Google cloud platform 谷歌云RDP转发
我尝试将google云虚拟机配置为将RDP转发到其他IP地址。 这是因为我需要通过RDP访问windows机器,RDP不是在我打开的标准3389端口上侦听,而是在其他端口50000上侦听 应该是这样的: Work_PC(只能使用3389端口)->gcs实例侦听端口3389转发到->目标windows机器侦听端口50000上的RDP 因此,我创建了新的clean Centos 7 micro machine(免费层VM实例google cloud),并执行以下步骤来设置防火墙: 禁用防火墙:Google cloud platform 谷歌云RDP转发,google-cloud-platform,centos,firewall,iptables,portforwarding,Google Cloud Platform,Centos,Firewall,Iptables,Portforwarding,我尝试将google云虚拟机配置为将RDP转发到其他IP地址。 这是因为我需要通过RDP访问windows机器,RDP不是在我打开的标准3389端口上侦听,而是在其他端口50000上侦听 应该是这样的: Work_PC(只能使用3389端口)->gcs实例侦听端口3389转发到->目标windows机器侦听端口50000上的RDP 因此,我创建了新的clean Centos 7 micro machine(免费层VM实例google cloud),并执行以下步骤来设置防火墙: 禁用防火墙: 1.
1. sudo systemctl stop firewalld
2. sudo systemctl disable firewalld
3. sudo systemctl mask --now firewalld
1. sudo yum install iptables-services
2. sudo systemctl start iptables
3. sudo systemctl enable iptables
*iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
Active: active (exited) since Mon 2020-03-09 21:16:50 UTC; 27s ago
Main PID: 1487 (code=exited, status=0/SUCCESS)*
*systemd[1]: Starting IPv4 firewall with iptables...
iptables.init[1487]: iptables: Applying firewall rules: [ OK ]
Started IPv4 firewall with iptables.*
1.sudo sysctl -w net.ipv4.ip_forward=1
1. sudo iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to-destination DESTINATION_IP:50000
2. sudo iptables -A FORWARD -p tcp --dport 3389 -j ACCEPT
3. sudo iptables -t nat -A POSTROUTING -j MASQUERADE
4. sudo iptables -A FORWARD -p tcp --dport 50000 -j ACCEPT
5. (delete default rejection for forward) sudo iptables -D FORWARD 1
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ms-wbt-server
ACCEPT tcp -- anywhere anywhere tcp dpt:50000
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:ms-wbt-server to:DESTINATION_IP:50000
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
telnet GCS_IP_ADRESS 3389
Trying GCS_IP_ADRESS...
telnet: connect to address GCS_IP_ADRESS: Connection refused*
nmap -p 3389 GCS_IP_ADRESS
PORT STATE SERVICE
3389/tcp filtered ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ms-wbt-server
ACCEPT tcp -- anywhere anywhere tcp dpt:50000
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:ms-wbt-server to:DESTINATION_IP:50000
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
telnet GCS_IP_ADRESS 3389
Trying GCS_IP_ADRESS...
telnet: connect to address GCS_IP_ADRESS: Connection refused*
nmap -p 3389 GCS_IP_ADRESS
PORT STATE SERVICE
3389/tcp filtered ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ms-wbt-server
ACCEPT tcp -- anywhere anywhere tcp dpt:50000
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:ms-wbt-server to:DESTINATION_IP:50000
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
telnet GCS_IP_ADRESS 3389
Trying GCS_IP_ADRESS...
telnet: connect to address GCS_IP_ADRESS: Connection refused*
nmap -p 3389 GCS_IP_ADRESS
PORT STATE SERVICE
3389/tcp filtered ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ms-wbt-server
ACCEPT tcp -- anywhere anywhere tcp dpt:50000
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:ms-wbt-server to:DESTINATION_IP:50000
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
telnet GCS_IP_ADRESS 3389
Trying GCS_IP_ADRESS...
telnet: connect to address GCS_IP_ADRESS: Connection refused*
nmap -p 3389 GCS_IP_ADRESS
PORT STATE SERVICE
3389/tcp filtered ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds
你知道什么是真正奇怪的吗?我在Centos 6上做了完全相同的设置,它正在工作。Centos 7是否有任何不同的安全性或其他限制?您是否考虑过使用SSH隧道?使用简单的命令行非常容易:您考虑过使用SSH隧道吗?使用简单的命令行非常容易: