注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

itoedr的it学苑

记录从IT文盲学到专家的历程

 
 
 

日志

 
 

redir通用命令手册(中文版)  

2013-12-07 14:44:08|  分类: 路由负载均衡 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |


说明:redir是一款转发效率特别的工具.笔者将根据使用了解对本文进行修正与更新.
命令名称
       redir - 重定向tcp连接(connect).
       It can run under inetd or stand alone (in which case it handles multiple connections).  It is 8 bit clean, not limited to line mode, is small and light. Supports transparency, FTP redirects, http proxying, and bandwidth limiting.

redir is all you need to redirect traffic across firewalls authenticate based on an IP address etc. No need for the firewall toolkit. The functionality of inetd/tcpd and "redir" will allow you to do everything you need without screwy telnet/ftp etc gateways. (I assume you are running IP Masquerading of course.)

SYNOPSIS(语法)
       redir  [--laddr=incoming.ip.address]  [--caddr=host]  [--debug] [--syslog] [--name=str] [--timeout=n] [--bind_addr=my.other.ip.address] [--ftp=type]
       [--transproxy] [--connect=host:port] --lport=port --cport=port [--bufsize=n] [--max_bandwidth=n] [--random_wait=n] [--wait_in_out=n]
       redir --inetd [--caddr=host] [--debug] [--syslog] [--name=str] [--timeout=n] [--ftp=type] [--transproxy] [--connect=host:port]  --cport=port
       [--bufsize=n] [--max_bandwidth=n] [--random_wait=n] [--wait_in_out=n]

DESCRIPTION(简介)
       redir将进入本地接口的TCP联接重定向到指定的地址(ip/port)端口组合
       redir可以以inetd方式或作为一个独立的守护程序运行。  这取决于如何编译redir,应注意不是所有的选项都可以使用.

OPTIONS
       --lport
              指定端口,侦听连接  (在不inetd方式运行时)
       --laddr
              将IP地址绑定侦听连接(在不inetd方式运行时)
       --cport
              指定要连接到(转发到)的端口
       --caddr
              指定要连接到的远程主机 (如果省略,为本地主机地址)
       --inetd
              运行的进程以inetd方式启动,通过stdin和stdout在启动时建立连接
       --debug
              将调试信息输出到stderr或系统日志
       --name
             指定一个要用于TCP wrapper的检查和系统日志记录程序的名称
       --timeout
              无操作后n秒记为超时并关闭连接
       --syslog
              信息记录到系统日志
       --bind_addr
              在侦听入站连接时,让redir选择一个特定的地址/接口进行绑定
       --ftp  
             当使用redir为转发ftp服务时,这将导致再导向也重定向ftp连接。在指定ftp连接的类型时,类型应该被指定为“port”,“pasv”或“both”来处理。需要注意的是, --transproxy选项使用一个或其它(通用端口)是不合理的。
       --transproxy
              在Linux系统上启用透明代理,这会使数据报文好象都来自他们的真实来源。  (see /usr/share/doc/redir/transproxy.txt)

       --connect
         通过支持connect命令的"HTTP代理"来重定向连接。使用--caddr and --cport来指定代理使用的地址和端口.  --connect 需要指明HTTP代理服务器将要求连接到主机名和端口。

       --bufsize n
          以字节为单位设置bufsize(缓存容量)(defaut 4096字节)。这可与--max_bandwidth或--random_wait结合使用来模拟一个慢速连接。

       --max_bandwidth n
         降低带宽,限制以不超过n位/秒转发。该algorithme算法是基本的,目的是为了模拟一个缓慢的连接,没有图片被接收。

       --random_wait n
       在每一帧报文转发前都等待0和2n毫秒。 A“包”是redir程序读取一次的数据集合。 A“数据包”的大小总是小于参数bufsize。

       --wait_in_out n
       应用--max_bandwidth和--random_wait为input(n=1)、output(n=2)或者两个(n=3)。

SEE ALSO
       rinetd

**********************
一个高效的tcp联接转发工具:rinetd
**********************
    说明:本工具通过其配置文件(rinetd.conf)来预置转发规节(定义需要转发的地址对),然后可以作为一个守护进程监听并为内核进程的数据进行实时工作.

NAME
     rinetd — 互联网“重定向服务器”

概要
     /usr/sbin/rinetd

说明
     rinetd redirects TCP connections from one IP address and port to another. rinetd is a single-process server which handles any number of con‐
     nections to the address/port pairs specified in the file /etc/rinetd.conf.  Since rinetd runs as a single process using nonblocking I/O, it is
     able to redirect a large number of connections without a severe impact on the machine. This makes it practical to run TCP services on machines
     inside an IP masquerading firewall. rinetd does not redirect FTP, because FTP requires more than one socket.

     rinetd is typically launched at boot time, using the following syntax:

     /usr/sbin/rinetd

     The configuration file is found in the file /etc/rinetd.conf, unless another file is specified using the -c command line option.

转发规则
     Most entries in the configuration file are forwarding rules. The format of a forwarding rule is as follows:

     bindaddress bindport connectaddress connectport

     For example:

     206.125.69.81 80 10.1.1.2 80

     Would redirect all connections to port 80 of the "real" IP address 206.125.69.81, which could be a virtual interface, through rinetd to port
     80 of the address 10.1.1.2, which would typically be a machine on the inside of a firewall which has no direct routing to the outside world.

     Although responding on individual interfaces rather than on all interfaces is one of rinetd's primary features, sometimes it is preferable to
     respond on all IP addresses that belong to the server.  In this situation, the special IP address 0.0.0.0 can be used. For example:

     0.0.0.0 23 10.1.1.2 23

     Would redirect all connections to port 23, for all IP addresses assigned to the server. This is the default behavior for most other programs.

     Service names can be specified instead of port numbers. On most systems, service names are defined in the file /etc/services.

     Both IP addresses and hostnames are accepted for bindaddress and connectaddress.

ALLOW AND DENY RULES
     Configuration files can also contain allow and deny rules.

     Allow rules which appear before the first forwarding rule are applied globally: if at least one global allow rule exists, and the address of a
     new connection does not satisfy at least one of the global allow rules, that connection is immediately rejected, regardless of any other
     rules.

     Allow rules which appear after a specific forwarding rule apply to that forwarding rule only. If at least one allow rule exists for a particu‐
     lar forwarding rule, and the address of a new connection does not satisfy at least one of the allow rules for that forwarding rule, that con‐
     nection is immediately rejected, regardless of any other rules.

     Deny rules which appear before the first forwarding rule are applied globally: if the address of a new connection satisfies any of the global
     allow rules, that connection is immediately rejected, regardless of any other rules.

     Deny rules which appear after a specific forwarding rule apply to that forwarding rule only. If the address of a new connection satisfies any
     of the deny rules for that forwarding rule, that connection is immediately rejected, regardless of any other rules.

     The format of an allow rule is as follows:

     allow pattern

     Patterns can contain the following characters: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, . (period), ?, and *. The ? wildcard matches any one character.
     The * wildcard matches any number of characters, including zero.

     For example:

     allow 206.125.69.*

     This allow rule matches all IP addresses in the 206.125.69 class C domain.

     Host names are NOT permitted in allow and deny rules. The performance cost of looking up IP addresses to find their corresponding names is
     prohibitive. Since rinetd is a single process server, all other connections would be forced to pause during the address lookup.

LOGGING
     rinetd is able to produce a log file in either of two formats: tab-delimited and web server-style "common log format."

     By default, rinetd does not produce a log file. To activate logging, add the following line to the configuration file:

     logfile log-file-location

     Example: logfile /var/log/rinetd.log

     By default, rinetd logs in a simple tab-delimited format containing the following information:

     Date and time

     Client address

     Listening host

     Listening port

     Forwarded-to host

     Forwarded-to port

     Bytes received from client

     Bytes sent to client

     Result message

     To activate web server-style "common log format" logging, add the following line to the configuration file:

     logcommon

COMMAND LINE OPTIONS
     The -c command line option is used to specify an alternate configuration file.

     The -f command line option is used to run rinetd in the foreground, without forking to the background.

     The -h command line option produces a short help message.

     The -v command line option displays the version number.

REINITIALIZING RINETD
     The kill -1 signal (SIGHUP) can be used to cause rinetd to reload its configuration file without interrupting existing connections.  Under
     Linux? the process id is saved in the file /var/run/rinetd.pid to facilitate the kill -HUP. An alternate filename can be provided by using the
     <code>pidlogfile</code> configuration file option.


LIMITATIONS
     rinetd redirects TCP connections only. There is no support for UDP. rinetd only redirects protocols which use a single TCP socket. This rules
     out FTP.

BUGS
     The server redirected to is not able to identify the host the client really came from. This cannot be corrected; however, the log produced by
     rinetd provides a way to obtain this information. Under Unix, Sockets would theoretically lose data when closed with SO_LINGER turned off, but
     in Linux this is not the case (kernel source comments support this belief on my part). On non-Linux Unix platforms, alternate code which uses
     a different trick to work around blocking close() is provided, but this code is untested. The logging is inadequate.  The duration of each
     connection should be logged.

LICENSE
     Copyright (c) 1997, 1998, 1999, Thomas Boutell and Boutell.Com, Inc.  This software is released for free use under the terms of the GNU Public
     License, version 2 or higher. NO WARRANTY IS EXPRESSED OR IMPLIED. USE THIS SOFTWARE AT YOUR OWN RISK.

CONTACT INFORMATION
     See http://www.boutell.com/rinetd/ for the latest release.  Thomas Boutell can be reached by email: boutell@boutell.com
  评论这张
 
阅读(475)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017