← Back to list

外网流量转发到本地

Published on: | Views: 70

有时候在对接第三方服务时,需要将外网流量转发到本地,方便调试。 这个可以使用ssh的远程转发功能实现,关于ssh转发,这里有一篇比较好的文章: https://www.ibm.com/developerworks/cn/linux/l-cn-sshforward/

外网转发流量到本地,需要有一台外网服务器做转发工作。

配置外网服务器ssh

sudo vi /etc/ssh/sshd_config

增加:

gatewayports yes  # 让其他机器可以访问
ClientAliveInterval 60  # 保持连接
ClientAliveCountMax 1

重启:

/etc/init.d/ssh restart

本地机器执行远程代理命令

ssh -g -R 80:localhost:8080 user@remote_server -p xxxx

意思是转发远程服务器的80端口到本地机器的8080端口,ssh到user@remote_server -p xxxx

保存连接稳定

由于网络波动,或者ip地址变化,可能连接会失效,即产生broken pipe错误,产生错误后客户端无法再和服务端通信。 第一在TCP层面,服务端和客户端有tcp keep alive机制,保持tcp连接,一旦断开,会话将会失效。 第二在会话层面,服务端和客户端有互发空包消息检测对方是否在线机制,一旦断开,会话将会失效。

客户端设置

/etc/ssh/ssh_config

ServerAliveInterval

Sets a timeout interval in seconds after which if no data has been received from the server, ssh(1) will send a message through the encrypted channel to request a response from the server.The default is 0, indicating that these messages will not be sent to the server, or 300 if the BatchMode option is set. ProtocolKeepAlives and SetupTimeOut are Debian-specific compatibility aliases for this option. 大概意思是,超过这个值的时间还没有收到服务器数据,客户端就会自动发送一个空包给服务端,试探服务端是否在线。默认值为0,即不发送空包试探。

ServerAliveCountMax

Sets the number of server alive messages which may be sent without ssh(1) receiving any messages back from the server. If this threshold is reached while server alive messages are being sent, ssh will disconnect from the server, terminating the session. It is important to note that the use of server alive messages is very different from TCPKeepAlive (below). The server alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The server alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive. 大概意思是,上面的试探次数超过某个值,就认为服务器离线了,就会关闭会话。

服务端设置

/etc/ssh/sshd_config

ClientAliveInterval

Sets a timeout interval in seconds after which if no data has been received from the client, sshd(8) will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client. 大概意思是,超过这个值的时间还没有收到客户端数据,服务端就会自动发送一个空包给客户端,试探客户端是否在线。默认值为0,即不发送空包试探。

ClientAliveCountMax

Sets the number of client alive messages (see below) which may be sent without sshd(8) receiving any messages back from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the client, terminating the session. It is important to note that the use of client alive messages is very different from TCPKeepAlive (below). The client alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The client alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive. The default value is 3. If ClientAliveInterval (see below) is set to 15, and ClientAliveCountMax is left at the default, unresponsive SSH clients will be disconnected after approximately 45 seconds. 大概意思是,上面的试探次数超过某个值,就认为客户端离线了,就会关闭会话。