Dynamische Portforwarding

Mit gobetween dynamisch Ports von VMs freigeben

Gobetween auf dem Host (Wirt) installieren

curl -L -O https://github.com/yyyar/gobetween/releases/download/0.6.1/gobetween_0.6.1_linux_amd64.tar.gz
tar xzf gobetween_0.6.1_linux_amd64.tar.gz 
mv gobetween /usr/local/sbin/
mkdir /etc/gobetween
mv config/gobetween.toml /etc/gobetween/config.example.toml

/etc/systemd/system/gobetween.service

[Unit]
Description=TCP/UDP Forwarding and loadbalancing service
ConditionFileIsExecutable=/usr/local/sbin/gobetween

[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/usr/local/sbin/gobetween "-c" "/etc/gobetween/gobetween.toml"

User=root

Restart=always
RestartSec=120
EnvironmentFile=-/etc/sysconfig/gobetween

[Install]
WantedBy=multi-user.target

Konfigurieren Sie die gobetween HTTP API, so dass Salt-Minions dynamische Portforwardings per API anlegen können.

/etc/gobetween/gobetween.toml

[logging]
level = "info"
output = "/var/log/gobetween.log"

[defaults]
max_connections = 0              # Maximum simultaneous connections to the server
client_idle_timeout = "0"        # Client inactivity duration before forced connection drop
backend_idle_timeout = "0"       # Backend inactivity duration before forced connection drop
backend_connection_timeout = "0" # Backend connection timeout (ignored in udp)[servers]

[api]
enabled = true  # true | false
bind = "192.168.122.1:1500"  # "host:port"
cors = false    # cross-origin resource sharing

Starten Sie gobetween mit systemctl start gobetween.

Firewall anpassen

Falls eine Firewall aktiv ist, erlauben Sie gobetween die Nutzung einer Portrange und öffnen Sie den API port

ufw allow 30000:30300/tcp 
ufw allow from 192.168.122.0/24 to any port 1500
ufw reload

Portforwarding per Salt-State ausrollen

/srv/salt/vminit/portforwarding.sls

#
# Create a port forwarding to a vm using gobetween on the default gw
#


# Copy the gobetween client
/usr/local/bin/gobetween-cli:
  file.managed:
    - source: salt://vminit/gobetween-cli.py
    - user: root
    - mode: 755

# Call the client and create a portforwarding on the default gw
forward:
  cmd.run:
    - name: /usr/local/bin/gobetween-cli {{ grains['ip4_gw'] }} 22
    - stateful: True
    - requires:
      - file: /usr/local/bin/gobetween-cli

Previouseigene Deploymentscripte NextKeys automatisch aufräumen

Last updated 6 years ago