Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to achieve fast port forwarding in rinetd in Linux system. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

Rinetd is a tool for redirecting Transmission Control Protocol (TCP) connections in an Unix and Linux operating system. Rinetd is a single-process server that handles any number of connections to the address / port pair specified in the configuration file etc/rinetd.

[root@localhost src] # wget http://www.boutell.com/rinetd/http/rinetd.tar.gz [root@localhost src] # tar-zxvf rinetd.tar.gz [root@localhost src] # cd rinetd [root@localhost rinetd] # vim Makefile# modified Makefile CFLAGS=-DLINUX-g rinetd: rinetd.o match.o gcc rinetd.o match.o-o rinetd install: rinetd install-m 700 rinetd / usr/sbin install-m 644 rinetd .8 / usr/local/share/man/man8 [root@localhost rinetd] # make & & make install login and copy

In this way, rinetd is installed, and it is easy to specify the configuration file. It is generally placed in / etc/rinetd.conf to specify the configuration file using the-c parameter. Rinetd depends on the configuration file.

[root@localhost rinetd] # rinetd-- help Usage: rinetd [OPTION]-c,-- conf-file FILE read configuration from FILE-h,-- help display this help-v,-- version display version number Most options are controlled through the configuration file. See the rinetd (8) manpage for more information. Copy after login

For more parameter options, please see man rinetd not to explain too much here. Fast and efficient port forwarding can be achieved by using rinetd. To take a simple example, the intranets of 2 vlan:192.168.1.0/24 and 192.168.2.0 vlan in a layer 3 switch are interconnected, but no policy routing is done in 192.168.1.0 vlan 24. Only the internal network and 192.168.1.0 vlan 24 has a public network ip that maps the NAT port of the internal server, that is, the DZM area. While externally, it needs to access the relevant resources on a host inside 192.168.2.0 Universe 24, so port forwarding is required. Among the two CPUs, 192.168.2.22 and 192.168.1.240 are forwarded by rinetd. Just add a line of configuration to the / etc/rinetd.conf file on the host of 192.168.2.22:

0.0.0.0 80 192.168.1.240 80 # source_address source_port destination_address destination_port login and copy

Of course, the same is true for forwarding using iptables's nat table. The nat table is as follows:

* nat: PREROUTING ACCEPT [0:0]: POSTROUTING ACCEPT [3OUTPUT ACCEPT]-A PREROUTING-d 192.168.2.22 COMMIT 32-p tcp-m tcp-- dport 80-j DNAT-- to-destination 192.168.1.240l80-A POSTROUTING-d 192.168.1.240Log 32-p tcp-m tcp-- dport 80-j SNAT-- to-source 192.168.2.22 COMMIT login and copy

At the same time, the corresponding release should be made on the FORWARD chain on the filter table of iptables:

-A FORWARD-s 192.168.1.0 ACCEPT 24-j ACCEPT-A FORWARD-s 192.168.2.0 reject-with icmp-host-prohibited 24-j ACCEPT-A FORWARD-d 192.168.1.0 max 24-j ACCEPT-A FORWARD-d 192.168.2.0 REJECT 24-j ACCEPT-A FORWARD-j REJECT-- reject-with icmp-host-prohibited login replication

The two are equivalent, so we can see that rinetd's tools are very efficient in the actual production environment. Here are two things to note:

First, whether you use rinetd or iptables's nat table, you need to enable kernel ip address forwarding, that is, net.ipv4.ip_forward = 1

Second, open the corresponding port in the filter table. If you use the nat table of iptables to forward, you should also open the FORWARD chain to achieve forwarding.

Third, when using rinetd, the port is used to listen as a service, so it is a persistent connection. If a service such as ssh uses port forwarding, there will be a lot of residual processes on the service connected to the intranet after using port forwarding. Therefore, when using rinetd, it is generally used to realize port forwarding temporarily and quickly. If it is used for a long time or in some special scenarios, rinetd is still not as good as iptables.

This is the end of the article on "how to achieve Fast Port forwarding in rinetd in Linux system". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.