These two days and colleagues to discuss the issue of the time to know a very useful NAT tool-RINETD, it is implemented by c a short, practical NTA forwarding tool, its official website is in: http://www.boutell.com/rinetd/
[Email protected] src]# wget http://www.boutell.com/rinetd/http/rinetd.tar.gz [[email protected] src]# TAR-ZXVF rinetd . tar.gz [[email protected] src]# CD rinetd [[email protected] rinetd]# vim makefile# modified Makefile cflags=-dlinux-grinetd:r INETD.O match.o gcc rinetd.o match.o-o rinetdinstall:rinetd install-m-Rinetd/usr/sbin Install -M 644 RINETD.8/USR/LOCAL/SHARE/MAN/MAN8 [[email protected] rinetd]# make && make install
So rinetd installed, and it is very simple to specify a configuration file, typically placed in/etc/rinetd.conf using the-c parameter to specify the configuration file, rinetd is dependent on the configuration file work
[[email protected] rinetd]# rinetd --helpusage: rinetd [option] -c, --conf-file file read configuration from FILE -h, --help display this help -v, --version display version numberMost options are controlled THROUGH THECONFIGURATION FILE. SEE THE RINETD (8) manpage for more Information.
More parameter options can be see man rinetd here do not do too much explanation, the use of rinetd can achieve fast and efficient port forwarding, to give a simple example, in the three layer switch 2 vlan:192.168.1.0/24, 192.168.2.0/ 24, 2 VLAN inter-network is interoperability but 192.168.1.0/24 did not do any of the policy route, only the intranet and 192.168.1.0/24 outside there is a public network IP to do the internal server NAT port mapping, that is, the DZM zone, The external need to access the internal 192.168.2.0/24 on a host of related resources, at this time need to do the appropriate port forwarding, The 192.168.2.22 and 192.168.1.240,2 hosts in the 2 VLANs are forwarded using RINETD to add a line of configuration to the/etc/rinetd.conf file on the 192.168.2.22 host:
0.0.0.0 192.168.1.240 80#source_address source_port destination_address destination_port
Of course, the same is true with iptables NAT table forwarding, the NAT table is as follows:
*nat:prerouting Accept [0:0]:P ostrouting Accept [3:226]:output Accept [3:226]-a prerouting-d 192.168.2.22/32-p tcp-m TC P--dport 80-j DNAT--to-destination 192.168.1.240:80-a postrouting-d 192.168.1.240/32-p tcp-m tcp--dport 80-j SNAT --to-source 192.168.2.22 COMMIT
The two are equivalent, so visible rinetd tools in the actual production environment is very efficient, here to pay attention to two points: first, whether the use of rinetd or iptables NAT table all need to turn on the core IP address forwarding function, that is NET.IPV4.IP_ forward = 1; the other is to open the corresponding port in the filter table, if it is to use iptables NAT table to forward also open the forward chain for forwarding
This article from "Technical essay" blog, declined reprint!
Fast port forwarding tool in Linux-rinetd