Total Pageviews

Sunday, 7 February 2016

Linux端口重定向程序- FastFwD

FastFwD 是一个 Linux 下的端口重定向守护进程软件。可以将来自某端口的连接转到另外一个端口上,也可以在不同的IP地址上进行转发,而无需配置 iptables 规则。

FastFwD is a network daemon that can be used to forward a connection from one port to an other. It forwards the traffic in both directions so that it is similar like a direct connection for the forwarded application.
FastFwD mainly performs the same that is possible with a ipchains/iptables port forwarding rule. So if ipchans are a well-known thing for you I'd recommend that you use them.
But if you only have some basic knowledge there or do not use the ipchains-rules regularly, fastfwd is the perfect tool for you:
* FastFwD is easy to configure and to set up
* FastFwD does not use cryptic and complicated configuration parameters
* you are not in danger to block your complete system just because of a small problem within your ipchains rules
Beside of that fastfwd is tested on Linux and QNX(tm) and should work on other POSIX operating systems too.


To unpack and compile the sources open a console, go to the location where the downloaded archive is stored and execute
bzip2 -d fastfwd-*.tar.bz2
tar -xvf fastfwd-*.tar
Afterwards you will find a new directory fastfwd-* that contains everything you need. To build the sources, change into that directory and execute
for Linux operating system or
 make -f Makefile.QNX
in case you are using QNX(tm). Please note: this step requires the make-toolchain and the gcc or qcc installed on your system.


fastfwd can be configured using a configuration file fastfwd.conf that has to be located within /etc. An example configuration file is included within the source archive. This file is a plain text file that contains some parameters (as described below) and comments (starting with a "#") that are ignored by the application completely.
Following parameters can be set within the configration filr fastfwd.conf:
* uid - here the name of a user has to be set to use its (limited) privileges to run with. That means the application can be started by "root", binds its port as configured and then revokes all root-privileges to continue operation with the privileges of the user specified here.
* daemon - this parameter specifies if the application has to run in foreground (daemon=0) or in background so that it releases the console it is started from; in last case set the value of daemon to "1"
* srcip - the source IP the application has to use to listen for incoming applications; here normally can be used in case there exists only one IP on a system or in case the daemon has to listen on all IPs that are available on the server fastfwd is located at
* srcport - the port the application has to listen at; if this port number is already in use the application will exit during initialization
* trgtip - the IP number or host name connections have to be forwarded to
* trgip - the port number connections have to be forwarded to
* authkey - authentication key to avoid unauthorized usage of the port forwarding, this parameter has to be disabled by adding a "#" character in front of it in case it has not to be used!
Here a string can be specified that is used as authentication token: when this option is used and whenever a connection is established to srcip:srcprt the fastfwd port forwarding daemon does not connect to trgip:trgport immediately but expects that string as first transmissin from the client. When it receives the string, the connection to trgip:trgport is established, when something else is received, the incoming connection is rejected and no forwarding of data is performed.

Please note: the data expected from fastfwd are the string only, without any termination characters like or CR/LF. The authkey itself of course is not transmitted to the target, only the data that are received after this string are sent to it.