更多内容请点击 我的博客 查看,欢迎来访。
Windows端口转发netsh实现跨网段访问
- 必要条件:需要有连接这两个网段的主机(双网卡)
- 命令运行:管理员
BLOG_20190826_160258_57
bat脚本批量处理
获取无线局域网适配器 WLAN的IP地址
@echo off & setlocal enabledelayedexpansion
rem 获取管理员权限
%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit
cd /d "%~dp0"
for /f "tokens=1,2 delims=:" %%a in ('ipconfig') do (
rem echo %%a
if "%%a"=="无线局域网适配器 WLAN" set "flag=1"
if "!flag!"=="1" (if "%%a"==" IPv4 地址 . . . . . . . . . . . . " set "ip=%%b")
if "%%a"==" 默认网关. . . . . . . . . . . . . " set flag=0
)
set IP=%ip%
echo %IP%
rem 但是结果中字符串前面有空格,去掉前后空格
set "str=%IP%"
:intercept_left
if "%str:~0,1%"==" " set "str=%str:~1%"&goto intercept_left
:intercept_right
if "%str:~-1%"==" " set "str=%str:~0,-1%"&goto intercept_right
set IP=%str%
echo %IP%
echo 1. 删除已有转发······
netsh interface portproxy delete v4tov4 listenaddress=%IP% listenport=80
netsh interface portproxy show all
echo 2. 启动端口转发······
netsh interface portproxy add v4tov4 listenaddress=%IP% listenport=80 connectaddress=192.168.96.20 connectport=80
netsh interface portproxy show all
echo 3. 操作完成!
pause>nul
监听端口转发
rem 添加
netsh interface portproxy add v4tov4 listenport=[对外端口] connectaddress=[目标地址] connectport=[目标端口]
rem 删除
netsh interface portproxy delete v4tov4 listenport=[对外端口]
将本地从对外端口进来的数据转发到目标地址:目标端口处理。
监听指定IP端口转发
添加一个IPV4到IPV4的端口映射,也就是指定一个ip
rem 添加
netsh interface portproxy add v4tov4 listenaddress=[对外地址] listenport=[对外端口] connectaddress=[目标地址] connectport=[目标端口]
rem 删除
netsh interface portproxy delete v4tov4 listenaddress=[对外地址] listenport=[对外端口]
查看端口转发列表
rem 查看所有端口转发
netsh interface portproxy show all
rem 仅查看IPv4端口转发
netsh interface portproxy show v4tov4
rem 搜索
netsh interface portproxy show v4tov4 | find "xxx.ip.ip.xxx"
使用软件实现转发
BLOG_20190826_160249_77
BLOG_20190826_160244_78
防火墙相关(特重要)
我的系统为Win10
rem 关闭防火墙
netsh Advfirewall set allprofiles state off
rem 查看防火墙关闭状态
netsh Advfirewall show allprofiles
rem 打开防火墙
netsh advfirewall set allprofiles state on
也可以在控制面板中 控制面板\系统和安全\Windows Defender 防火墙\自定义设置 进行手动关闭:
BLOG_20190826_160230_56
不关防火墙需允许启动端口
可以将对外端口添加到防火墙入站规则中,允许该端口数据。
BLOG_20190826_160224_66
允许这条规则命令
@echo off
rem 获取管理员权限
%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit
cd /d "%~dp0"
echo 允许端口转发······
netsh advfirewall firewall set rule name=@WiFi端口转发到96.20 new enable=yes
pause>nul
禁止这条规则命令
@echo off
rem 获取管理员权限
%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit
cd /d "%~dp0"
echo 禁止端口转发······
netsh advfirewall firewall set rule name="@WiFi端口转发到96.20" new enable=no
pause>nul
Linux转发方法
使用iptables防火墙软件进行
允许数据包转发
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -A FORWARD -i [内网网卡名称] -j ACCEPT
iptables -t nat -A POSTROUTING -s [内网网段] -o [外网网卡名称] -j MASQUERADE
例:
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.96.20/23 -o eth1 -j MASQUERADE
设置端口映射
iptables -t nat -A PREROUTING -p tcp -m tcp --dport [外网端口] -j DNAT --to-destination [内网地址]:[内网端口]
例:
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.96.20:80
网友评论