好用的端口映射工具

intro: I really need to write some proper docs, don't I :-) louis@steelbytes.com support: http://forum.steelbytes.com ********** [ Main options ] ********** Enabled: enables/disables this port mapping port in and bind address: is what PortTunnel will listen on. port out and address out: is where valid connections will have the data tunneled to. add to total stats: add active connections, kb/s in and kb/s out of this entry to total values of the title bar. ********** [ end Main options ] ********** ********** [ IP Security options ] ********** main text window: enter the IPs you want to accept/block. search for ip: allows you ask which line will decide the result of a connection request from a choosen IP. redirect bad IPs: allows you to redirect 'blocked' ips to a different ip/port. if this is ticked and has 0 for the port or a blank address, the IP will be blocked. if this is ticked and doesn't have 0 for the port and doesn't doesn't a blank address, the IP will be redirected. if this is unticked and you are using win2k/xp then the IP will be blocked, and the port placed in stealth mode (the client doesn't receive any reply to the attempted connection), they will just time out as though there was no server PC at the address/port at all. if this is unticked and you are not using win2k/xp. the IP will be blocked. advanced stuff ........ to use an external file for the ips, do something like the following 1. in the IP Security tab, enter i,c:\valid_ips.txt 2. create c:\valid_ips.txt, and use the same syntax inside it eg. y,127.0.0.1 y,12.34.56.78 n,* // etc and then every time you modify c:\valid_ips.txt, porttunnel will notice, and reload it. (it checks the date/time stamp every 30 seconds). so have your perl script (or whatever method you choose) generate/update c:\valid_ips.txt whenever you want. you can even 'nest' these files, ie have one c:\valid_ips.txt include another file with the 'i' syntax. you can also have multiple includes, etc. here's an example I just typed up, to show you the flexibility .... ----- [start example] ----- ----- [in ftp port mapping IP security tab] ----- i,c:\ftp_valid_ips.txt ----- [end] ----- ----- [in irc port mapping IP security tab] ----- i,c:\irc_valid_ips.txt ----- [end] ----- ----- [in file c:\ftp_valid_ips.txt] ----- i,c:\global_ban_list.txt y,34.56.78.99 // a friend I let use ftp i,c:\global_ok_list.txt n,* ----- [end] ----- ----- [in file c:\irc_valid_ips.txt] ----- i,c:\global_ban_list.txt y,12.45.12.45 // a friend I let use irc i,c:\global_ok_list.txt n,* ----- [end] ----- ----- [in file c:\global_ok_list.txt] ----- y,66.66.66.66 // a friend I let use every thing ----- [end] ----- ----- [in file c:\global_ban_list.txt] ----- n,33.44.66.77 // a lamer I hate ---- [end] ----- ----- [end example] ----- try studying the default stuff in the IP Security tab, that has simple examples showing the syntax. ********** [ end IP Security options ] ********** ********** [ HTTP options ] ********** prefix http 1.1 connect: this is for tunneling out through a proxy. eg. you are at work, and work only allows you to connect to the inet via a proxy, but you want to use IRC. 1. create a port mapping on 127.0.0.1:6667 redirecting to the proxy address (eg proxy.company.local:8080). 2. tick prefix http connect, and enter the details of the irc server eg ircserver.ircnetwork.net:6667 3. point your IRC client to 127.0.0.1:6667. note: this wont work in all cases, as some times the proxy is configured to disallow connections with this method to some ports. Add ProxyAuthenticate: use this in the above example if the proxy server requires a user/password (only works with 'basic' style proxy authentication) Fix Port Numbers: this will change the port number in the http url request (including Header and Location). Why ? So if your are redirecting say from port 80 to 81, then without this, the http server would receive a request with port 80 in the url, which may confuse it since it thinks its on 81. Note there is currently a side effect of this switch, if the http server replies with a redirect (eg http 301, or 302) that points to a different server, then the port may be incorrectly changed by PortTunnel. eg (assuming that porttunnel is listening on 81, and the http server is on 82) client sends GET http://test.server:81/folder HTTP/1.1 Host: test.server portTunnel changes it to GET http://test.server:82/folder HTTP/1.1 Host: test.server:88 and IIS will send back a HTTP/1.0 302 Moved Temporarily Location: http://test.server:82/folder/ and PortTunnel chages it to HTTP/1.0 302 Moved Temporarily Location: http://test.server:81/folder/ note: if a port to be added/changed to the url is 80, then it is ommited, as port 80 is the default for http, and is therefore not required. Add X-Client-Address to request header: adds a line to the request of the form X-Client-Address: aab.bbb.ccc.ddd this maybe useful for some logging or scripting purposes. ********** [ end HTTP options ] ********** ********** [ FTP options ] ********** translate ftp port and pasv: if you are redirecting a ftp connection, tick this (this is also known as 'FTP Bouncing'). PortTunnel will create port mappings for each data connection as needed when this is ticked. use alternate address in pasv replys: this is for when your ftp server is behind a nat/router/etc. tick this, and stick in the public ip of the nat/router. Only for clients in a different subnet (Class C): the alternated address will only be used if the client is connecting from an IP that is not of the same mask. (eg 192.168.0.1 and 192.168.0.10 are on the same class csubnet, but 192.168.0.1 and 192.168.1.1 are not) Use the following port range for pasv: this is if you wish to restrict the port range used for PASV mode transfers. eg1, your ftp server is on a home lan behind a hardware router/nat (eg a cable/xdsl sharing device from the likes of netgear). do the following. 1. install porttunnel on a pc on the lan. and configure a mapping with the following settings a. listen on port 0.0.0.0:21 b. redirect to ftp-server-lan-ip:1021 c. tick translate port & pasv d. tick use alternate pasv address, and enter the public address of the nat/router (can be a dns name - eg myaddress.dyndns.org) e. tick use the following port range, and enter 5001-5020 2. configure ftp-server to listen on port 1021 3. configure router/nat to redirect port 21 and ports 5001-5020 to the lan-ip of the pc with porttunnel. if you have problems connecting to this server from other PCs on the same LAN, then tick the only for clients on the same subnet option. eg2, you ftp server is on a home lan behind a windows router/nat (eg ICS in a recent version of windows, or wingate, etc) 1. install porttunnel on the router pc. and configure a mapping with the following settings a. listen on port 0.0.0.0:21 b. redirect to ftp-server-lan-ip:1021 c. tick translate port & pasv 2. configure ftp-server to listen on port 1021 note1: port 1021 has been used here as an example. any port that does not clash with anything else is ok. note2: some nat/routing devices may mess with the data stream if you use port 21. therefore, if you have problems try a different port like 1021 Add IDNT: if the target ftp server accepts or requires IDNT, tick this. Note with RaidenFTPD to use IDNT, you have to add the IP of the PC running PortTunnel to the BOUNCERIP= line in the .ftpd file. ********** [ end FTP options ] ********** ********** [ SMTP options (licensed only)] ********** relay filtering .... *****