Port-Forwarding With rinetd On Debian Etch

This article shows how you can do port-forwarding with rinetd on Debian Etch. rinetd allows you to forward ports from one system to another. This useful if you have moved your web sites to a new server with a different IP address. Of course, you have modified your DNS records, but it can take a few days until DNS changes become effective, and that is where rinetd comes into play. If clients still use the old DNS records, rinetd can redirect them to the new server. With rinetd, you do not have to fiddle with iptables rules.

I do not issue any guarantee that this will work for you!

1 Preliminary Note

In this example I'm trying to redirect HTTP traffic (port 80) from the IP address 192.168.0.101 to the IP address 192.168.0.100.

Please note that rinetd is not able to redirect FTP because FTP requires more than one socket.

2 Installing And Configuring rinetd

To install rinetd, we simply run

apt-get install rinetd

rinetd's configuration file is /etc/rinetd.conf. To forward HTTP traffic from 192.168.0.101 to 192.168.0.100, we add the line 192.168.0.101 80 192.168.0.100 80:

vi /etc/rinetd.conf

# # this is the configuration file for rinetd, the internet redirection server # # you may specify global allow and deny rules here # only ip addresses are matched, hostnames cannot be specified here # the wildcards you may use are * and ? # # allow 192.168.2.* # deny 192.168.2.1? # # forwarding rules come here # # you may specify allow and deny rules after a specific forwarding rule # to apply to only that forwarding rule # # bindadress bindport connectaddress connectport 192.168.0.101 80 192.168.0.100 80 # logging information logfile /var/log/rinetd.log # uncomment the following line if you want web-server style logfile format # logcommon

Then we restart rinetd:

/etc/init.d/rinetd restart

Now run

netstat -tap

and you should see that rinetd is listening on port 80 (www):

server2:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:sunrpc *:* LISTEN 1956/portmap
tcp 0 0 server2.example.com:www *:* LISTEN 2485/rinetd
tcp 0 0 *:3025 *:* LISTEN 2347/rpc.statd
tcp 0 0 *:auth *:* LISTEN 2306/inetd
tcp 0 0 localhost.localdom:smtp *:* LISTEN 2294/exim4
tcp6 0 0 *:ssh *:* LISTEN 2326/sshd
tcp6 0 0 server2.example.com:ssh ::ffff:192.168.0.3:4776 ESTABLISHED2409/0
server2:~#

Now when you direct your browser to a web page on the IP address 192.168.0.101, it should receive that page from the server with the IP address 192.168.0.100.

Instead of specifiying the port numbers in /etc/rinetd.conf, you can also use the service names. The service names are stored in /etc/services, so when you open that file, you will see that the service for port 80 is named www on Debian.

grep 80 /etc/services

server2:~# grep 80 /etc/services
www 80/tcp http # WorldWideWeb HTTP
www 80/udp # HyperText Transfer Protocol
socks 1080/tcp # socks proxy server
socks 1080/udp
amanda 10080/tcp # amanda backup services
amanda 10080/udp
omirr 808/tcp omirrd # online mirror
omirr 808/udp omirrd
canna 5680/tcp # cannaserver
zope-ftp 8021/tcp # zope management by ftp
webcache 8080/tcp # WWW caching service
tproxy 8081/tcp # Transparent Proxy
omniorb 8088/tcp # OmniORB
omniorb 8088/udp
server2:~#

So you could use the following configuration in /etc/rinetd.conf, it has the same effect as the first one:

vi /etc/rinetd.conf

# # this is the configuration file for rinetd, the internet redirection server # # you may specify global allow and deny rules here # only ip addresses are matched, hostnames cannot be specified here # the wildcards you may use are * and ? # # allow 192.168.2.* # deny 192.168.2.1? # # forwarding rules come here # # you may specify allow and deny rules after a specific forwarding rule # to apply to only that forwarding rule # # bindadress bindport connectaddress connectport 192.168.0.101 www 192.168.0.100 www # logging information logfile /var/log/rinetd.log # uncomment the following line if you want web-server style logfile format # logcommon

And to make rinetd listen on all IP addresses that are configured on the system where it is installed, we can use 0.0.0.0 as the bindaddress:

vi /etc/rinetd.conf

# # this is the configuration file for rinetd, the internet redirection server # # you may specify global allow and deny rules here # only ip addresses are matched, hostnames cannot be specified here # the wildcards you may use are * and ? # # allow 192.168.2.* # deny 192.168.2.1? # # forwarding rules come here # # you may specify allow and deny rules after a specific forwarding rule # to apply to only that forwarding rule # # bindadress bindport connectaddress connectport 0.0.0.0 80 192.168.0.100 80 # logging information logfile /var/log/rinetd.log # uncomment the following line if you want web-server style logfile format # logcommon

After you've restarted rinetd...

/etc/init.d/rinetd restart

... rinetd should now listen on all interfaces (*:www):

netstat -tap

server2:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:sunrpc *:* LISTEN 1956/portmap
tcp 0 0 *:www *:* LISTEN 2503/rinetd
tcp 0 0 *:3025 *:* LISTEN 2347/rpc.statd
tcp 0 0 *:auth *:* LISTEN 2306/inetd
tcp 0 0 localhost.localdom:smtp *:* LISTEN 2294/exim4
tcp 0 0 server2.example.com:www 192.168.0.3:4798 TIME_WAIT -
tcp6 0 0 *:ssh *:* LISTEN 2326/sshd
tcp6 0 148 server2.example.com:ssh ::ffff:192.168.0.3:4776 ESTABLISHED2409/0
server2:~#

3 Links

• rinetd: http://www.boutell.com/rinetd
• Debian: http://www.debian.org

Author : Un1X

Share this

Related Posts