如何端口转发

  • iptable
  • rinetd
  • socat

假设有个第三方服务端(server)/客服端(client),它们只支持本地(127.0.0.1:10011)连接。通过socat就可以实现物理上的分离,如下所示:

BEFORE
======

IP:x.x.x.x
+--------+
| server |
|   |    |
| client |
+--------+

AFTER
=====

IP:x.x.x.x       IP:y.y.y.y
+--------+       +--------+
| server |   +---|---+    |
|   |    |   |   |   |    |
|   +----|---+   | client |
+--------+       +--------+

暴露本地端口:

[Unit]
Description=Socat Service
Documentation=man:socat(1)

[Service]
User=nobody
Group=nobody
ExecStart=/usr/bin/socat -d -d tcp4-l:10011,bind=x.x.x.x,fork,reuseaddr tcp4:127.0.0.1:10011
Restart=on-success

[Install]
WantedBy=multi-user.target

代理远程端口:

[Unit]
Description=Socat Service
Documentation=man:socat(1)

[Service]
User=nobody
Group=nogroup
ExecStart=/usr/bin/socat -d -d tcp4-l:10011,fork,reuseaddr tcp4:x.x.x.x:10011
Restart=on-success

[Install]
WantedBy=multi-user.target