mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-25 23:11:02 +08:00
Merge pull request #24996 from lkxed/20210928-What-is-port-forwarding
Translated 20210928 What is port forwarding.md
This commit is contained in:
Xingyu.Wang
GitHub
commit
76fcc46ad0
@ -1,98 +0,0 @@
|
||||
[#]: subject: "What is port forwarding?"
|
||||
[#]: via: "https://opensource.com/article/21/9/what-port-forwarding"
|
||||
[#]: author: "Seth Kenlon https://opensource.com/users/seth"
|
||||
[#]: collector: "lujun9972"
|
||||
[#]: translator: " "
|
||||
[#]: reviewer: " "
|
||||
[#]: publisher: " "
|
||||
[#]: url: " "
|
||||
|
||||
What is port forwarding?
|
||||
======
|
||||
This article demonstrates the most common scenarios for port forwarding.
|
||||
![Multi-colored and directional network computer cables][1]
|
||||
|
||||
Port forwarding transfers network traffic from one network listener (called a "port") to another, either on the same computer or a different computer. Ports, in this context, are not physical objects but a software routine listening for network activity.
|
||||
|
||||
When traffic directed at a specific port arrives at a router or a firewall, or other networked application, the response it receives can be defined according to the port it's trying to communicate with. When you use port forwarding, you can catch communication coming in on port 8080, for instance, and forward it on to port 80 instead. The new destination port may be on the same device as the one receiving the signal or on a different device. There are many ways to forward ports, and there are different reasons for doing it. This article demonstrates the most common scenarios.
|
||||
|
||||
### Port forwarding with your router
|
||||
|
||||
You usually need to forward ports when you host a server at home. Your home router (usually the WiFi appliance you get from your ISP) has a built-in firewall designed to prevent the outside world from getting onto your home network. You can use port forwarding to allow traffic on a specific port through your router's firewall, sending it to a specific IP address on your network.
|
||||
|
||||
For instance, say you're hosting a [Minetest server][2] and want to invite friends. For them to get through your router and into your Minetest server, you must forward a port from the router to the computer hosting Minetest. By default, a Minetest server runs on port 30000. You can port forward 30000 on your router to port 30000 on your Minetest server, or you could arbitrarily invent a simpler port for your players to remember and then forward that instead. I find that people inevitably miscount the zeroes in 30000 (especially without the benefit of a comma to help), so I use port 1234 and forward it to my internal 30000 port.
|
||||
|
||||
Router interfaces differ from manufacturer to manufacturer, but the idea is the same regardless of what brand of router you have in your home. First, log in to your router.
|
||||
Its IP address and login information is often printed on the router itself or in its documentation. I own a TP-Link GX90 router, and I log in to it by pointing my web browser to 10.0.1.1, but your router might be 192.168.0.1 or some other address.
|
||||
|
||||
My GX90 router calls port forwarding "Virtual servers," which is a category found in the router's **NAT forwarding** tab. NAT stands for _Network Address Translation_. Other routers may just call it **Port forwarding** or **Firewall** or **Services**. It may take a little clicking around to find the right category, or you may need to spend some time studying your router's documentation.
|
||||
|
||||
When you find the port forwarding setting, add a new rule that names an external port (1234, in my example) and an internal one (30000). Forward the external port to the internal port on the IP address of the computer you want people to be able to access. If you need help finding your IP address, read Archit Modi's _[How to find your IP address on Linux][3]_ article.
|
||||
|
||||
![A sample port forwarding rule][4]
|
||||
|
||||
A sample port forwarding rule
|
||||
(Seth Kenlon, [CC BY-SA 4.0][5])
|
||||
|
||||
In this example, I'm forwarding traffic that reaches my home network at port 1234 to port 30000 of my home server located at 10.0.1.2.
|
||||
|
||||
Save the rule to proceed.
|
||||
|
||||
Next, you need to know your home network's public IP address. You can obtain this from websites like [ifconfig.me][6] or [icanhazip.com][7]. Either open a browser to one of those sites or get the IP using the [curl][8] command:
|
||||
|
||||
|
||||
```
|
||||
$ curl ifconfig.me
|
||||
93.184.216.34
|
||||
```
|
||||
|
||||
Your friends can now join your Minetest server by entering the `169.169.23.49:1234` into their Minetest client.
|
||||
|
||||
### Port forwarding with a firewall
|
||||
|
||||
Sysadmins sometimes need to forward ports for traffic reaching a server. For example, you may want to accept traffic to port 80 but present the user with a service running on port 8065. Without port forwarding, your users would have to remember to append a specific port at the end of the URL they enter into their browser, such as `example.com:8065`. Most users aren't used to thinking about ports, so intercepting a call to the common web port 80 and redirecting it to the obscure one your web app runs on is a big convenience for your users.
|
||||
|
||||
You can forward traffic on a server using [firewall-cmd][9], the front-end command to the `firewalld` daemon.
|
||||
|
||||
First, set the ports and protocols you want to forward:
|
||||
|
||||
|
||||
```
|
||||
$ sudo firewall-cmd \
|
||||
\--add-forward-port \
|
||||
port=80:proto=tcp:toport=8065
|
||||
```
|
||||
|
||||
To make the change permanent, use the `--runtime-to-permanent` option:
|
||||
|
||||
|
||||
```
|
||||
`$ sudo firewall-cmd --runtime-to-permanent`
|
||||
```
|
||||
|
||||
### Network forwarding
|
||||
|
||||
In networking, there are other kinds of forwarding aside from port forwarding. For instance, both IP forwarding and proxying are forms of forwarding. As you get familiar with how network information is processed as it's routed, you can try different kinds of forwarding (and watch it with `tcpdump` or similar) to see what works best for your setup.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://opensource.com/article/21/9/what-port-forwarding
|
||||
|
||||
作者:[Seth Kenlon][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://opensource.com/users/seth
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/connections_wires_sysadmin_cable.png?itok=d5WqHmnJ (Multi-colored and directional network computer cables)
|
||||
[2]: https://opensource.com/alternatives/minecraft#minetest
|
||||
[3]: https://opensource.com/article/18/5/how-find-ip-address-linux
|
||||
[4]: https://opensource.com/sites/default/files/uploads/router-port-forward.jpg (A sample port forwarding rule)
|
||||
[5]: https://creativecommons.org/licenses/by-sa/4.0/
|
||||
[6]: http://ifconfig.me
|
||||
[7]: http://icanhazip.com
|
||||
[8]: https://opensource.com/article/20/5/curl-cheat-sheet
|
||||
[9]: https://www.redhat.com/sysadmin/secure-linux-network-firewall-cmd
|
||||
98
translated/tech/20210928 What is port forwarding.md
Normal file
98
translated/tech/20210928 What is port forwarding.md
Normal file
@ -0,0 +1,98 @@
|
||||
[#]: subject: "What is port forwarding?"
|
||||
[#]: via: "https://opensource.com/article/21/9/what-port-forwarding"
|
||||
[#]: author: "Seth Kenlon https://opensource.com/users/seth"
|
||||
[#]: collector: "lujun9972"
|
||||
[#]: translator: "lkxed"
|
||||
[#]: reviewer: " "
|
||||
[#]: publisher: " "
|
||||
[#]: url: " "
|
||||
|
||||
什么是端口转发?
|
||||
======
|
||||
本文介绍了几种端口转发最常见的使用场景。
|
||||
![Multi-colored and directional network computer cables][1]
|
||||
|
||||
端口转发就是把网络流量从一个网络监听者(称为一个“端口”)发送到另一个上,无论这两个端口是否属于同一台电脑。在这里,端口不是某个物理实体,而是一个监听网络活动的软件程序。
|
||||
|
||||
当流量被定向发往到某个特定的端口,它会先到达一个路由器或是防火墙,亦或是其他的网络程序。它最终收到的响应可能会根据它想要通讯的端口来定义。比如,当你使用端口转发时,你可以捕获到发往 8080 端口的流量,然后把它转发到 80 端口。对于接收信号的原端口来说,这个新的目标端口可能和它在同一台设备上,也可能是在另一台设备上。我们在很多情况下都会用到端口转发,实现的方式也有很多。本文将介绍其中最常见的几种使用场景。
|
||||
|
||||
### 使用路由器来进行端口转发
|
||||
|
||||
如果你在把服务器架设在家里,那么你通常是不需要转发端口的。你的家庭路由器(通常是你从<ruby>网络服务提供商<rt>Internet Service Provider, ISP</rt></ruby>获得的 WiFi 设备)有一个内置的防火墙,它的作用是阻止外面的世界访问到你的家庭网络。通过使用端口转发,你可以允许某个指定端口的流量穿过路由器的防火墙,并发送到局域网中的某个指定的 IP 地址。
|
||||
|
||||
比如说,你架设了一个 [Minetest 服务][2],并想要邀请你的朋友们来试试。为了让他们能够“穿过”你的路由器,从而到达这个 Minetest 服务,你必须把路由器上的某个端口转发到托管 Minetest 服务的电脑上。Minetest 服务默认运行在 30000 端口。你可以把路由器的 30000 端口转发到你的电脑的 30000 端口上,或者你也可以随便转发到一个更简单的端口上,这样玩家们会更容易记住它。我发现,当使用 30000 端口的时候,人们时常会少数几个 0(特别是没有逗号分隔符的帮助时),所以我一般使用路由器的 1234 端口,然后把它转发到我内部的 30000 端口。
|
||||
|
||||
每个制造商的路由器接口都不一样,但是不管你用的是什么牌子的路由器,方法都是相同的。首先,你需要登录到你的路由器。
|
||||
通常,路由器的 IP 地址和登录信息都会打印在路由器上,或者在是它的文档里。我有一个型号为 TP-Link GX90 的路由器,我在浏览器里访问 10.0.1.1 就可以登录它,但你的路由器可能是 192.168.0.1 或者其他的地址。
|
||||
|
||||
我的 GX90 路由器把端口转发功能称为“<ruby>虚拟服务器<rt>virtual servers</rt></ruby>”,它是路由器的“NAT 转发”标签下的一个功能选项。NAT 的意思是 _网络地址转换_。在其他路由器中,这个功能可能直接就叫做“端口转发”,或者叫“防火墙”、“服务”等。找到正确的功能选项可能需要花费一些时间,因此,你可能需要花点时间研究下你的路由器文档。
|
||||
|
||||
当你找到了路由器的端口转发设置,添加一个新规则,命名一个外部端口(在我的例子中是 1234)和一个内部端口(30000)。把外部端口转发到内部端口上,而内部端口绑定在你想要大家访问的电脑的 IP 地址上。如果你需要一些查询本机 IP 地址的帮助,你可以阅读 Archit Modi 写的 _[在 Linux 上如何查询本地 IP 地址][3]_。
|
||||
|
||||
![A sample port forwarding rule][4]
|
||||
|
||||
一个简单端口转发规则
|
||||
(图片提供者是 Seth Kenlon,遵循[署名-相同方式共享 4.0 国际][5]协议)
|
||||
|
||||
在这个例子中,访问家庭网络的 1234 端口的流量,都会被转发到了我的家庭服务器的 30000 端口上,后者的 IP 地址是 10.0.1.2。
|
||||
|
||||
在继续之前,先保存这个规则。
|
||||
|
||||
接下来,你需要知道你的家庭网络的公网 IP 地址是多少。你可以从 [ifconfig.me][6] 或者 [icanhazip.com][7] 上获得这个地址。你可以在浏览器中打开这两个网站的其中一个,也可以使用 [curl][8] 命令来获取到这个 IP。
|
||||
|
||||
|
||||
```
|
||||
$ curl ifconfig.me
|
||||
93.184.216.34
|
||||
```
|
||||
|
||||
现在,你的朋友们就可以在 Minetest 客户端里输入 `169.169.23.49:1234`,加入你的 Minetest 服务器啦。
|
||||
|
||||
### 使用防火墙来进行端口转发
|
||||
|
||||
系统管理员有时候需要转发访问服务器的流量。比如说,你可能想要接收来自 80 端口的流量,但是用户的服务却运行在 8065 端口。如果不进行端口转发的话,你的用户就不得不在输入浏览器的 URL 末尾,加上一个指定的端口号,例如 `example.com:8065`。大多数用回都不习惯于考虑端口的问题,所以你需要把访问网络通用的 80 端口的请求拦截下来,然后转发到你的网络应用的具体端口,这会给用户带来巨大的方便。
|
||||
|
||||
你可以在服务器上使用 [firewall-cmd][9] 来转发流量,它是访问 `firewalld` 后台进程的<ruby>前端<rt>front-end</rt></ruby>命令。
|
||||
|
||||
首先,设置好你想要转发的端口和协议:
|
||||
|
||||
|
||||
```
|
||||
$ sudo firewall-cmd \
|
||||
\--add-forward-port \
|
||||
port=80:proto=tcp:toport=8065
|
||||
```
|
||||
|
||||
为使修改永久生效,你需要加上 `--runtime-to-permanent` 选项:
|
||||
|
||||
|
||||
```
|
||||
`$ sudo firewall-cmd --runtime-to-permanent`
|
||||
```
|
||||
|
||||
### 网络转发
|
||||
|
||||
在网络传输中,除了端口转发外,还有其他种类的<ruby>转发<rt>forwarding</rt></ruby>形式,例如 IP 转发和代理等。当你熟悉了网络信息在路由时是怎么被处理的之后,你可以试试不同的转发形式(然后使用 `tcpdump` 或类似的工具)来看看哪一种最好、最符合你的需求。
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://opensource.com/article/21/9/what-port-forwarding
|
||||
|
||||
作者:[Seth Kenlon][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[lkxed](https://github.com/lkxed)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://opensource.com/users/seth
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/connections_wires_sysadmin_cable.png?itok=d5WqHmnJ (Multi-colored and directional network computer cables)
|
||||
[2]: https://opensource.com/alternatives/minecraft#minetest
|
||||
[3]: https://opensource.com/article/18/5/how-find-ip-address-linux
|
||||
[4]: https://opensource.com/sites/default/files/uploads/router-port-forward.jpg (A sample port forwarding rule)
|
||||
[5]: https://creativecommons.org/licenses/by-sa/4.0/
|
||||
[6]: http://ifconfig.me
|
||||
[7]: http://icanhazip.com
|
||||
[8]: https://opensource.com/article/20/5/curl-cheat-sheet
|
||||
[9]: https://www.redhat.com/sysadmin/secure-linux-network-firewall-cmd
|
||||
Loading…
Reference in New Issue
Block a user