Nginx实现TCP转发
Nginx版本: 1.10.2
一.基于Nginx实现TCP/UDP协议端口转发,配置命令stream命令默认在nginx.conf主配置文件中的main模块:
官方说明:
The ngx_stream_core_module module is available since version 1.9.0. This module is not built by default, it should be enabled with the --with-stream configuration parameter.
ngx_stream_core_module 这个模块在1.90版本后将被启用。但是并不会默认安装,需要在编译安装时通过指定 --with-stream 参数来激活这个模块。
stream { upstream backend1 { server 221.239.33.162:2181 max_fails=3 fail_timeout=30s; } upstream backend2 { server 221.239.33.162:8822 max_fails=3 fail_timeout=30s; } upstream backend3 { server 221.239.33.162:8823 max_fails=3 fail_timeout=30s; } upstream backend4 { server 221.239.33.162:8824 max_fails=3 fail_timeout=30s; } upstream backend5 { server 221.239.33.162:8825 max_fails=3 fail_timeout=30s; } upstream backend6 { server 221.239.33.162:8826 max_fails=3 fail_timeout=30s; } upstream backend7 { server 221.239.33.162:8827 max_fails=3 fail_timeout=30s; } upstream backend8 { server 221.239.33.162:10443 max_fails=3 fail_timeout=30s; } upstream backend9 { server 221.239.33.162:22333 max_fails=3 fail_timeout=30s; } upstream backend10 { server 221.239.33.162:22343 max_fails=3 fail_timeout=30s; } upstream backend11 { server 221.239.33.162:22331 max_fails=3 fail_timeout=30s; } upstream backend12 { server 221.239.33.162:22332 max_fails=3 fail_timeout=30s; } upstream backend13 { server 221.239.33.162:22341 max_fails=3 fail_timeout=30s; } upstream backend14 { server 221.239.33.162:22342 max_fails=3 fail_timeout=30s; } upstream backend15 { server 221.239.33.162:3443 max_fails=3 fail_timeout=30s; } upstream backend16 { server 221.239.33.162:4443 max_fails=3 fail_timeout=30s; } upstream backend17 { server 221.239.33.162:5443 max_fails=3 fail_timeout=30s; } upstream backend18 { server 221.239.33.162:6033 max_fails=3 fail_timeout=30s; } upstream backend19 { server 221.239.33.162:6443 max_fails=3 fail_timeout=30s; } upstream backend20 { server 221.239.33.162:7443 max_fails=3 fail_timeout=30s; } upstream backend21 { server 221.239.33.162:8443 max_fails=3 fail_timeout=30s; } upstream backend22 { server 221.239.33.162:9443 max_fails=3 fail_timeout=30s; } server { listen 2181; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend1; } server { listen 8822; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend2; } server { listen 8823; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend3; } server { listen 8824; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend4; } server { listen 8825; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend5; } server { listen 8826; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend6; } server { listen 8827; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend7; } server { listen 10443; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend8; } server { listen 22333; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend9; } server { listen 22343; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend10; } server { listen 22331; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend11; } server { listen 22332; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend12; } server { listen 22341; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend13; } server { listen 22342; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend14; } server { listen 3443; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend15; } server { listen 4443; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend16; } server { listen 5443; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend17; } server { listen 6033; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend18; } server { listen 6443; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend19; } server { listen 7443; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend20; } server { listen 8443; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend21; } server { listen 9443; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass backend22; } }
二.基于Iptables的NAT转发机制实现端口转发,配置如下,设置iptables同时修改
/etc/sysctl.conf 的IP转发参数为1
参考链接: https://help.aliyun.com/knowledge_detail/38776.html
iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 192.168.1.6