzf rinetd.tar.gz
[root@rinetd-server local]# cd rinetd
5.创建要给必要的文件路径
[root@rinetd-server rinetd]# mkdir -p /usr/man/man8
6.安装
[root@rinetd-server rinetd]# make && make install</pre>

出现如下界面安装完成

二、编写转发规则配置文件

<pre spellcheck="false" class="md-fences md-end-block md-fences-with-lineno ty-contain-cm modeLoaded" lang="shell" cid="n14" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: var(--monospace); font-size: 0.9em; display: block; break-inside: avoid; text-align: left; white-space: normal; background-image: inherit; background-position: inherit; background-size: inherit; background-repeat: inherit; background-attachment: inherit; background-origin: inherit; background-clip: inherit; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px 0px; margin-bottom: 15px; margin-top: 15px; width: inherit; color: rgb(51, 51, 51); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;"> 1.创建端口转发的配置文件
[root@rinetd-server ~]# vim /etc/rinetd.conf

配置文件格式很简单：[Source Address] [Source Port] [Destination Address] [Destination Port]

0.0.0.0 80 192.168.201.133 80

访问本机的80端口转发到192.168.201.133的80端口

2.# 启动服务
[root@rinetd-server rinetd]# rinetd -c /etc/rinetd.conf
[root@rinetd-server rinetd]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1223/rinetd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 898/sshd
tcp6 0 0 :::22 :::* LISTEN 898/sshd </pre>

三、实验2（测试web）

四、实验2（ssh测试）

<pre spellcheck="false" class="md-fences md-end-block md-fences-with-lineno ty-contain-cm modeLoaded" lang="shell" cid="n18" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: var(--monospace); font-size: 0.9em; display: block; break-inside: avoid; text-align: left; white-space: normal; background-image: inherit; background-position: inherit; background-size: inherit; background-repeat: inherit; background-attachment: inherit; background-origin: inherit; background-clip: inherit; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px 0px; margin-bottom: 15px; margin-top: 15px; width: inherit; color: rgb(51, 51, 51); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;"> [root@rinetd-server rinetd]# vim /etc/rinetd.conf
0.0.0.0 34 192.168.201.133 22
重启
[root@rinetd-server rinetd]# ps -ef | grep rinetd
root 4712 1 0 21:17 pts/0 00:00:00 rinetd -c /etc/rinetd.conf
root 4783 1026 0 21:28 pts/0 00:00:00 grep --color=auto rinetd
[root@rinetd-server rinetd]# kill -9 4712
[root@rinetd-server rinetd]# rinetd -c /etc/rinetd.conf
测试:
[root@rinetd-server rinetd]# ssh 192.168.201.134 -p 34
The authenticity of host '[192.168.201.134]:34 ([192.168.201.134]:34)' can't be established.
ECDSA key fingerprint is SHA256:IJ1fTgB4TkGt4Y1s/0/nLNnSJUaJLb93xmDtaxC6BZw.
ECDSA key fingerprint is MD5:f7:28:48:02:40:15:8e:b1:67:f2:c8:7b:04:86:b2:b2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.201.134]:34' (ECDSA) to the list of known hosts.
root@192.168.201.134's password:
Last login: Thu Oct 10 20:45:51 2019 from 192.168.246.1
[root@web-1 ~]#</pre>

五、开机启动

<pre spellcheck="false" class="md-fences md-end-block md-fences-with-lineno ty-contain-cm modeLoaded" lang="shell" cid="n20" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: var(--monospace); font-size: 0.9em; display: block; break-inside: avoid; text-align: left; white-space: normal; background-image: inherit; background-position: inherit; background-size: inherit; background-repeat: inherit; background-attachment: inherit; background-origin: inherit; background-clip: inherit; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px 0px; margin-bottom: 15px; margin-top: 15px; width: inherit; color: rgb(51, 51, 51); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;"> # echo "rinetd -c /etc/rinetd.conf" >> /etc/rc.d/rc.local

chmod a+x /etc/rc.d/rc.local</pre>