Rog*_*ach 22 linux port-forwarding
考虑以下情况:
在我家里,我有一个路由器(连接到互联网)、服务器(S)和我的主机(M)。S 可从 Internet 访问(它具有静态 IP),并且 24/7 全天候运行,而 M 则不然。
有时,我想让一些应用程序(它侦听 M 上的某个端口,例如 8888)可以从外部 Internet 访问。
为此,我想在 S (2222) 上设置一些端口以转发到 M 的端口 8888,以便任何访问 S:2222 的人都感觉他正在访问 M:8888。
我尝试使用 ssh 端口转发,我最好的尝试如下:
ssh -L 2222:M:8888 -N M
但这仅允许我从服务器本身访问 2222 端口,而不能从其他机器访问。
Is there some way to do it properly? Preferably, I'd like it to be a simple command, which I would be able to start and shut down with ^C when I don't need that forwarding anymore.
ger*_*ijk 16
Yes, this is called GatewayPorts in SSH. An excerpt from ssh_config(5):
GatewayPorts
Specifies whether remote hosts are allowed to connect to local
forwarded ports. By default, ssh(1) binds local port forwardings
to the loopback address. This prevents other remote hosts from
connecting to forwarded ports. GatewayPorts can be used to spec?
ify that ssh should bind local port forwardings to the wildcard
address, thus allowing remote hosts to connect to forwarded
ports. The argument must be “yes” or “no”. The default is “no”.
And you can use localhost instead of M in the forwarding, as you're forwarding to the same machine as you're SSH-ing to -- if I understand your question correctly.
So, the command will become this:
ssh -L 2222:localhost:8888 -N -o GatewayPorts=yes hostname-of-M
and will look like this in netstat -nltp:
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 5113/ssh
Now anyone accessing this machine at port 2222 TCP will actually talk to localhost:8888 as seen in machine M. Note that this is not the same as plain forwarding to port 8888 of M.
小智 12
还有另一种方法。您可以使用 iptables 设置从 S:2222 到 W:8888 的端口转发。单个命令:
iptables -t nat -A PREROUTING -p tcp --dport 2222 \
-j DNAT --to-destination 1.2.3.4:8888
其中 1.2.3.4 是 M 的 IP 地址。它被称为 NAT(网络地址转换)。
更多选择:(netcat传统)或socat
在服务器 (S) 上:
socat tcp-listen:2222,reuseaddr,fork tcp:M:8888
或者
nc -l -p 2222 -c 'nc M 8888'
详细信息参见: 创建从一个本地端口到另一个本地端口的隧道的简单方法?
| 归档时间: |
|
| 查看次数: |
82898 次 |
| 最近记录: |