一、概述
目前常用的端口转发工具有rinetd、Haproxy、iptables、Socat前面2种只能转发TCP,后面TCP/UDP都可以转发。如果是需要udp转发的话,只能选择iptables、Socat。iptables方面的转口转发配置这里就不多讲了,网上资料一大堆。下面分享一下Socat使用和配置。
二、安装配置
Socat可以通过rpm包的方式安装,然后配置,下面分享一个更简单的方法,一键部署安装部署脚本。
2.1 系统要求及说明
系统要求:支持CentOS 6+ 、Debian 7+、Ubuntu 14+。
脚本说明:脚本默认开启UDP、TCP转发,带开机自启功能,且一次只能转发单个端口,如果想转发多个端口请重复运行本脚本。
2.2 安装配置
1、脚本安装
wget https://raw.githubusercontent.com/iiiiiii1/Socat/master/socat.sh && bash socat.sh
注:以root用户执行上面的命令
2、输入的参数说明:
输入本地端口:指定本机未被占用的端口,用户可自定义。 输入远程端口:远程主机的真实的端口。 远程主机:远程主机的真实的IP地址。
3、配置保存位置
配置保存在/etc/rc.local文件中。
[root@localhost128 ~]# cat /etc/rc.local
#!/bin/bash
# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
#
# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this file.
#
# In contrast to previous versions due to parallel execution during boot
# this script will NOT be run after all other services.
#
# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
# that this script will be executed during boot.
touch /var/lock/subsys/local
nohup /usr/local/inception/bin/Inception --defaults-file=/etc/inc.cnf &
nohup socat TCP4-LISTEN:13022,reuseaddr,fork TCP4:192.168.42.130:22 >> /root/socat.log 2>&1 &
nohup socat -T 600 UDP4-LISTEN:13022,reuseaddr,fork UDP4:192.168.42.130:22 >> /root/socat.log 2>&1 &
2.3 软件卸载
yum remove socat
2.4 使用展示
1、环境说明
192.168.42.128:配置socat的机器,监听本地端口:13022 192.168.42.130:跳板远程连接的机器。ssh的监听端口为:22
2、配置
3、通过跳板连接到远程机器
三、小结
1、socat是继rinetd、Haproxy、iptables之后,端口转发和跳板的又一神器,同时支持tcp和udp。通过此一键配置脚本配置,非常简单便捷。
socat.sh
#! /bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
# ====================================================
# System Request:CentOS 6+ 、Debian 7+、Ubuntu 14+
# Author: Rat's
# Dscription: Socat一键脚本
# Version: 1.0
# Blog: https://www.moerats.com
# Github:https://github.com/iiiiiii1/Socat
# ====================================================
Green="\033[32m"
Font="\033[0m"
Blue="\033[33m"
rootness(){
if [[ $EUID -ne 0 ]]; then
echo "Error:This script must be run as root!" 1>&2
exit 1
fi
}
checkos(){
if [[ -f /etc/redhat-release ]];then
OS=CentOS
elif cat /etc/issue | grep -q -E -i "debian";then
OS=Debian
elif cat /etc/issue | grep -q -E -i "ubuntu";then
OS=Ubuntu
elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat";then
OS=CentOS
elif cat /proc/version | grep -q -E -i "debian";then
OS=Debian
elif cat /proc/version | grep -q -E -i "ubuntu";then
OS=Ubuntu
elif cat /proc/version | grep -q -E -i "centos|red hat|redhat";then
OS=CentOS
else
echo "Not supported OS, Please reinstall OS and try again."
exit 1
fi
}
disable_selinux(){
if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
fi
}
disable_iptables(){
systemctl stop firewalld.service >/dev/null 2>&1
systemctl disable firewalld.service >/dev/null 2>&1
service iptables stop >/dev/null 2>&1
chkconfig iptables off >/dev/null 2>&1
}
get_ip(){
ip=`curl http://whatismyip.akamai.com`
}
config_socat(){
echo -e "${Green}请输入Socat配置信息!${Font}"
read -p "请输入本地端口:" port1
read -p "请输入远程端口:" port2
read -p "请输入远程IP:" socatip
}
start_socat(){
echo -e "${Green}正在配置Socat...${Font}"
nohup socat TCP4-LISTEN:${port1},reuseaddr,fork TCP4:${socatip}:${port2} >> /root/socat.log 2>&1 &
nohup socat -T 600 UDP4-LISTEN:${port1},reuseaddr,fork UDP4:${socatip}:${port2} >> /root/socat.log 2>&1 &
if [ "${OS}" == 'CentOS' ];then
sed -i '/exit/d' /etc/rc.d/rc.local
echo "nohup socat TCP4-LISTEN:${port1},reuseaddr,fork TCP4:${socatip}:${port2} >> /root/socat.log 2>&1 &
nohup socat -T 600 UDP4-LISTEN:${port1},reuseaddr,fork UDP4:${socatip}:${port2} >> /root/socat.log 2>&1 &
" >> /etc/rc.d/rc.local
chmod +x /etc/rc.d/rc.local
elif [ -s /etc/rc.local ]; then
sed -i '/exit/d' /etc/rc.local
echo "nohup socat TCP4-LISTEN:${port1},reuseaddr,fork TCP4:${socatip}:${port2} >> /root/socat.log 2>&1 &
nohup socat -T 600 UDP4-LISTEN:${port1},reuseaddr,fork UDP4:${socatip}:${port2} >> /root/socat.log 2>&1 &
" >> /etc/rc.local
chmod +x /etc/rc.local
else
echo -e "${Green}检测到系统无rc.local自启,正在为其配置... ${Font} "
echo "[Unit]
Description=/etc/rc.local
ConditionPathExists=/etc/rc.local
[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99
[Install]
WantedBy=multi-user.target
" > /etc/systemd/system/rc-local.service
echo "#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
" > /etc/rc.local
echo "nohup socat TCP4-LISTEN:${port1},reuseaddr,fork TCP4:${socatip}:${port2} >> /root/socat.log 2>&1 &
nohup socat -T 600 UDP4-LISTEN:${port1},reuseaddr,fork UDP4:${socatip}:${port2} >> /root/socat.log 2>&1 &
" >> /etc/rc.local
chmod +x /etc/rc.local
systemctl enable rc-local >/dev/null 2>&1
systemctl start rc-local >/dev/null 2>&1
fi
get_ip
sleep 3
echo
echo -e "${Green}Socat安装并配置成功!${Font}"
echo -e "${Blue}你的本地端口为:${port1}${Font}"
echo -e "${Blue}你的远程端口为:${port2}${Font}"
echo -e "${Blue}你的本地服务器IP为:${ip}${Font}"
exit 0
}
install_socat(){
echo -e "${Green}即将安装Socat...${Font}"
if [ "${OS}" == 'CentOS' ];then
yum install -y socat
else
apt-get -y update
apt-get install -y socat
fi
if [ -s /usr/bin/socat ]; then
echo -e "${Green}Socat安装完成!${Font}"
fi
}
status_socat(){
if [ -s /usr/bin/socat ]; then
echo -e "${Green}检测到Socat已存在,并跳过安装步骤!${Font}"
main_x
else
main_y
fi
}
main_x(){
checkos
rootness
disable_selinux
disable_iptables
config_socat
start_socat
}
main_y(){
checkos
rootness
disable_selinux
disable_iptables
install_socat
config_socat
start_socat
}
status_socat
网友评论