当前位置: 文江博客话题详情

重定向 ip6tables 中的端口

发布于 2024-10-05 17:36:35 字数 115 浏览 2 评论 0原文

如何使用 ip6tables 将一个端口重定向到另一个本地端口? 例如这样的东西: ip6tables -t nat -A 预路由 -j 重定向 -p tcp --dport 443 --to-ports 8443

原文

How can I redirect one port to another local port by using ip6tables ?
e.g. something like this :
ip6tables -t nat -A PREROUTING -j REDIRECT -p tcp --dport 443 --to-ports 8443

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

茶色山野 2024-10-12 17:36:50

ip6tables 不支持REDIRECT。 (通常人们在 NAT 环境中使用此功能,而 IPv6 通常不支持 NAT。)

如果您所需要做的就是作为普通用户绑定到低端口,为什么不尝试 这个答案?当然,就 Tomcat 而言,听起来这意味着为任何 Java 进程提供该功能。

ip6tables does not support REDIRECT. (Normally people use this in a NAT environment, and NAT is generally not supported with IPv6.)

If all you need to do is bind to the low port as a normal user, why not try the workaround described in this answer? Of course, in the case of Tomcat, it sounds like this would mean giving any Java process that capability.

回复 原文
森林迷了鹿 2024-10-12 17:36:45

嗯,这是一个老问题,但因为我需要做同样的事情......这是我发现的:

TPROXY

This target is only valid in the mangle table, in the PREROUTING chain and user-defined chains which are only called from this chain. It redirects the packet to a local socket without changing the packet header in any way. It can also change the mark value which can then be used in advanced routing rules. It takes three options:
--on-port port
    This specifies a destination port to use. It is a required option, 0 means the new destination port is the same as the original. This is only valid if the rule also specifies -p tcp or -p udp. 
--on-ip address
    This specifies a destination address to use. By default the address is the IP address of the incoming interface. This is only valid if the rule also specifies -p tcp or -p udp. 
--tproxy-mark value[/mask]
    Marks packets with the given value/mask. The fwmark value set here can be used by advanced routing. (Required for transparent proxying to work: otherwise these packets will get forwarded, which is probably not what you want.)

当然,这仅对 ip6tables 有效。所以我想这是有效的:

ip6tables -t mangle -A PREROUTING -p tcp --dport 443 -j TPROXY --on-port 8443

但是,我没有'还没有尝试一下。

Well this is an old question, but since I need to do the same thing… Here is what I've found:

TPROXY

This target is only valid in the mangle table, in the PREROUTING chain and user-defined chains which are only called from this chain. It redirects the packet to a local socket without changing the packet header in any way. It can also change the mark value which can then be used in advanced routing rules. It takes three options:
--on-port port
    This specifies a destination port to use. It is a required option, 0 means the new destination port is the same as the original. This is only valid if the rule also specifies -p tcp or -p udp. 
--on-ip address
    This specifies a destination address to use. By default the address is the IP address of the incoming interface. This is only valid if the rule also specifies -p tcp or -p udp. 
--tproxy-mark value[/mask]
    Marks packets with the given value/mask. The fwmark value set here can be used by advanced routing. (Required for transparent proxying to work: otherwise these packets will get forwarded, which is probably not what you want.)

This is valid for ip6tables only, of course. So I guess that this is valid:

ip6tables -t mangle -A PREROUTING -p tcp --dport 443 -j TPROXY --on-port 8443

However, I didn't try it yet.

回复 原文
~没有更多了~

关于作者

燕归巢

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

lorenzathorton8

文章 0 评论 0

Zero

文章 0 评论 0

萧瑟寒风

文章 0 评论 0

mylayout

文章 0 评论 0

tkewei

文章 0 评论 0

17818769742

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文