Home > Article > Operation and Maintenance > How to forward port in linux
How to forward port in linux
- WBOYOriginal
- 2022-01-27 14:02:1912830browse
Method: 1. Use SSH port forwarding; 2. Use iptables port forwarding; 3. Use firewall port forwarding; 4. Use rinetd port forwarding; 5. Use ncat port forwarding; 6. Use socat port forwarding; 7. Use portmap port forwarding; 8. Use portfwd port forwarding, etc.
#The operating environment of this tutorial: linux7.3 system, Dell G3 computer.
How to port forward in Linux
1. SSH port forwarding
SSH provides a very interesting function, which is port forwarding, which can forward other Network data on the TCP port is forwarded through the SSH link, and corresponding encryption and decryption services are automatically provided.
(1) Local port forwarding
ssh -fgN -L 2222:localhost:22 localhost
(2) Remote port forwarding
ssh -fgN -R 2222:host1:22 localhost
(3) Dynamic forwarding
ssh -fgN -D 12345 root@host1
2. iptables Port forwarding.
CentOS 7.0 and below uses iptables, which can be used to forward data packets
(1) Turn on the data forwarding function
vi /etc/sysctl.conf #增加一行 net.ipv4.ip_forward=1 //使数据转发功能生效 sysctl -p
(2 )Forward the local port to the local port
iptables -t nat -A PREROUTING -p tcp --dport 2222 -j REDIRECT --to-port 22
(3)Forward the local port to other machines
iptables -t nat -A PREROUTING -d 192.168.172.130 -p tcp --dport 8000 -j DNAT --to-destination 192.168.172.131:80 iptables -t nat -A POSTROUTING -d 192.168.172.131 -p tcp --dport 80 -j SNAT --to 192.168.172.130 #清空nat表的所有链 iptables -t nat -F PREROUTING
3. Firewall port forwarding
CentOS 7.0 and above use firewall, which implements port forwarding through command line configuration.
(1) Enable masquerading IP
firewall-cmd --permanent --add-masquerade
(2) Configure port forwarding to forward access to port 12345 of the local machine to port 22 of another server.
firewall-cmd --permanent --add-forward-port=port=12345:proto=tcp:toaddr=192.168.172.131:toport=22
(3) Reload to make it invalid
firewall-cmd --reload
4. rinetd port forwarding
rinetd is a lightweight TCP forwarding tool , simple configuration can realize port mapping/forwarding/redirection.
(1) Source code download
wget https://li.nux.ro/download/nux/misc/el7/x86_64/rinetd-0.62-9.el7.nux.x86_64.rpm
(2) Install rinetd
rpm -ivh rinetd-0.62-9.el7.nux.x86_64.rpm
(3) Edit configuration file
vi rinetd.conf
0.0.0.0 1234 127.0.0.1 22(4) Start forwarding
rinetd -c /etc/rinetd.conf
5. ncat port forwarding
netcat (nc for short) is known as the "Swiss Army Knife" in the network security industry. It is a simple and useful tool. Here is an introduction How to use netcat to implement port forwarding.
(1) Install ncat
yum install nmap-ncat -y
(2) Listen to the local port 9876 and forward the data to port 80 of 192.168.172.131
ncat --sh-exec "ncat 192.168.172.131 80" -l 9876 --keep-open
6. socat Port forwarding
socat is a multifunctional network tool that uses socat for port forwarding.
(1) socat installation
yum install -y socat
(2) Listen to port 12345 locally and forward the request to port 22 of 192.168.172.131.
socat TCP4-LISTEN:12345,reuseaddr,fork TCP4:192.168.172.131:22
7. portmap port forwarding
Linux version of lcx, intranet port forwarding tool.
(1) Download address: http://www.vuln.cn/wp-content/uploads/2016/06/lcx_vuln.cn_.zip
(2) Listen to local port 1234 , forwarded to port 22 of 192.168.172.131
/portmap -m 1 -p1 1234 -h2 192.168.172.131 -p2 22
8. portfwd port forwarding
portfwd is a built-in function in meterpreter, and also provides a stand-alone version for TCP /UDP port forwarding service
Github project address: https://github.com/rssnsj/portfwd
(1) Download and compile
git clone https://github .com/rssnsj/portfwd.git
cd portfwd/src
make
(2) Forward the local 12345 port to 192.168.172.131:22
./tcpfwd 0.0.0.0:12345 192.168.172.131:22
9. NATBypass port forwarding
An implementation of lcx (htran) under golang
Gihub project address: https://github.com/cw1997 /NATBypass
The internal network host actively connects to the external network host to open the tunnel:
Execute on the target machine: nb -slave 127.0.0.1:3389 Public IP: 51
Execute on the public network machine: nb -listen 51 3340
Connect to 127.0.0.1:3340 on the public network host to connect to the 3389 port of the intranet machine.
Related recommendations: "Linux Video Tutorial"
The above is the detailed content of How to forward port in linux. For more information, please follow other related articles on the PHP Chinese website!