{"id":5,"date":"2019-07-04T10:10:25","date_gmt":"2019-07-04T01:10:25","guid":{"rendered":"https:\/\/hyandmj.asuscomm.com\/hblog\/?p=5"},"modified":"2021-05-03T19:43:33","modified_gmt":"2021-05-03T10:43:33","slug":"ssh-port-forwarding","status":"publish","type":"post","link":"https:\/\/hyandmj.asuscomm.com\/hblog\/?p=5","title":{"rendered":"Port Forwarding Using iptables"},"content":{"rendered":"\n

Motive<\/h3>\n\n\n\n

\uacf5\uacf5\uae30\uad00\uc774\ub098 \ud559\uad50 \ub4f1\uc758 \uacbd\uc6b0 SSH \ud3ec\ud2b8\uc778 22\ubc88\uc744 \ubcf4\uc548\uc0c1\uc758 \uc774\uc720\ub85c \uac8c\uc774\ud2b8\uc6e8\uc774 \ub2e8\uc5d0\uc11c\ubd80\ud130 \ub9c9\uc544\ub450\ub294 \uacbd\uc6b0\uac00 \uc788\ub2e4. \uae30\uad00\uc5d0 \uc815\uc2dd\uc73c\ub85c \ud2b9\uc815 IP \uc8fc\uc18c\uc758 \ud3ec\ud2b8 \uc624\ud508\uc744 \uc694\uccad\ud558\uac70\ub098 VPN \ub4f1\uc744 \uc0ac\uc6a9\ud558\ub294 \ubc29\ubc95\uc774 \uc788\uc73c\ub098, \uadf8\uac83\uc774 \uadc0\ucc2e\uc740 \uacbd\uc6b0 \uc5b4\ub5a4 \uc0ac\uc815\uc73c\ub85c \ud56d\uc2dc \uc624\ud508\ub418\uc5b4 \uc788\ub294 \ub2e4\ub978 \ud3ec\ud2b8\ub97c SSH \uc811\uc18d\uc5d0 \uc4f8 \uc218 \uc788\ub2e4. (\uae30\uad00\uc774 \uc0c1\uc2dc \uac1c\ubc29\ud560 \uac00\ub2a5\uc131\uc774 \ub192\uc740 \ud3ec\ud2b8 \ubaa9\ub85d\ub4e4: https:\/\/ko.wikipedia.org\/wiki\/TCP\/UDP%EC%9D%98_%ED%8F%AC%ED%8A%B8_%EB%AA%A9%EB%A1%9D<\/a>) \ub300\ud45c\uc801\uc73c\ub85c 80\ubc88 \ud3ec\ud2b8, 443\ubc88 \ud3ec\ud2b8 \ub4f1\uc740 HTTP \ud504\ub85c\ud1a0\ucf5c(\uc0ac\ub78c\ub4e4\uc774 \ud559\uad50 \ud648\ud398\uc774\uc9c0 \uc815\ub3c8 \uc811\uc18d\ud560 \uc218 \uc788\uc5b4\uc57c \ud558\ub2c8)\uc5d0 \uc0ac\uc6a9\ub418\ubbc0\ub85c \ub300\uac1c \ud56d\uc2dc \uc624\ud508\ub418\uc5b4 \uc788\ub2e4.<\/p>\n\n\n\n

\ubb3c\ub860 \ubcf4\uc548\uc0c1 \uad8c\uc7a5\ud560\ub9cc\ud55c \ubc29\ubc95\uc740 \uc544\ub2c8\uc9c0\ub9cc \uc774\ub7ec\ud55c \uc0c1\uc2dc \uac1c\ubc29 \ud3ec\ud2b8\ub4e4\uc744 \ub098\ub9cc\uc758 \ud3ec\ud2b8\ub85c \uc0ac\uc6a9\ud558\ub294 \uac83\uc740 \uc720\uc6a9\ud558\ub2e4. \uc811\uc18d\ud558\uace0\uc790 \ud558\ub294 \ub124\ud2b8\uc6cc\ud06c \ub0b4\uc758 \ubaa8\ub4e0 \ud130\ubbf8\ub110\uc744 \ub2e4 \ubc14\uafb8\uae30\ub294 \ucc1d\ucc1d\ud558\uae30\ub3c4 \ud558\uace0 \uadc0\ucc2e\uae30\ub3c4 \ud558\uc5ec \ubc31\ub3c4\uc5b4\uc6a9\uc73c\ub85c \uc0ac\uc6a9\ud560 \ub178\ub4dc \ud55c \ub300\ub9cc \ud3ec\ud2b8\ub97c \uc5f4\uc5b4\ub450\uace0 \ub098\uba38\uc9c0\ub294 \uadf8 \ub178\ub4dc\ub97c \uacbd\uc720\ud558\uc5ec \uc811\uc18d\ud558\ub294 \uac83\uc774 \ub098\uc758 \uc77c\ubc18\uc801\uc778 \ubc29\uc2dd\uc774\ub2e4.<\/p>\n\n\n\n

\uadf8\ub9c8\uc800\ub3c4 \uadc0\ucc2e\uc744 \ub54c \ubc31\ub3c4\uc5b4 \ub178\ub4dc\uc5d0 iptables<\/code>\ub97c \ud1b5\ud574 \ud3ec\ud2b8\ud3ec\uc6cc\ub529\uc744 \ud574\uc8fc\uc5b4 \ud2b9\uc815 \ud3ec\ud2b8\ub97c \uc0ac\uc6a9\ud558\uc5ec \ud55c \ubc88\uc5d0 \uc6d0\ud558\ub294 \uc11c\ubc84 \uc811\uc18d\uc744 \ud560 \uc218 \uc788\uac8c \ud558\uae30 \uc704\ud55c \ubc29\ubc95\uc744 \uc18c\uac1c\ud55c\ub2e4.<\/p>\n\n\n\n

\"\"
\ucd9c\ucc98: http:\/\/webterror.net\/?p=1622<\/a><\/figcaption><\/figure>\n\n\n\n

\uc704\uc758 \ub2e4\uc774\uc5b4\uadf8\ub7a8\uc5d0\uc11c \ubcfc \uc218 \uc788\ub4ef, \ud3ec\uc6cc\ub529\uc744 \ud574\uc904 \ub178\ub4dc\uc758 \uc5ed\ud560\uc740 \uadf8\ub0e5 \ud328\ud0b7\uc744 \uc2a4\uccd0\uc9c0\ub098\uac00\ub4ef \ud758\ub824\ubcf4\ub0b4\uc8fc\uae30\ub9cc \ud558\uba74 \ub418\ubbc0\ub85c \uadf8\ub9bc\uc0c1\uc5d0\uc11c PREROUTING, FORWARD, POSTROUTING \ucabd\uc758 \uaddc\uce59\ub9cc \uc5b4\ub5bb\uac8c \uc798 \ud574\uc8fc\uba74 \uc5b4\ucc0c\uc5b4\ucc0c \ub3cc\uc544\uac08 \uac83 \uac19\ub2e4\uace0 \ub300\ucda9 \ub208\uce58\ub97c \ucc4c \uc218 \uc788\ub2e4. \uadf8\ub807\ub2e4\uba74 \ubb38\uc81c\ub294 \uadf8\uac78 \uad6c\uccb4\uc801\uc73c\ub85c \uc5b4\ub5bb\uac8c \ud558\ub290\ub0d0…?<\/p>\n\n\n\n

\ud658\uacbd<\/h3>\n\n\n\n

\uc791\uc5c5 \ub178\ub4dc: \ub77c\uc988\ubca0\ub9ac \ud30c\uc7743<\/p>\n\n\n\n

OS: Raspbian 8<\/p>\n\n\n\n

Procedure<\/h3>\n\n\n\n

\ucc38\uace0 \ub9c1\ud06c: https:\/\/wikileaks.org\/ciav7p1\/cms\/page_16384684.html<\/a><\/p>\n\n\n\n

i) Enable IP Forwarding<\/h4>\n\n\n\n
sudo sysctl net.ipv4.ip_forward=1<\/code><\/pre>\n\n\n\n
\uc758 \ucee4\ub9e8\ub4dc\ub97c \uc785\ub825\ud55c\ub2e4. \ud639\uc740 config<\/code> \ud30c\uc77c\uc744 \uc9c1\uc811 \uc218\uc815\ud574\ub3c4 \ub41c\ub2e4.<\/p>\n\n\n\n
sudo vi \/etc\/sysctl.conf<\/code><\/pre>\n\n\n\n
\ub098\uc758 \uacbd\uc6b0\uc5d0\ub294 config<\/code> \ud30c\uc77c\uc744 \uc5f4\uc5b4\ubcf4\uc558\ub354\ub2c8 \uc774\ubbf8 \uc124\uc815\uc774 1\ub85c \ub418\uc5b4 \uc788\uc5b4\uc11c \uad73\uc774 \ubb54\uac00\ub97c \ubc14\uafc0 \ud544\uc694\ub294 \uc5c6\uc5c8\ub2e4. \uc774\ub294 \uc6b4\uc601\uccb4\uc81c\ub9c8\ub2e4 \uae30\ubcf8 \uc124\uc815\uc774 \ub2e4\ub97c \uac83\uc774\ubbc0\ub85c \uccb4\ud06c\ub97c \ud574\uc8fc\uc5b4\uc57c \ud560 \uac83\uc774\ub2e4.<\/p>\n\n\n\n
ii) Forward traffic on port [port] to IP [server] on port 22<\/h4>\n\n\n\n
sudo iptables -t nat -A PREROUTING -p tcp --dport [port] -j DNAT --to-destination [server]:22<\/code><\/pre>\n\n\n\n
[port]<\/code> \uc790\ub9ac\uc5d0 \ud3ec\uc6cc\ub529\ud560 \ud3ec\ud2b8, [server]<\/code> \uc790\ub9ac\uc5d0 \ub77c\uc988\ubca0\ub9ac\ub97c \uacbd\uc720\ud574 \uc811\uc18d\ud560 \uc11c\ubc84\uc758 \uc8fc\uc18c. \uc608\ub97c \ub4e4\uc5b4 \ub77c\uc988\ubca0\ub9ac\uc758 1111<\/code>\ubc88 \ud3ec\ud2b8\ub97c 1.1.1.1<\/code>\uc758 \uc8fc\uc18c\ub97c \uac00\uc9c4 \uc11c\ubc84\ub85c \ud3ec\uc6cc\ub529\ud558\uace0 \uc2f6\ub2e4\uba74,<\/p>\n\n\n\n
sudo iptables -t nat -A PREROUTING -p tcp --dport 1111 -j DNAT --to-destination 1.1.1.1:22<\/code><\/pre>\n\n\n\n
iii) Nothing for FORWARD<\/h4>\n\n\n\n
\ud544\ud130\ub9c1 \ub530\uc704\ub294 \uc5c6\uc774 \ubaa8\ub4e0 \ud328\ud0b7\uc774 \uc774\ub78f\uc0e4\uc774\ub9c8\uc138\uc774\ubbc0\ub85c FORWARD\uc5d0 \ud574\ub2f9\ud558\ub294 \uaddc\uce59\uc740 \uc544\ubb34\uac83\ub3c4 \uc815\ud558\uc9c0 \uc54a\uc744 \uac83\uc774\ub2e4. \ubb3c\ub860 FORWARD chain\uc758 \uae30\ubcf8\uc815\ucc45\uc740 ACCEPT\uc5ec\uc57c \ud560 \uac83\uc774\ub2e4. ACCEPT\ub85c \uc548\ub418\uc5b4 \uc788\ub2e4\uba74,<\/p>\n\n\n\n
sudo iptables -P FORWARD ACCEPT<\/code><\/pre>\n\n\n\n
iv) Ask iptables to Masquerade<\/h4>\n\n\n\n
sudo iptables -t nat -A POSTROUTING -j MASQUERADE<\/code><\/pre>\n\n\n\n
\ud074\ub77c\uc774\uc5b8\ud2b8\uc758 \uc8fc\uc18c\uac00 \uc544\ub2c8\ub77c \ub77c\uc988\ubca0\ub9ac\uc758 \uc8fc\uc18c\ub85c \ud328\ud0b7\uc744 \ub2e4\uc2dc \uc368\uc57c \ud55c\ub2e4. (\ub9c8\uc2a4\ucee4\ub808\uc774\ub529\uc740 \ub098\ub3c4 \uc644\ubcbd\ud558\uac8c \uc774\ud574\ud55c \uac83\uc740 \uc544\ub2c8\ubbc0\ub85c \ub098\uc911\uc5d0 \uae30\ud68c\uac00 \ub418\uba74 \ub2e4\ub904\ubcf4\uaca0\uc74c.)<\/p>\n\n\n\n
v) Test<\/h4>\n\n\n\n
\uc544\ubb34 \ud074\ub77c\uc774\uc5b8\ud2b8\uc5d0\uc11c \ub77c\uc988\ubca0\ub9ac\ud30c\uc774\uc758 1111<\/code> \ud3ec\ud2b8\ub85c ssh \uc811\uc18d\uc744 \uc2dc\ub3c4\ud574\ubcf8\ub2e4. \uc815\uc0c1\uc801\uc73c\ub85c \uc138\ud305\uc774 \ub418\uc5c8\ub2e4\uba74 ssh \uc811\uc18d\uc774 \ub77c\uc988\ubca0\ub9ac\uac00 \uc544\ub2cc, \ud3ec\uc6cc\ub529\ub41c \uc11c\ubc84\ub85c \ub420 \uac83\uc774\ub2e4. \ub610\ud55c \ud638\uc2a4\ud2b8 \uc785\uc7a5\uc5d0\uc11c\ub294 ssh \uc138\uc158\uc744 \uc678\ubd80 \uc8fc\uc18c\uac00 \uc544\ub2cc \ub77c\uc988\ubca0\ub9ac \ud30c\uc774\uac00 \uc811\uc18d\ud55c \uac83\uc73c\ub85c \uc778\uc2dd\ud560 \uac83\uc774\ub2e4.<\/p>\n\n\n\n
vi) Save iptables rules<\/h4>\n\n\n\n
iptables<\/code>\uc5d0 \uae30\ub85d\ub41c \uaddc\uce59\ub4e4\uc740 \uc2dc\uc2a4\ud15c\uc744 \ub9ac\ubd80\ud2b8\ud558\uba74 \ub2e4 \uc0ac\ub77c\uc838\ubc84\ub9b0\ub2e4. \ub9e4\ubc88 \ub9ac\ubd80\ud305 \ud560\ub54c\ub9c8\ub2e4 \ub2e4\uc2dc \uc704\uc758 \uc124\uc815\uc744 \ud574\uc8fc\uba74 \ub418\uc9c0\ub9cc, \uadc0\ucc2e\uc740 \uc0ac\ub78c\uc774\ub77c\uba74 \uc790\ub3d9\uc73c\ub85c \ud574\uc8fc\uba74 \ub418\ub294\ub370 \uc774\uac74 \uc704\uc758 \ucc38\uace0 \ub9c1\ud06c\uc5d0\uc11c \ubc29\ubc95\uc744 \ud655\uc778\ud560 \uc218 \uc788\ub2e4.<\/p>\n\n\n\n
2019. 11. 8. \ucd94\uac00)<\/p>\n\n\n\n
\uc704\uc758 \ub9c1\ud06c\ub294 \uc880 \uad6c\ub2e5\ub2e4\ub9ac \ubc29\uc2dd\uc778 \ub4ef \ud558\uace0 \uc544\ub798 \ub9c1\ud06c\uac00 \ub354 \ub098\uc740 \uac83 \uac19\uc74c.<\/p>\n\n\n\n
https:\/\/www.thomas-krenn.com\/en\/wiki\/Saving_Iptables_Firewall_Rules_Permanently<\/a><\/p>\n\n\n\n
\n\n\n\n
iptables<\/code>\ub85c \uc774\uac83\uc800\uac83 \uc138\ud305\ud558\ub2e4\ubcf4\ub2c8 \uc720\ubb34\uc120\uacf5\uc720\uae30\ub77c\ub294\uac8c \uc0ac\uc2e4 \ubcc4\uac8c \uc544\ub2c8\ub77c \uc774\ub7f0 \uc2dd\uc73c\ub85c \ub3d9\uc791\ud558\ub294\uac74\uac00 \uc2f6\ub2e4. <\/p>\n","protected":false},"excerpt":{"rendered":"
Motive \uacf5\uacf5\uae30\uad00\uc774\ub098 \ud559\uad50 \ub4f1\uc758 \uacbd\uc6b0 SSH \ud3ec\ud2b8\uc778 22\ubc88\uc744 \ubcf4\uc548\uc0c1\uc758 \uc774\uc720\ub85c \uac8c\uc774\ud2b8\uc6e8\uc774 \ub2e8\uc5d0\uc11c\ubd80\ud130 \ub9c9\uc544\ub450\ub294 \uacbd\uc6b0\uac00 \uc788\ub2e4. \uae30\uad00\uc5d0 \uc815\uc2dd\uc73c\ub85c \ud2b9\uc815 IP \uc8fc\uc18c\uc758 \ud3ec\ud2b8 \uc624\ud508\uc744 \uc694\uccad\ud558\uac70\ub098 VPN \ub4f1\uc744 \uc0ac\uc6a9\ud558\ub294 \ubc29\ubc95\uc774 \uc788\uc73c\ub098, \uadf8\uac83\uc774 \uadc0\ucc2e\uc740 \uacbd\uc6b0 \uc5b4\ub5a4 \uc0ac\uc815\uc73c\ub85c \ud56d\uc2dc \uc624\ud508\ub418\uc5b4 \uc788\ub294 \ub2e4\ub978 \ud3ec\ud2b8\ub97c SSH \uc811\uc18d\uc5d0 \uc4f8 \uc218 \uc788\ub2e4. (\uae30\uad00\uc774 \uc0c1\uc2dc \uac1c\ubc29\ud560 \uac00\ub2a5\uc131\uc774 \ub192\uc740 \ud3ec\ud2b8 \ubaa9\ub85d\ub4e4: […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[13,12],"class_list":["post-5","post","type-post","status-publish","format-standard","hentry","category-linux","tag-13","tag-12"],"_links":{"self":[{"href":"https:\/\/hyandmj.asuscomm.com\/hblog\/index.php?rest_route=\/wp\/v2\/posts\/5","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hyandmj.asuscomm.com\/hblog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hyandmj.asuscomm.com\/hblog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hyandmj.asuscomm.com\/hblog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hyandmj.asuscomm.com\/hblog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5"}],"version-history":[{"count":36,"href":"https:\/\/hyandmj.asuscomm.com\/hblog\/index.php?rest_route=\/wp\/v2\/posts\/5\/revisions"}],"predecessor-version":[{"id":786,"href":"https:\/\/hyandmj.asuscomm.com\/hblog\/index.php?rest_route=\/wp\/v2\/posts\/5\/revisions\/786"}],"wp:attachment":[{"href":"https:\/\/hyandmj.asuscomm.com\/hblog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hyandmj.asuscomm.com\/hblog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hyandmj.asuscomm.com\/hblog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}