如何在 SoftEther 中将服务器端口从物理机转发到 VPN 客户端？

Question

在主机和虚拟集线器之间创建虚拟接口：

VPN_SERVER:$ sudo ./vpncmd localhost /server /cmd BridgeCreate VPN /DEVICE:ens2 /TAP:yes

检查新的虚拟接口（tap_ens2）是否已创建：

VPN_SERVER:$ ifconfig | grep Ethernet
ens2      Link encap:Ethernet  HWaddr de:1a:18:12:e0:01  
tap_ens2  Link encap:Ethernet  HWaddr 5e:b4:a9:d3:82:50

为您的接口分配适当的 IP：

VPN_SERVER:$ ifconfig tap_ens2 192.168.30.5 # any available IP

测试您是否可以从主机访问 vpn 客户端（假设您在客户端的 6000 端口上启动了一个 web 服务器python -m SimpleHTTPServer 6000）：

VPN_SERVER:$ curl 192.168.30.17:6000
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><html>
<title>Directory listing for /</title>
<body>
<h2>Directory listing for /</h2>
<hr>
<ul>
<li><a href="test.txt">test.txt</a>
</ul>
<hr>
</body>
</html>

创建iptables规则（使用 root 权限在 VPN_SERVER 上运行此脚本）：

#!/bin/bash
brname=tap_ens2         # the interface connected to our private lan
braddr=192.168.30.5     # interface IP assigned externally
iface=ens2              # the interface connected to public internet

# Run as root.
[[ $(whoami) = "root" ]] || { sudo $0 "$@"; exit 0; }

# Make sure that the IP forwarding is enabled
echo 1 > /proc/sys/net/ipv4/ip_forward

# Cleanup the iptables
echo "Cleaning up NAT rules in iptables..."
iptables -F -t nat

echo "Adding forwarding rules"
iptables -A FORWARD -i ${brname} -s ${braddr}/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE

fwd(){
    # usage: fwd 1234 to 192.168.1.4:3000
    local ext_port=$1
    local internal=$3 # IP:Port 
    iptables -t nat -A PREROUTING -i $iface -p tcp --dport $ext_port -j DNAT --to $internal
}

## forward the desired ports
fwd 2233 to 192.168.30.17:6000

使用你的公网 IP 进行测试：
```
ANYWHERE:$ curl WAN_IP:2233
```

Answer 1

在主机和虚拟集线器之间创建虚拟接口：

VPN_SERVER:$ sudo ./vpncmd localhost /server /cmd BridgeCreate VPN /DEVICE:ens2 /TAP:yes

检查新的虚拟接口（tap_ens2）是否已创建：

VPN_SERVER:$ ifconfig | grep Ethernet
ens2      Link encap:Ethernet  HWaddr de:1a:18:12:e0:01  
tap_ens2  Link encap:Ethernet  HWaddr 5e:b4:a9:d3:82:50

为您的接口分配适当的 IP：

VPN_SERVER:$ ifconfig tap_ens2 192.168.30.5 # any available IP

测试您是否可以从主机访问 vpn 客户端（假设您在客户端的 6000 端口上启动了一个 web 服务器python -m SimpleHTTPServer 6000）：

VPN_SERVER:$ curl 192.168.30.17:6000
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><html>
<title>Directory listing for /</title>
<body>
<h2>Directory listing for /</h2>
<hr>
<ul>
<li><a href="test.txt">test.txt</a>
</ul>
<hr>
</body>
</html>

创建iptables规则（使用 root 权限在 VPN_SERVER 上运行此脚本）：

#!/bin/bash
brname=tap_ens2         # the interface connected to our private lan
braddr=192.168.30.5     # interface IP assigned externally
iface=ens2              # the interface connected to public internet

# Run as root.
[[ $(whoami) = "root" ]] || { sudo $0 "$@"; exit 0; }

# Make sure that the IP forwarding is enabled
echo 1 > /proc/sys/net/ipv4/ip_forward

# Cleanup the iptables
echo "Cleaning up NAT rules in iptables..."
iptables -F -t nat

echo "Adding forwarding rules"
iptables -A FORWARD -i ${brname} -s ${braddr}/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE

fwd(){
    # usage: fwd 1234 to 192.168.1.4:3000
    local ext_port=$1
    local internal=$3 # IP:Port 
    iptables -t nat -A PREROUTING -i $iface -p tcp --dport $ext_port -j DNAT --to $internal
}

## forward the desired ports
fwd 2233 to 192.168.30.17:6000

使用你的公网 IP 进行测试：
```
ANYWHERE:$ curl WAN_IP:2233
```

如何在 SoftEther 中将服务器端口从物理机转发到 VPN 客户端？

答案1

相关内容