Linux port map forwarding method
- 2020-10-07 18:58:11
- OfStack
preface
When we were docking with the third party, it was inevitable that we would encounter the whitelisting problem, which led to the limitation of our local development environment and the inability to call the interface. It is difficult to complete the entire business process.
Analyze the following scenario:
For example, the third party has a machine IP with port 8080 of 1.1.1.1
The official environment is 1.1.1.1:8080 /pro/api
The test environment was 1.1.1.1:8080 /test/api
However, the third party machine does not allow any IP to be called, they only allow you to add one machine to the whitelist
For example, IP, one of your online machines, is 2.2.2.2 and has been added to the whitelist, which is no problem.
However, if you want to do development, you need to call their test environment API, but you can't call it, and you can't write code debugging on 2.2.2.2.
The solution
The springboard service
If you can't call 1.1.1.1 directly, let 2.2.2.2 write a service as a springboard, that is, send our request to 2.2.2.2, and then send the request to 1.1.1.1 unchanged after 2.2.2.2
Nginx forward
This will be much easier than the springboard service. Just turn on nginx in 2.2.2.2
listen 8080;
location /test/api/{
proxy_pass 1.1.1.1:8080;
}
Port mapping
Whether it's the springboard service or nginx forwarding we have a lot more to do. So we have to think of another way. It is 2.2.2.2 whether this machine can help me forward, just as an intermediary. I asked for 2.2.2.2:8080. In fact, I asked for 1.1.1.1:8080. That is, port mapping. The above two schemes are only for http. What about some other protocol like sftp? ftp. This is the only solution that can do it.
vi /etc/ sysctl.conf enables port forwarding. net. ipv4. ip_forward = 1 (CentOS7 in/usr lib/sysctl d / 50 - default conf extra) iptables-t ES77en-ES78en ES81en-ES82en 2.2.2.2 --dport 8080-ES84en DNAT 1.1.1.1:8080 forwarding request iptables-nat-A 1.1.1.1 --sport 8080-ES98en -- ES99en-ES100en 2.2.2.2:8080 forward and receive2.2.2.2 Forward 8080 to 1.1.1.1:8080 (other quotations Baidu, can also achieve local machine port forwarding)
service iptables save Save the Settings Restart the firewall
conclusion
Anyway, learn more about Linux, and sometimes you can use Linux knowledge to solve business problems.