将本地端口从 Raspbian 路由到另一台机器(端口隧道) [英] Route local port from Raspbian to another machine (port tunneling)
问题描述
我想将带有 Raspbian 的 Raspberry 端口 5555 上的传入 tcp 流量路由到同一本地网络中的另一台机器和端口,并使其持久重启.
I want to route incoming tcp traffic on port 5555 on a Raspberry with Raspbian to another machine and port within the same local network, and make it persistent to reboots.
目标是,如果我在 localhost 上访问 5555 上的服务,它将在远程计算机上加载不同的端口.最终目标是将端口 53 (DNS) 转发到另一台机器(非 53 端口),但与此同时,我正在使用 http: https://localhost:5555 进行测试,它应该加载https://192.168.250.250:9999 其中 192.168.250.250 是我本地网络中的远程机器(所有本地网络均可访问,ping 192.168.250.250 有效).
The objective is that if I access the service on 5555 on localhost, it will load a different port on the remote machine. The ultimate goal is to forward port 53 (DNS) into another machine (non-53 port), but in the meantime, I am testing with http: https://localhost:5555, it should load https://192.168.250.250:9999 where 192.168.250.250 is a remote machine within my local network (accessible to all local network, ping 192.168.250.250 works).
有很多关于此类网络的资源.大多数依赖于路由器上的 IP 转发,这在我的情况下不起作用,因为我试图在我的 localhost 中直接访问机器的主机内重定向端口.其他的,对于端口隧道,都使用以下方法:
There's a lot of resources on networking like this. Most rely on IP Forwarding on the router, which won't work in my case as I am trying to redirect ports within hosts in my localhost accessing the machines directly. The others, for port tunnelling, all use the methods below:
sudo iptables -t nat -A PREROUTING -p tcp --sport 5555 -j DNAT --to-destination 192.168.250.250 --dport 9999
这没有用.我尝试了一些变体,包括:
This didn't work. I tried a few variations, including:
sudo iptables -t nat -A PREROUTING -p tcp --sport 5555 -j DNAT --to-destination 192.168.250.250:9999
尽管规则已注册,但这不起作用:
This didn't work, despite the rule getting registered:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp spt:5555 dpt:9999 to:192.168.250.250
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
我还安装了 iptables-persistent 以使其持久化,但它首先不会重定向.
I have also installed iptables-persistent to make it persistent, but it just doesn't redirect in the first place.
我还尝试了该命令的变体,因为我认为我可能误解了来源"端口作为目的地:
I have also tried a variant of the command since I think I may have misunderstood the "source" port as being the destination:
sudo iptables -t nat -A PREROUTING -p tcp -j DNAT --to-destination 192.168.250.250:9999 --dport 5555
在任何这些更改之后,我总是运行:
After any of these changes, I always run:
sudo dpkg-reconfigure iptables-persistent
sudo netfilter-persistent save
sudo netfilter-persistent restart
确保规则永久适用.我还尝试过本教程 在重启时加载配置.尽管如此,再一次,这只是没有向前推进,它的永久方面在现阶段尚不清楚且次要.
To make sure the rules are permanently applied. I have also tried this tutorial to load the configuration on reboot. Nonetheless, again, this just doesn't forward, the permanent side of it is unclear and secondary at this stage.
socat tcp-listen:5555,reuseaddr,fork tcp:192.168.250.250:9999
这很好用.然而,它不是持久的.一旦我 cntrl+c 终端,它就会停止重定向.
This works fine. However, it's not persistent. As soon as I cntrl+c the terminal, it stops redirecting.
sudo nc -l -p 5555 -c 'nc 192.168.250.250 9999'和sudo nc -l -p 5555 192.168.250.250 9999
都不起作用.第一个抛出错误(-c 不存在).后者什么都不做.
Neither work. The first one throws errors (-c not existing). The latter doesn't do anything.
推荐答案
up tables 解决方案应该有效.但是,您必须检查您的 ipv4 转发并启用它(大多数 linux 发行版会将其设为未启用/允许),这很可能是您的问题.
The up tables solution should work. However, you must check your ipv4 forwarding and enable it (most linux distros will have this as not enabled/allowed) and this is likely to be your problem.
检查这个
$ cat /proc/sys/net/ipv4/ip_forward
0
0 表示不允许 ip_forwarding,内核不会执行.
0 means ip_forwarding is not allowed and the kernel will not perform it.
要么做
$ echo 1> /proc/sys/net/ipv4/ip_forward
或使用 sysctl
$ sysctl -w net.ipv4.ip_forward = 1
这篇关于将本地端口从 Raspbian 路由到另一台机器(端口隧道)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
