24owls
2021-10-14 00:28:17 +08:00
刚刚读了一遍 nft(8), 你这个看起来可以用 nft notrack 解决
nft 规则: 127.0.1.1:1234 -> 127.0.1.2:4321
# nft -f- <<EOF
table inet raw {
chain prerouting {
type filter hook prerouting priority raw; policy accept;
ip daddr 127.0.1.1 tcp dport 1234 notrack ip daddr set 127.0.1.2 tcp dport set 4321 log prefix "RAW "
ip saddr 127.0.1.2 tcp sport 4321 notrack ip saddr set 127.0.1.1 tcp sport set 1234 log prefix "RAW "
}
}
EOF
测试结果
# echo 4321 out | nc -l 127.0.1.2 4321 &
# echo to 1234 | nc 127.0.1.1 1234
4321 out
to 1234
[1] + Done echo 4321 out | nc -l 127.0.1.2 4321
log 记录
# journalctl --priority=warning..warning --no-hostname | grep RAW
Oct 14 00:22:47 kernel: RAW IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.1.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=1234 DPT=41882 WINDOW=65483 RES=0x00 ACK SYN URGP=0
Oct 14 00:22:47 kernel: RAW IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=49359 DF PROTO=TCP SPT=41882 DPT=4321 WINDOW=512 RES=0x00 ACK URGP=0
Oct 14 00:22:47 kernel: RAW IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=49360 DF PROTO=TCP SPT=41882 DPT=4321 WINDOW=512 RES=0x00 ACK PSH URGP=0
Oct 14 00:22:47 kernel: RAW IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.1.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=30729 DF PROTO=TCP SPT=1234 DPT=41882 WINDOW=512 RES=0x00 ACK URGP=0
Oct 14 00:22:47 kernel: RAW IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=49361 DF PROTO=TCP SPT=41882 DPT=4321 WINDOW=512 RES=0x00 ACK FIN URGP=0
Oct 14 00:22:47 kernel: RAW IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.1.1 DST=127.0.0.1 LEN=61 TOS=0x00 PREC=0x00 TTL=64 ID=30730 DF PROTO=TCP SPT=1234 DPT=41882 WINDOW=512 RES=0x00 ACK PSH URGP=0
Oct 14 00:22:47 kernel: RAW IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=49362 DF PROTO=TCP SPT=41882 DPT=4321 WINDOW=512 RES=0x00 ACK URGP=0
Oct 14 00:22:47 kernel: RAW IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.1.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=30731 DF PROTO=TCP SPT=1234 DPT=41882 WINDOW=512 RES=0x00 ACK FIN URGP=0
Oct 14 00:22:47 kernel: RAW IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=49363 DF PROTO=TCP SPT=41882 DPT=4321 WINDOW=512 RES=0x00 ACK URGP=0