当前位置:网站首页>Iptables port forwarding
Iptables port forwarding
2022-07-18 13:12:00 【ailx10】
The experiment passed iptables Realize local 22 Port forwarding and remote 3389 Port forwarding , Similarly, from the perspective of hackers, we can only see the springboard machine to hackers IP Of traffic , But you can see two-way traffic on the gangplank , Whether it is local forwarding or remote forwarding , They are all operated on the springboard , This and Port forwarding tool rinetd It's the same , so , Control the springboard , It controls the intranet ~
experiment 1: Forward the local port to the local port
iptables -t nat -A PREROUTING -p tcp --dport 8022 -j REDIRECT --to-port 22 
ssh 192.168.199.247 -p 8022
Observe traffic from the perspective of hackers , Can only be captured from the intranet IP To hackers IP Of traffic
From the perspective of Intranet , You can see two-way traffic
experiment 2: Forward the local port to the remote port
iptables -t nat -A PREROUTING -p tcp --dport 13389 -j DNAT --to-destination 192.168.199.185:3389
# PREROUTING chain : Process packets before routing ( Do target address conversion )
# Go to the springboard machine 13389 Port traffic forward To the intranet 3389 port
iptables -t nat -A POSTROUTING -p tcp -d 192.168.199.185 --dport 3389 -j SNAT --to-source 192.168.199.247
# POSTROUTING chain : Process packets after routing ( Modify and convert the source address of the data link )
# Go to the intranet 3389 Port traffic Modification source IP It's a springboard machine 
Hackers access the springboard machine 13389 port , You can access the intranet host 3389 port , Achieve remote login .
From the perspective of hackers, we can only see from the springboard to hackers IP Of 13389 Port traffic
From the perspective of the springboard , You can clearly see the request direction : hackers IP Request the springboard 13389 port , Then the springboard machine accesses the intranet 3389 port , Immediately see the response direction : Intranet 3389 Port response springboard , Springboard machine 13389 Port responds to hackers IP
Network security has a long way to go , Wash and sleep ~
边栏推荐
猜你喜欢
Hcip day 6 notes
Pytorch——报错解决:RuntimeError: Expected all tensors to be on the same device, but found at least two
ES6 browser support and running environment support detection and ES6 transcoding Es5
ReversingKr-wp(7)
![[golang | GRP] GRP service using tls/ssl authentication](/img/7c/16b7749541dcfeeacdb23429cd3736.png)
[golang | GRP] GRP service using tls/ssl authentication
Word——设置Tab键宽度
ReversingKr-wp(5)
hcip第六天笔记
![[golang | GRC] GRC server streaming service end stream practice](/img/c6/b7a81894be1bb60d19311abfc07800.png)
[golang | GRC] GRC server streaming service end stream practice
PPP综合实验
随机推荐
hcip静态综合复习实验
viewpager冲突解决
Use of resttemplate
PPP综合实验
ReversingKr-wp(5)
The development of digital collection system helps enterprises' meta universe scene marketing
Makefile compiles multiple target files
【性能测试】性能测试问答篇
Constants and object freezing of typescript
[QT introduction] Introduction to three window classes
QT writing IOT management platform 43 alarm SMS forwarding
Cancel default style
端口转发工具 rinetd
东方甄选爆火背后的流量密码
Hcip third day learning notes
Cadence learning path (VI) component packaging drawing
【编程强训10】井字棋+密码强度等级
hcip第五天筆記
添加右键新建Markdown文件
一边是旺旺丢不掉的童心 一边是放不下的功能饮料