通常服务器有很多网卡,所以也可能连接到不同的网络。在孤立的网络中,某些服务可能需要通信。这时候可以配置服务器承担转发数据包的功能。一、Windows下实现端口映射1、查询端口映射状态netshinterfaceportproxyshowv4tov42。查询某个IP的所有端口映射状态netshinterfaceportproxyshowv4tov4|查找“[IP]”示例:netshinterfaceportproxyshowv4tov4|找到“192.168.1.1”3。添加端口映射netshinterfaceportproxyaddv4tov4listenaddress=[外网IP]listenport=[外网端口]connectaddress=[内网IP]connectport=[内网端口]示例:netshinterfaceportproxyaddv4tov4listenaddress=2.2.2.2listenport=8080连接地址=192.168.1.50连接端口=804。删除一个端口映射netshinterfaceportproxydeletev4tov4listenaddress=[外网IP]listenport=[外网端口]例子:netshinterfaceportproxydeletev4tov4listen2address=.2.2listenport=80802.Linux下实现端口映射1.允许数据包转发echo1>/proc/sys/net/ipv4/ip_forwardiptables-tnat-APOSTROUTING-jMASQUERADEiptables-AFORWARD-i[内网网卡名]-jACCEPTiptables-tnat-APOSTROUTING-s[内网网段]-o[外部网卡名称]-jMASQUERADE例子:echo1>/proc/sys/net/ipv4/ip_forwardiptables-tnat-APOSTROUTING-jMASQUERADEiptables-AFORWARD-iens33-jACCEPTiptables-tnat-APOSTROUTING-s192.168.50.0/24-oens37-jMASQUERADE2。设置端口映射iptables-tnat-APREROUTING-ptcp-mtcp--dport[外网端口]-jDNAT--to-destination[内网地址]:[内网端口]例子:iptables-tnat-APREROUTING-ptcp-mtcp--dport6080-jDNAT--to-destination10.0.0.100:6090实验:服务映射要在内网部署去外网实验环境VMWareWorkstationPro5套centos7虚拟机用最小安装。服务器4;Server4是一台双网卡主机,分别连接192.168.50.0/24和172.16.2.0/24两个网络。配置实验环境1.在Server1、2、3上搭建HTTP服务使用Python在Server1上搭建一个简单的HTTP服务cd~echo"server1">index.htmlpython-mSimpleHTTPServer8080Server2,Server3同理对照实验访问Server1上客户端资源curlhttp://192.168.50.11:8080/index.html客户端访问Server2的资源curlhttp://192.168.50.12:8080/index.html客户端访问Server3的资源curlhttp://172.16.2.11:8080/index.html可见,外网客户端无法访问内网Server1和Server2的资源。Server4上配置端口映射临时配置#Allowpacketforwardingecho1>/proc/sys/net/ipv4/ip_forwardiptables-tnat-APOSTROUTING-jMASQUERADEiptables-AFORWARD-iens33-jACCEPTiptables-tnat-APOSTROUTING-s192.168.50.0/24-oens37-jMASQUERADE#设置端口映射iptables-tnat-APREROUTING-ptcp-mtcp--dport8081-jDNAT--to-destination192.168.50.11:8080iptables-tnat-APREROUTING-ptcp-mtcp--dport8082-jDNAT--to-destination192.168.50.12:8080永久配置如果需要永久配置,将上述命令附加到/etc/rc.local文件。查看效果在客户端访问Server1的资源curlhttp://172.16.2.100:8081/index.html在客户端访问Server2的资源curlhttp://172.16.2.100:8082/index.html访问资源客户端Server3的资源curlhttp://172.16.2.11:8080/index.html如果Server4是Windows,替换相应命令配置查看端口映射netshinterfaceportproxyaddv4tov4listenaddress=172.16.2.105listenport=8081connectaddress=192.168。50.11ConnectPort=8080NETSH接口portProxyaddv4tov4listaDdress=172.16.2.105linterport=8082connectAddress=192.168.50.50.12connectport=8080netnetshinterfaceportProxyshowv4tov4showv4tov4//172.16.2.105:8082/index.htmlcurlhttp://172.16.2.11:8080/index.html链接:https://www.cnblogs.com/conne...
