Intranet penetration frp

1, Basic principle of Intranet penetration

Intranet penetration is also called   NAT   There are many common tools for penetration, such as ngrok, peanut shell, frp, etc

frp is divided into server and client. The former runs on the server with public IP, and the latter runs on the devices in the LAN. By default, the server will open port 7000 first, and then the client will connect with it.

At the same time, the client can open the port for ssh (such as 3306 below) and map it with a port on the server (such as 5200 below). In this way, when the terminal accesses the port on the server (5200), it will automatically forward it to the client.

2, Server installation (linux)

1. Installation and startup

tar zxvf frp_0.33.0_linux_amd64.tar.gz
cd frp_0.33.0_linux_amd64/

The server configuration file is frps.ini, which is bound to port 7000 by default. If you purchase an ECS, please open port 7000.

bind_port = 7000

Start the frp service through the fprs binary.

./frps -c ./frps.ini

The following prompt indicates that the installation is successful.

2. Alicloud server releases ports 7000, 7500 and 5200

View released ports

firewall-cmd --list-port

Release the 7000 and 7500 ports

firewall-cmd --zone=public --add-port=7000/tcp --permanent
firewall-cmd --zone=public --add-port=7500/tcp --permanent
firewall-cmd --zone=public --add-port=5200/tcp --permanent

service iptables restart

firewall-cmd --reload

Adding rules to ECS firewall

3. Setting up dashboard_port ,dashboard_user ,dashboard_pwd

Turn off frps first

ps -ef | grep frps
kill -9 process id

Edit frps.ini

vim frps.ini

Add the following:

bind_port = 7000
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = 123456

Restart frps. The effect is as follows:

Browser access: http: / / public ip:7500 /, and a dialog box pops up

After entering the user name and password, the effect is as follows:

Click TCP


3, Client installation (windows)

Since I install the client in the windows system, I need to download the frp installation package for windows. Note: the version of frp on the server should be consistent with that on the client. For example, the version of frp on the server is 0.33.0

, the frp for windows should also be 0.33.0.

Download website:

After downloading, unzip the file as follows:

  The configuration file of the client is frpc.ini, and c is the client. The configuration is as follows:

server_addr = Public network ip
server_port = 7000

type = tcp
local_ip =
local_port = 3306
remote_port = 5200

common is a universal configuration

  • server_addr is the IP address of the public network server
  • server_port is the 7000 port configured for the public network server

ssh is used for terminal command line access

  • Type connection type. The default is tcp
  • local_ip local IP
  • local_port is the port number used for ssh. The default is 22
  • remote_port is mapped to the server port. When accessing this port, it will be forwarded to port 22 of the client by default

3306 is the local mysql port. 5200 is added after mstsc requests the public network, and it can be forwarded to my computer with frpc.

Then start the service, and cmd enters the directory where frpc.exe is located

frpc.exe -c frpc.ini

  After successful startup, the effect is as follows:


4, Access intranet services

1. MySQL for remote access to Intranet

Use navicat to access the MySQL of the intranet. Enter the IP of the public server, enter the port 5200, and enter the user name and password of the MySQL of the intranet server

2. nginx for remote access to intranet server

The intranet server starts nginx and the port is 8081. First ensure that nginx can be accessed on the intranet server

Modify the configuration file of frpc client

server_addr = Public network ip
server_port = 7000

type = tcp
local_ip =
local_port = 8081
remote_port = 5200

Restart frpc

In the remote access: http: / / public ip:5200 /, you can access the nginx of the intranet server.

Note: in remote access, the ip is the public network ip and the port is 5200.

If you want to access tomcat with port 8082 of intranet server, you only need to change the configuration file of frpc client, as follows

server_addr = Public network ip
server_port = 7000

type = tcp
local_ip =
local_port = 8082
remote_port = 5200

When you access http: / / public ip:5200 /, you access the tomcat of the intranet server.

If you want to access both the nginx of 8081 of the intranet server and the tomcat of 8082 of the intranet server, you need to add another port of 5201.


Posted on Thu, 02 Dec 2021 17:24:21 -0500 by Errant_Shadow