文章目录
下载软件
官网地址http://www.rinetd.com/
解压文件到服务器
unzip rinetd.zip
编译
make && make install
配置
vi /etc/rinetd.conf
可参考以下文件进行配置
Source Address | Source Port | Destination Address | Destination Port |
---|---|---|---|
源地址 | 源端口 | 目的地址 | 目的端口 |
# 例子: 将本机 8080 端口重定向至 112.11.11.11 的 8080 端口
0.0.0.0 8080 112.11.11.11 8080
启动端口转发
rinetd -c /etc/rinetd.conf
停止端口转发
pkill rinetd
设置开机自启动
将启动的命令追加到文件中
vi /etc/rc.local
检查服务是否正常运行
netstat -antup
帮助文档
rinetd: a user-mode port redirect utility
Description
Redirects TCP connections from one IP address and port to another. rinetd
is a single-process server which handles any number of connections to
the address/port pairs specified in the file /etc/rinetd.conf
.
Since rinetd runs as a single process using nonblocking I/O, it is
able to redirect a large number of connections without a severe
impact on the machine. This makes it practical to run TCP services
on machines inside an IP masquerading firewall. rinetd does not
redirect FTP, because FTP requires more than one socket.
rinetd is typically launched at boot time, using the following syntax:
/usr/sbin/rinetd
The configuration file is found in the file/etc/rinetd.conf
, unless
another file is specified using the -c
command line option.
Forwarding Rules
Most entries in the configuration file are forwarding rules. The
format of a forwarding rule is as follows:
bindaddress bindport connectaddress connectport
For example:
206.125.69.81 80 10.1.1.2 80
Would redirect all connections to port 80 of the “real” IP address
206.125.69.81, which could be a virtual interface, through
rinetd to port 80 of the address 10.1.1.2, which would typically
be a machine on the inside of a firewall which has no
direct routing to the outside world.
Although responding on individual interfaces rather than on all
interfaces is one of rinetd’s primary features, sometimes it is
preferable to respond on all IP addresses that belong to the server.
In this situation, the special IP address 0.0.0.0
can be used. For example:
0.0.0.0 23 10.1.1.2 23
Would redirect all connections to port 23, for all IP addresses
assigned to the server. This is the default behavior for most
other programs.
Service names can be specified instead of port numbers. On most systems,
service names are defined in the file /etc/services.
Both IP addresses and hostnames are accepted for
bindaddress and connectaddress.
Allow and Deny Rules
Configuration files can also contain allow and deny rules.
Allow rules which appear before the first forwarding rule are
applied globally: if at least one global allow rule exists,
and the address of a new connection does not
satisfy at least one of the global allow rules, that connection
is immediately rejected, regardless of any other rules.
Allow rules which appear after a specific forwarding rule apply
to that forwarding rule only. If at least one allow rule
exists for a particular forwarding rule, and the address of a new
connection does not satisfy at least one of the allow rules
for that forwarding rule, that connection is immediately
rejected, regardless of any other rules.
Deny rules which appear before the first forwarding rule are
applied globally: if the address of a new connection satisfies
any of the global allow rules, that connection
is immediately rejected, regardless of any other rules.
Deny rules which appear after a specific forwarding rule apply
to that forwarding rule only. If the address of a new
connection satisfies any of the deny rules for that forwarding rule,
that connection is immediately rejected, regardless of any other rules.
The format of an allow rule is as follows:
allow pattern
Patterns can contain the following characters: 0, 1, 2, 3, 4, 5,
6, 7, 8, 9, . (period), ?, and *. The ? wildcard matches any one
character. The * wildcard matches any number of characters, including
zero.
For example:
allow 206.125.69.*
This allow rule matches all IP addresses in the 206.125.69 class C domain.
Host names are NOT permitted in allow and deny rules. The performance
cost of looking up IP addresses to find their corresponding names
is prohibitive. Since rinetd is a single process server, all other
connections would be forced to pause during the address lookup.
Logging
rinetd is able to produce a log file in either of two formats:
tab-delimited and web server-style “common log format.”
By default, rinetd does not produce a log file. To activate logging, add
the following line to the configuration file:
logfile log-file-location
Example:
logfile /var/log/rinetd.log
By default, rinetd logs in a simple tab-delimited format containing
the following information:
Date and time
Client address
Listening host
Listening port
Forwarded-to host
Forwarded-to port
Bytes received from client
Bytes sent to client
Result message
To activate web server-style “common log format” logging,
add the following line to the configuration file:
logcommon
Command line options
The -c command line option is used to specify an alternate
configuration file.
The -h command line option produces a short help message.
The -v command line option displays the version number.
Reinitializing rinetd
The kill -1 signal (SIGHUP) can be used to cause rinetd
to reload its configuration file without interrupting existing
connections. Under Linux(tm) the process id
is saved in the file /var/run/rinetd.pid
to facilitate the kill -HUP. An alternate
file name can be provided by using the pidlogfile
configuration file option.
Bugs
The server redirected to is not able to identify the host the
client really came from. This cannot be corrected; however,
the log produced by rinetd provides a way to obtain this
information. Under Unix, sockets would theoretically lose data when closed
with SO_LINGER
turned off, but in Linux this is not the case
(kernel source comments support this belief on my part). On non-Linux Unix
platforms, alternate code which uses a different trick to work around
blocking close()
is provided, but this code is untested.
The logging is inadequate. The duration of the connection should be logged.
License
Copyright (c) 1997-2019 Thomas Boutell.
This software is released for free use under the terms of
the GNU General Public License, version 2 or higher.
Thanks
Thanks are due to Bill Davidsen, Libor Pechachek, Sascha Ziemann,
Joel S. Noble, the Apache Group, and many others who have contributed
advice, encouragement and/or source code to this and other open
software projects.
若文章对你有帮助,可以点赞或打赏支持我们。发布者:AaronYang,转载请注明出处:http://61.174.243.28:13541/AY-knowledg-hub/%e4%bd%bf%e7%94%a8rinetd%e5%af%b9%e6%9c%8d%e5%8a%a1%e5%99%a8%e8%bf%9b%e8%a1%8c%e7%ab%af%e5%8f%a3%e8%bd%ac%e5%8f%91/