The second of the network security series, lcx port forwarding to achieve a breakthrough in the internal network. 03/29 Update SLTechnology News&Howtos

The second of the network security series, lcx port forwarding to achieve a breakthrough in the internal network.

2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Hosts in the private network generally use private IP. After NAT is converted to public network IP at the network exit, the Internet can be accessed. Under this network structure, one-way access is realized between the two sides of the communication, that is, only the hosts in the intranet can actively access the hosts in the Internet, and vice versa. If a server is set up in the intranet and users in the Internet need to be allowed to access the server, port mapping must be done at the network exit.

In the network *, if you capture a broiler located in the private network, then * cannot actively connect the broiler, and it is impossible to do port mapping at other people's network egress, so you can use lcx as a gadget. Download address: http://down.51cto.com/data/1878979

Lcx can implement port forwarding, forwarding a port (such as 3389) on Broiler A to host B with a public network address, so that * * only connecting port 3389 of host B is equivalent to connecting to Broiler A, thus breaking the restriction of private IP in private network.

Below, two virtual machines are used to simulate the operation in vmware, one as the host (IP address 192.168.80.128) and the other as the broiler (IP address 192.168.80.129).

First, put the lcx in the C root directory of the two virtual machines, and first execute the command "lcx-slave 192.168.80.128 5000 192.168.80.129 3389" on the broiler, that is, forward port 3389 on 192.168.80.129 to port 5000 on 192.168.80.128.

Then execute the command "lcx-listen 5000 3389" on the * * host, that is, listen on port 5000 and forward the received data to your own port 3389. When you execute the "netstat-an" command on the * * host, you can see that ports 5000 and 3389 are open at the same time.

Finally, open mstsc on the * host, and simply enter your own IP address (192.168.80.128 or 127.0.0.1) to connect to the chicken, thus achieving a breakthrough in the private network.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.