外网 内网
——–>[nodes]——> (nodes上的部分服务仅仅绑定了内网端口)
- 采用Iptables方式
对于监听在127.0.0.1的未必能行,待商榷
[source language=”shell”]
# echo 1 > /proc/sys/net/ipv4/ip_forward
# iptables -t nat -A PREROUTING -p tcp -d 外网ip –dport 80 -j DNAT –to-destination :8080
# iptables -t nat -A POSTROUTING -p tcp -s 内网ip –sport 8080 -j SNAT –to-source :80[/source]
- ssh端口转发模式
http://my.oschina.net/guol/blog/115235 - netcat(http://linux.die.net/man/1/nc)
[source language=”shell”]
# yum install nmap-ncat
# nc -l 29000|nc 10.47.107.248 27000
[/source] - socat (http://www.dest-unreach.org/socat/doc/socat.html#EXAMPLES)
[source language=”shell”]
#wget http://www.dest-unreach.org/socat/download/socat-1.7.3.0.tar.gz
# tar xzvf socat-1.7.3.0.tar.gz
# cd socat-1.7.3.0 && ./configure && make && make install
#socat TCP4-LISTEN:www TCP4:www.domain.org:www
[/source]
PortForwarding: https://en.wikipedia.org/wiki/Port_forwarding
http://www.cyberciti.biz/faq/linux-port-redirection-with-iptables/
https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding