Several common methods of port forwarding in Linux

0x00 background

Port forwarding is a common feature that needs to be used both in server operations and in the field of infiltration. In the recent encounter a problem is that a service port can not be configured, but because of the export hardware firewall, in order not to modify the hardware firewall policy, so only local port forwarding. So try and look for some of the following methods.

0x01 iptables and Firewall

• Iptables

Iptables was the first method I thought of, but it was the last one to try, because I was not familiar with Iptables.

1. Turn on the IP forwarding function.

The IP forwarding feature of Linux is turned off by default, and IP forwarding must be turned off in accordance with many security hardening policies and security baselines, so IP forwarding needs to be turned on first. For long-term use, it is written to the Sysctl configuration file.

Echo 1 >/proc/sys/net/ipv4/ip_forwardsysctl-w/etc/sysctl.conf

2, configuration iptables, in the perrouting chain to do Dnat. For long-term use, care should be taken to save the configuration.

Iptables-t nat-a perouting-p tcp-i eth0--dport 22222-j DNAT--to x.x.x.x:22service iptables Save

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/88/63/wKioL1f1FnCiYRPyAABGq9RpkuY713.jpg "title=" QQ pinyin unnamed. jpg "alt=" wkiol1f1fnciyrpyaabgq9rpkuy713.jpg "/>

Remote port forwarding can also be referred to here:

Http://www.jb51.net/LINUXjishu/401922.html

• Firewall

Firewall is the replacement iptables service on CentOS 7. It is slightly simpler to use than the iptables, and can be implemented directly using firewall port forwarding. Firewall I am not familiar with, reference to http://www.centoscn.com/CentOS/Intermediate/2015/0313/4879.html

1, open port forwarding function

Firewall-cmd--zone=public--add-forward-port=port=22222:proto=tcp:toport=22

Without adding TOADDR, the default is to forward to your own IP.

If long-term use is required, add--permanent to the permanent rule.

0x02 rinetd Port Mapping Forwarding tool

1. Download and unzip rinetd

Wget

2, Installation rinetd

Makemake Install

The installation process may encounter an issue where the man directory does not exist and can be created manually to complete the installation.

3. Create/etc/rinetd.conf and write forwarding rules

The rule format in the configuration file is:

[Source Address] [Source Port] [Destination Address] [Destination Port]

Source address source port destination Address destination port

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/88/63/wKioL1f1G2bQB1YWAAAXQw6IDt0601.jpg "title=" QQ pinyin unnamed. jpg "alt=" wkiol1f1g2bqb1ywaaaxqw6idt0601.jpg "/>

The command to use iptables is more straightforward. However, when writing rules, it is important to note that the source port cannot be consumed by other services and also needs to be opened on iptables.

4. Running RINETD

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/88/67/wKiom1f1HHChEz6EAAB51qoRUuc577.jpg "title=" QQ pinyin unnamed. jpg "alt=" wkiom1f1hhchez6eaab51qoruuc577.jpg "/>

After running, you can see that the rinetd has already bound the specified port.

If long-term use is required, write the command to boot.

More rinetd references: https://boutell.com/rinetd/and http://blog.csdn.net/paulluo0739/article/details/7023711

0X03 LCX Port forwarding

LCX is a frequently used tool in infiltration and is easy to use. But generally used for windows, because there is no shell version of the LCX, compile, installation and other links are more troublesome, so relatively rare. Therefore, although LCX is my first thought of the implementation method, but it is the most troublesome to achieve.

1, find the code on the Internet see attachment

Sources and references: http://www.oldrss.com/article/hacker-00205.html

2. GCC compilation

GCC Lcx.c-o lcx

centos6.x & CentOS 7.0 test can be compiled successfully.

3. Running LCX

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/88/69/wKiom1f18xajaMuDAACXooGOD74723.jpg "title=" QQ pinyin unnamed. jpg "alt=" wkiom1f18xajamudaacxoogod74723.jpg "/>

The use of the method is relatively simple, according to the prompt to run.

Lcx-m 1-h1 0.0.0.0-p1 22222-h2 127.0.0.1-p2 22-log/tmp/lcx.log

If the service is more connected, it is recommended that you do not log because all data transferred is recorded in the log, which can take up a lot of space and may also affect the transmission.

If long-term use is required, set the boot up and place it in the background.

0X04 Summary

On the whole, iptables and firewall are the simplest solutions, without the need to install any programs and services that come with the system. RINETD and LCX are also restricted by iptables and firewall, and must be opened on the port.

Several common methods of port forwarding in Linux