Linux 或Windows 上實現端口映射

Linux 或Windows 上實現端口映射

Linux 或Windows 上實現端口映射(網路 PORT轉發/轉PORT)


資料來源: https://mp.weixin.qq.com/s/nYag2lD-dgleVHbSjQ5dyQ


GITHUB:https://github.com/jash-git/Jash-good-idea-20201029-001



一、Windows下實現端口映射

1. 查詢端口映射情況

netsh interface portproxy show v4tov4


2. 查詢某一個IP的所有端口映射情況

netsh interface portproxy show v4tov4 | find "[IP]"
例:
netsh interface portproxy show v4tov4 | find "192.168.1.1"


3. 增加一個端口映射

netsh interface portproxy add v4tov4 listenaddress=[外网IP] listenport=[外网端口] connectaddress=[内网IP] connectport=[内网端口]
例:
netsh interface portproxy add v4tov4 listenaddress=2.2.2.2 listenport=8080 connectaddress=192.168.1.50 connectport=80


4. 刪除一個端口映射

netsh interface portproxy delete v4tov4 listenaddress=[外网IP] listenport=[外网端口]
例:
netsh interface portproxy delete v4tov4 listenaddress=2.2.2.2 listenport=8080





二、Linux下端口映射

1. 允許數據包轉發

echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -A FORWARD -i [内网网卡名称] -j ACCEPT
iptables -t nat -A POSTROUTING -s [内网网段] -o [外网网卡名称] -j MASQUERADE

例:
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -A FORWARD -i ens33 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -o ens37 -j MASQUERADE


2. 設置端口映射

iptables -t nat -A PREROUTING -p tcp -m tcp --dport [外网端口] -j DNAT --to-destination [内网地址]:[内网端口]
例:
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 6080 -j DNAT --to-destination 10.0.0.100:6090

實驗:將部署在內網的服務映射到外網(查看原文)


原文PDF


發表迴響

你的電子郵件位址並不會被公開。 必要欄位標記為 *