Shulou(Shulou.com)06/01 Report--

This article mainly introduces "what is the method of Linux port mapping". In the daily operation, I believe that many people have doubts about the method of Linux port mapping. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts of "what is the method of Linux port mapping?" Next, please follow the editor to study!

Port mapping is a kind of NAT, whose function is to translate the address in the public network into a private address. The ADSL broadband router using routing has a dynamic or fixed public network IP,ADSL directly connected to the HUB or switch, and all computers share the Internet.

Native port forwarding application scenario: I will build a Linux server and use tomcat as a web container to let others maintain the release of web projects. At this time, I will give them an ordinary user (non-root user).

Analysis: the default port of tomcat is 8080, and all users can start it, but except for the internal system, we generally choose to use 80 as the port, but ordinary users do not have the right to 80. What to do? at this time, you can map port 80 to port 8080 in advance, and when tomcat starts with port 8080, you can use port 80 to access.

Specific configuration:

[root@localhost sbin] # iptables-t nat-A PREROUTING-p tcp-- dport 80-j REDIRECT-- to-ports 8080 [root@localhost sbin] # service iptables save [root@localhost sbin] # service iptables restart returns the following information:

Iptables: Saving firewall rules to / etc/sysconfig/iptables: [OK] this indicates that the iptables file has been modified and can be safely used. Clearly know that the rules are reported incorrectly in the / etc/sysconfig/iptables file.

Cross-IP port forwarding application scenario: a VPS1 was purchased 2 years ago. Because of the high price, the configuration purchased for 100 CNY is very low. At the same time, the domain name is purchased and the VPS1 is bound. Because of the reduction in the price of VPS this year, I bought a high-equipped VPS2 for another 100 yuan. A lot of services have been installed on this VPS2. Since the new VPS2 is not bound to the domain name, I do not want to change the domain name, so I want to access the service on my new VPS2 through the domain name.

Analysis: it is obvious that the two VPS have different IP addresses and belong to cross-IP forwarding. Suppose you need to use the domain name: 80 to VPS2:8080. [1.1.1.1 80-> 2.2.2.2 8080] since it is cross-IP, the IP forwarding feature must be enabled first.

There are two ways to enable IP forwarding and enable IP forwarding, one is temporary, there is no restart, and the other is permanent. A restart will also exist.

The temporary solution is configured as follows: echo 1 > / proc/sys/net/ipv4/ip_forward modifies the ip_forward file, which takes effect immediately, and the restart fails.

The permanent scheme configuration is as follows: vi / etc/sysctl.conf # find the following value and change 0 to 1 net.ipv4.ip_forward = 1 sysctl-p (make it effective immediately)

The above enables the support for IP forwarding, and then configures port forwarding, which is slightly different from local port forwarding.

Configure port forwarding # iptables-t nat-A PREROUTING-p tcp-d 1.1.1.1-- dport 80-j DNAT-- to-destination 2.2.2.2 PREROUTING 8080 # iptables-t nat-A POSTROUTING-p tcp-s 2.2.2.2-- sport 8080-j SNAT-- to-source 1.1.1.1 # service iptables save can also be written directly to the iptables file:

-A PREROUTING-p tcp-d 1.1.1.1-- dport 80-j DNAT-- to-destination 2.2.2.2 to-destination 8080-A POSTROUTING-p tcp-s 2.2.2.2-- sport 8080-j SNAT-- to-source 1.1.1.1 ports * Note: * * if you are using a port that is not open, such as a port that is small and 1024, if it is 800 instead of 8080, remember to open these ports.

The way is as follows:

-An INPUT-p tcp-m state-- state NEW-m tcp-- dport 800-j ACCEPT configuration, remember to turn on the firewall

# service iptables restart is then ready to use.

The port mapping setting of the problem encountered is successful, but it will fail after a while. Found a problem.

The iptables service of the system is not started. For example, you can check it using the following command:

# chkconfig auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off blk-availability 0:off 1:on 2:on 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off ip6tables 0:off 1:off 2:off 3:off 4:off 5:off 6:off iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:off mcollective 0:off 1:off 2:on 3:on 4:on 5:on 6:off netconsole 0:off 1:off 2:off 3: Off 4:off 5:off 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off ntpdate 0:off 1:off 2:off 3:off 4:off 5:off 6:off puppet 0:off 1:off 2:on 3:on 4:on 5:on 6:off rdisc 0:off 1:off 2:off 3:off 4:off 5:off 6:off restorecond 0:off 1:off 2:off 3:off 4:off 5:off 6:off rhnsd 0:off 1:off 2:on 3:on 4:on 5:on 6:off rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off sendmail 0:off 1:off 2:on 3:on 4:on 5: On 6:off snmpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off snmptrapd 0:off 1:off 2:off 3:off 4:off 5:off 6:off sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off udev-post 0:off 1:on 2:on 3:on 4:on 5:on 6:off found line 6 It is found that the level switches corresponding to iptables are all off. At this time, you can change off to on.

# chkconfig-- help chkconfig version 1.3.49.3-Copyright (C) 1997-2000 Red Hat, Inc. This may be freely redistributed under the terms of the GNU Public License. Usage: chkconfig [--list] [--type type >] [name] chkconfig-- add name > chkconfig-- del name > chkconfig-- override name > chkconfig [--level levels >] [--type type >] name > on | off | reset | resetpriorities > enable command:

# chkconfig-- level 012345 iptables on review:

# chkconfig auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off blk-availability 0:off 1:on 2:on 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off ip6tables 0:off 1:off 2:off 3:off 4:off 5:off 6:off iptables 0:on 1:on 2:on 3:on 4:on 5:on 6:on lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:off mcollective 0:off 1:off 2:on 3:on 4:on 5:on 6:off netconsole 0:off 1:off 2:off 3: Off 4:off 5:off 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off ntpdate 0:off 1:off 2:off 3:off 4:off 5:off 6:off puppet 0:off 1:off 2:on 3:on 4:on 5:on 6:off rdisc 0:off 1:off 2:off 3:off 4:off 5:off 6:off restorecond 0:off 1:off 2:off 3:off 4:off 5:off 6:off rhnsd 0:off 1:off 2:on 3:on 4:on 5:on 6:off rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off sendmail 0:off 1:off 2:on 3:on 4:on 5: On 6:off snmpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off snmptrapd 0:off 1:off 2:off 3:off 4:off 5:off 6:off sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off udev-post 0:off 1:on 2:on 3:on 4:on 5:on 6:off has come here The study on "what is the method of Linux port mapping" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.