捕获和重定向从给定 ip:port 到目标 ip:port 的传出流量 [英] Capturing and redirecting outgoing traffic from given ip:port to target ip:port
问题描述
在 Windows 7 上,我有一个 SSH 隧道在我需要访问的本地 127.0.0.1:34567 地址上运行,以便我可以访问 12.34.56.78:8080SSH 代理的帮助,因为我无法直接访问该 IP(由于不在白名单中).
On Windows 7 I have an SSH tunnel running on my local 127.0.0.1:34567 address that I need to access so I can access 12.34.56.78:8080 with the help of SSH proxying for me as I cannot access that IP directly (due to not being on the whitelist).
因此,我的基本简单目标是,在 Windows 上,每当我从任何地方(例如我的浏览器)请求 12.34.56.78:8080 时,我都希望请求被转移到 127.0.0.1:34567 透明,如果可能的话,我想要一个软件解决方案而不是硬件解决方案.我认为这是在 Linux 中通常通过称为 iptables 的东西实现的,但我正在寻找可以在 Windows 上使用的东西.
My basic simple goal therefore is that on Windows whenever I request 12.34.56.78:8080 from anywhere (my browser for instance), I would like the request to instead be diverted to 127.0.0.1:34567 transparently, and I would like a software solution to this instead of a hardware one if possible. I think this is what's usually achieved in Linux by something called iptables, but I'm looking for something I can use on windows.
有谁知道这是怎么可能的?如果我需要为此使用任何外部 Windows 程序,那很好,但我更喜欢它是免费的.
Does anyone know how this is possible? If I need to use any external Windows program for this, that is fine, but I prefer it to be free.
请不要向我展示反向隧道解决方案.我的目标是请求与我被阻止的相同 ip:port,但能够通过我现有的 SSH 隧道成功访问该 ip:port.反向隧道涉及请求一个不同的 ip:port,这不是我想要的(如果我想向不同的 ip:port 发出请求,我已经有了一个可以使用的正向隧道).
please do not present me with reverse tunnel solutions. My goal is to request the same ip:port that I'm blocked from, but to be able to get to that ip:port successfully through the means of my existing SSH tunnel. Reverse tunnels involve requesting a different ip:port which is not what I'm looking for (I already have a forward tunnel I can use if I wanted to make requests to a different ip:port).
示例场景: 假设您有一个 C 编译的 .exe 文件,您无法访问该文件的源代码已硬编码以请求 12.34.56.78:8000 用于 SOAP 网络服务.问题是,您的 IP 被该 ip:port 阻止,但您确实可以访问未被 210.212.239.117:8080 阻止的 SSH 服务器,并且还为该 SSH 服务器访问该 ip:port...但您的 .exe 具有原始 ip:port 硬编码,因此您不能只是告诉它请求 SSH 隧道 ip:port,因为它是无法以任何方式更改要请求的 ip:port,因为它是硬编码的!您必须将计算机上对 210.212.239.117:8080 的请求以某种方式转移到操作系统级别的 SSH 隧道.那么你将如何完成它?
Example scenario: Pretend that you have an C-compiled .exe file whose source code you don't have access to that is hardcoded to request 12.34.56.78:8000 for SOAP webservices. The problem is, your IP is blocked from that ip:port, but you do have access to an SSH server which isn't blocked by 210.212.239.117:8080 and also have an SSH tunnel set up for that SSH server to access that ip:port... but your .exe has the original ip:port hardcoded, so you can't just tell it to request the SSH tunnel ip:port, as it's not possible to change the ip:port to be requested in any way due to it being hardcoded! You would have to have the request to 210.212.239.117:8080 on your computer somehow diverted to your SSH tunnel on the OS level. So how would you get that done?
编辑 2: 我也没有在寻找路由表(我认为).我不想修改我的请求到达目标 ip:port 的路由;我实际上想让请求的 ip 和端口自己默默地改变.我有点想实现类似 hosts 文件的功能,除了将主机名解析为 ips,我希望 ip:ports 重新解析为不同的 ip:ports.
EDIT 2: I'm not looking for routing tables either (I think). I don't want to modify the route my request goes through to reach target ip:port; I actually want to have the requested ip and port themselves silently changed. I kind of want to achieve something like the hosts file, except instead of resolving hostnames to ips, I want ip:ports to be reresolved to different ip:ports.
赏金: 抱歉,我的这个 stackoverflow 问题似乎算作 Offtopic 并且不符合提供赏金的资格,因此对于那些投入额外工作并可能获得赏金的人,我深表歉意!
Bounty: Sorry, it appears this stackoverflow question of mine counts as Offtopic and isn't eligable for offering a bounty, so sorry to anyone who put in extra work and would have potentially received the bounty!
推荐答案
我还没有找到现成的可执行文件,但是 WFPSampler 似乎很有希望.它使用新的 Windows 过滤平台 API(自 Windows Vista 起可用)来处理数据包.
I haven't found a ready executable, but WFPSampler seems to be promising. It uses the new Windows Filtering Platform API (available since Windows Vista) to manipulate packets.
要使用它来重定向传出数据包,请查看 问答部分,有很多例子.
To use it for redirecting outgoing packets, give a look at Q&A section, there are many examples.
这篇关于捕获和重定向从给定 ip:port 到目标 ip:port 的传出流量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
