1, Basic principle of Intranet penetration
Intranet penetration is also called NAT There are many common tools for penetration, such as ngrok, peanut shell, frp, etc
frp is divided into server and client. The former runs on the server with public IP, and the latter runs on the devices in the LAN. By default, the server will open port 7000 first, and then the client will connect with it.
At the same time, the client can open the port for ssh (such as 3306 below) and map it with a port on the server (such as 5200 below). In this way, when the terminal accesses the port on the server (5200), it will automatically forward it to the client.
2, Server installation (linux)
1. Installation and startup
wget https://github.com/fatedier/frp/releases/download/v0.33.0/frp_0.33.0_linux_amd64.tar.gz tar zxvf frp_0.33.0_linux_amd64.tar.gz cd frp_0.33.0_linux_amd64/
The server configuration file is frps.ini, which is bound to port 7000 by default. If you purchase an ECS, please open port 7000.
[common] bind_port = 7000
Start the frp service through the fprs binary.
./frps -c ./frps.ini
The following prompt indicates that the installation is successful.
2. Alicloud server releases ports 7000, 7500 and 5200
View released ports
Release the 7000 and 7500 ports
firewall-cmd --zone=public --add-port=7000/tcp --permanent firewall-cmd --zone=public --add-port=7500/tcp --permanent
firewall-cmd --zone=public --add-port=5200/tcp --permanent
service iptables restart
Adding rules to ECS firewall
3. Setting up dashboard_port ,dashboard_user ,dashboard_pwd
Turn off frps first
ps -ef | grep frps kill -9 process id
Add the following:
[common] bind_port = 7000 dashboard_port = 7500 dashboard_user = admin dashboard_pwd = 123456
Restart frps. The effect is as follows:
Browser access: http: / / public ip:7500 /, and a dialog box pops up
After entering the user name and password, the effect is as follows:
3, Client installation (windows)
Since I install the client in the windows system, I need to download the frp installation package for windows. Note: the version of frp on the server should be consistent with that on the client. For example, the version of frp on the server is 0.33.0
, the frp for windows should also be 0.33.0.
Download website: https://github.com/fatedier/frp/releases
After downloading, unzip the file as follows:
The configuration file of the client is frpc.ini, and c is the client. The configuration is as follows:
[common] server_addr = Public network ip server_port = 7000 [ssh] type = tcp local_ip = 127.0.0.1 local_port = 3306 remote_port = 5200
common is a universal configuration
- server_addr is the IP address of the public network server
- server_port is the 7000 port configured for the public network server
ssh is used for terminal command line access
- Type connection type. The default is tcp
- local_ip local IP
- local_port is the port number used for ssh. The default is 22
- remote_port is mapped to the server port. When accessing this port, it will be forwarded to port 22 of the client by default
3306 is the local mysql port. 5200 is added after mstsc requests the public network, and it can be forwarded to my computer with frpc.
Then start the service, and cmd enters the directory where frpc.exe is located
frpc.exe -c frpc.ini
After successful startup, the effect is as follows:
4, Access intranet services
1. MySQL for remote access to Intranet
Use navicat to access the MySQL of the intranet. Enter the IP of the public server, enter the port 5200, and enter the user name and password of the MySQL of the intranet server
2. nginx for remote access to intranet server
The intranet server starts nginx and the port is 8081. First ensure that nginx can be accessed on the intranet server
Modify the configuration file of frpc client
[common] server_addr = Public network ip server_port = 7000 [ssh] type = tcp local_ip = 127.0.0.1 local_port = 8081 remote_port = 5200
In the remote access: http: / / public ip:5200 /, you can access the nginx of the intranet server.
Note: in remote access, the ip is the public network ip and the port is 5200.
If you want to access tomcat with port 8082 of intranet server, you only need to change the configuration file of frpc client, as follows
[common] server_addr = Public network ip server_port = 7000 [ssh] type = tcp local_ip = 127.0.0.1 local_port = 8082 remote_port = 5200
When you access http: / / public ip:5200 /, you access the tomcat of the intranet server.
If you want to access both the nginx of 8081 of the intranet server and the tomcat of 8082 of the intranet server, you need to add another port of 5201.