Of Stack

Linux port map forwarding method

  • 2020-10-07 18:58:11
  • OfStack

preface

When we were docking with the third party, it was inevitable that we would encounter the whitelisting problem, which led to the limitation of our local development environment and the inability to call the interface. It is difficult to complete the entire business process.

Analyze the following scenario:

For example, the third party has a machine IP with port 8080 of 1.1.1.1

The official environment is 1.1.1.1:8080 /pro/api

The test environment was 1.1.1.1:8080 /test/api

However, the third party machine does not allow any IP to be called, they only allow you to add one machine to the whitelist

For example, IP, one of your online machines, is 2.2.2.2 and has been added to the whitelist, which is no problem.

However, if you want to do development, you need to call their test environment API, but you can't call it, and you can't write code debugging on 2.2.2.2.

The solution

The springboard service

If you can't call 1.1.1.1 directly, let 2.2.2.2 write a service as a springboard, that is, send our request to 2.2.2.2, and then send the request to 1.1.1.1 unchanged after 2.2.2.2

Nginx forward

This will be much easier than the springboard service. Just turn on nginx in 2.2.2.2 


listen    8080;
location /test/api/{
  proxy_pass 1.1.1.1:8080;
}

Port mapping

Whether it's the springboard service or nginx forwarding we have a lot more to do. So we have to think of another way. It is 2.2.2.2 whether this machine can help me forward, just as an intermediary. I asked for 2.2.2.2:8080. In fact, I asked for 1.1.1.1:8080. That is, port mapping. The above two schemes are only for http. What about some other protocol like sftp? ftp. This is the only solution that can do it.

vi /etc/ sysctl.conf enables port forwarding. net. ipv4. ip_forward = 1 (CentOS7 in/usr lib/sysctl d / 50 - default conf extra) iptables-t ES77en-ES78en ES81en-ES82en 2.2.2.2 --dport 8080-ES84en DNAT 1.1.1.1:8080 forwarding request iptables-nat-A 1.1.1.1 --sport 8080-ES98en -- ES99en-ES100en 2.2.2.2:8080 forward and receive

2.2.2.2 Forward 8080 to 1.1.1.1:8080 (other quotations Baidu, can also achieve local machine port forwarding)

service iptables save Save the Settings Restart the firewall

conclusion

Anyway, learn more about Linux, and sometimes you can use Linux knowledge to solve business problems.

Related articles: