[Unit]
Description=TCP/UDP Forwarding and loadbalancing service
ConditionFileIsExecutable=/usr/local/sbin/gobetween
[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/usr/local/sbin/gobetween "-c" "/etc/gobetween/gobetween.toml"
User=root
Restart=always
RestartSec=120
EnvironmentFile=-/etc/sysconfig/gobetween
[Install]
WantedBy=multi-user.target
Konfigurieren Sie die gobetween HTTP API, so dass Salt-Minions dynamische Portforwardings per API anlegen können.
/etc/gobetween/gobetween.toml
[logging]
level = "info"
output = "/var/log/gobetween.log"
[defaults]
max_connections = 0 # Maximum simultaneous connections to the server
client_idle_timeout = "0" # Client inactivity duration before forced connection drop
backend_idle_timeout = "0" # Backend inactivity duration before forced connection drop
backend_connection_timeout = "0" # Backend connection timeout (ignored in udp)[servers]
[api]
enabled = true # true | false
bind = "192.168.122.1:1500" # "host:port"
cors = false # cross-origin resource sharing
Starten Sie gobetween mit systemctl start gobetween.
Firewall anpassen
Falls eine Firewall aktiv ist, erlauben Sie gobetween die Nutzung einer Portrange und öffnen Sie den API port
ufw allow 30000:30300/tcp
ufw allow from 192.168.122.0/24 to any port 1500
ufw reload
Portforwarding per Salt-State ausrollen
/srv/salt/vminit/portforwarding.sls
#
# Create a port forwarding to a vm using gobetween on the default gw
#
# Copy the gobetween client
/usr/local/bin/gobetween-cli:
file.managed:
- source: salt://vminit/gobetween-cli.py
- user: root
- mode: 755
# Call the client and create a portforwarding on the default gw
forward:
cmd.run:
- name: /usr/local/bin/gobetween-cli {{ grains['ip4_gw'] }} 22
- stateful: True
- requires:
- file: /usr/local/bin/gobetween-cli
