linux 端口限制只能在内部127.0.0.1访问,改成可以在公网访问

今天做项目的时候想请求虚拟机中的一个地址,设置的端口号是18332,但是外部怎么都访问不到,于是排查问题
1.输入lsof -i:18332查看端口号

[root@192 bin]# lsof -i:18332
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
bitcoind 16971 root    9u  IPv6  55939      0t0  TCP localhost:18332 (LISTEN)
bitcoind 16971 root   10u  IPv4  55941      0t0  TCP localhost:18332 (LISTEN)

发现没有什么异常,想到可能是防火墙,干脆把防火墙关了

systemctl stop firewalld
[root@192 bin]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

Aug 10 23:31:07 192.168.0.221 firewalld[14333]: WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.
Aug 10 23:31:07 192.168.0.221 firewalld[14333]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Aug 10 23:31:30 192.168.0.221 firewalld[14333]: WARNING: ICMP type 'beyond-scope' is not supported by the kernel for ipv6.
Aug 10 23:31:30 192.168.0.221 firewalld[14333]: WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Aug 10 23:31:30 192.168.0.221 firewalld[14333]: WARNING: ICMP type 'failed-policy' is not supported by the kernel for ipv6.
Aug 10 23:31:30 192.168.0.221 firewalld[14333]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Aug 10 23:31:30 192.168.0.221 firewalld[14333]: WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.
Aug 10 23:31:30 192.168.0.221 firewalld[14333]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Aug 10 23:33:20 192.168.0.221 systemd[1]: Stopping firewalld - dynamic firewall daemon...
Aug 10 23:33:21 192.168.0.221 systemd[1]: Stopped firewalld - dynamic firewall daemon.

先关了在说,继续用本机访问,还是不行,但是本机可以访问18333的端口,我就奇怪了,于是查看所有的端口号

[root@192 bin]# netstat -nultp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1008/sshd           
tcp        0      0 127.0.0.1:18332         0.0.0.0:*               LISTEN      16971/./bitcoind    
tcp        0      0 0.0.0.0:18333           0.0.0.0:*               LISTEN      16971/./bitcoind    
tcp        0      0 127.0.0.1:18334         0.0.0.0:*               LISTEN      16971/./bitcoind    
tcp6       0      0 :::22                   :::*                    LISTEN      1008/sshd           
tcp6       0      0 ::1:18332               :::*                    LISTEN      16971/./bitcoind    
tcp6       0      0 :::18333                :::*                    LISTEN      16971/./bitcoind    
udp        0      0 127.0.0.1:323           0.0.0.0:*                           768/chronyd         
udp6       0      0 ::1:323                 :::*                                768/chronyd

果然发现了异常,18333的地址是0.0.0.0,18332的地址是127.0.0.1,这就说18332的端口只能用127.0.0.1这个地址访问,其他地址都不行了,所以在外部是不可能访问到这个端口的,即使关闭了防火墙也不行,百度了大半天终于找到了解决办法,用rinetd!

简介
Rinetd是为在一个Unix和Linux操作系统中为重定向传输控制协议(TCP)连接的一个工具。Rinetd是单一过程的服务器，它处理任何数量的连接到在配置文件etc/rinetd中指定的地址/端口对。尽管rinetd使用非闭锁I/O运行作为一个单一过程，它可能重定向很多连接而不对这台机器增加额外的负担。

1. 先安装gcc,如果有的话就不跳过

yum -y install gcc gcc-c++ make

2. 下载解压,进入目录,然后安装

wget http://www.boutell.com/rinetd/http/rinetd.tar.gz
tar -zxvf rinetd-0.70.tar.gz
cd rinetd-0.70
./configure
make && make install
rinetd -v											#查看版本
rinetd 0.70

3. 修改配置文件

[root@192 etc]# vim /usr/local/etc/rinetd.conf 
# uncomment the following line if you want web-server style logfile format
# logcommon
192.168.0.221 18800 127.0.0.1 18332               #加入一行,192.168.0.221是虚拟机的ip

4. 保存配置文件,启动rinetd

[root@192 etc]# rinetd                        #启动命令很简单

然后再次查看端口

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 192.168.0.221:18800     0.0.0.0:*               LISTEN      16095/rinetd        	#第一个就是了
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1008/sshd           
tcp        0      0 127.0.0.1:18332         0.0.0.0:*               LISTEN      16971/./bitcoind    
tcp        0      0 0.0.0.0:18333           0.0.0.0:*               LISTEN      16971/./bitcoind    
tcp        0      0 127.0.0.1:18334         0.0.0.0:*               LISTEN      16971/./bitcoind    
tcp6       0      0 :::22                   :::*                    LISTEN      1008/sshd           
tcp6       0      0 ::1:18332               :::*                    LISTEN      16971/./bitcoind    
tcp6       0      0 :::18333                :::*                    LISTEN      16971/./bitcoind    
udp        0      0 127.0.0.1:323           0.0.0.0:*                           768/chronyd         
udp6       0      0 ::1:323                 :::*                                768/chronyd    

这是再用主机访问192.168.0.221:18800;就可以放文到虚拟机的120.0.0.1:18332端口了
还可以查下两个端口

[root@192 etc]# ss -anplt|grep 18332
LISTEN     0      128    127.0.0.1:18332                    *:*                   users:(("bitcoind",pid=16971,fd=10))
LISTEN     0      128        ::1:18332                   :::*                   users:(("bitcoind",pid=16971,fd=9))
[root@192 etc]# ss -anplt|grep 18800
LISTEN     0      128    192.168.0.221:18800                    *:*                   users:(("rinetd",pid=16095,fd=4))

ok就是这样
参考:
linux下127.0.0.1(localhost)端口转到外网实现