To home page

Port forwarding with Rinetd

Simple TCP traffic redirection on VPS and dedicated servers.

Rinetd is a lightweight, single-process TCP proxy that forwards connections from one IP address and port to another. It's perfect for VPS and dedicated servers when you need to:

  • forward a public port to an internal server or service
  • run multiple services on the same public port
  • provide access to services behind NAT or in a private network
  • set up quick port forwarding without complex iptables rules

Rinetd uses non-blocking I/O and runs as a single process, so it can handle a large number of concurrent connections with minimal impact on the server.

Installing Rinetd

Ubuntu / Debian:

sudo apt update
sudo apt install rinetd -y

CentOS / RHEL / AlmaLinux / Rocky:

sudo yum install rinetd -y
# or
sudo dnf install rinetd -y

Configure port forwarding

  1. Open the configuration file:
sudo nano /etc/rinetd.conf
  1. Add forwarding rules at the end of the file in this format:
public_IP external_port internal_IP internal_port

Example (forwarding from a public IP to multiple internal servers):

85.85.85.85 12341 192.168.1.5  1234
85.85.85.85 12342 192.168.1.6  1234
85.85.85.85 12343 192.168.1.7  1234
85.85.85.85 12344 192.168.1.8  1234
85.85.85.85 12345 192.168.1.9  1234
  • Column 1: public IP the server listens on (or 0.0.0.0 for all interfaces)
  • Column 2: external port rinetd listens on
  • Column 3: internal IP to forward traffic to
  • Column 4: internal port on the target machine

Use spaces (not tabs) between columns. Add one line per forwarding rule. Save the file (Ctrl+O → Enter → Ctrl+X).

  1. Restart rinetd to apply changes:
sudo systemctl restart rinetd
# or
sudo service rinetd restart

Verify it works

  1. Check that the service is running:
sudo systemctl status rinetd
  1. See which ports rinetd is listening on:
sudo ss -tuln | grep rinetd

or

sudo netstat -tuln | grep rinetd
  1. Test the forwarding:
  • Connect from outside to your public IP on port 12341 → traffic should reach 192.168.1.5:1234
  • Use telnet, nc (netcat), or any client to verify.

Useful notes

  • By default rinetd doesn't log anything. To enable logging, add to /etc/rinetd.conf:
log /var/log/rinetd.log
  • To restrict access to specific source IPs, use iptables or firewall-cmd rules before rinetd.
  • Under very high load (thousands of connections), rinetd may consume significant memory — monitor with top or htop.
  • Alternatives: socat, iptables DNAT, HAProxy, NGINX stream module — but rinetd is the simplest and lightest for basic port forwarding.

Help

If you have any questions or need assistance, please contact us through the ticket system — we're always here to help!

Need help?Our engineers will help you free of charge with any question in minutesContact us