Article Directory
Routing and forwarding
- Add route
- Security group opens the corresponding port
- Configure nat table back and forth must be configured
Security group on
Traffic forwarding
- The most important content is:
Suppose that the IP of a service (you understand) built on your hai wai server (transited) is 2.2.2.2, and a service port is 10000.
Assume that the IP of the transit server is 1.1.1.1, the local listening port and a service The port is inconsistent, the local listening port is 20000.
Then, the client of a certain service, the server of adding a certain service, the IP fill in 1.1.1.1, the port fill in 20000, other passwords / encryption methods / protocols / obfuscation, etc. are all the same as the original service account!
Set up frpc service to realize intranet penetration
refer@this
first step
Via the link: https://github.com/fatedier/frp/releases/download/v0.14.1/frp_0.14.1_linux_amd64.tar.gz download the frp installation package.
Save the downloaded installation package frp_0.14.1_linux_amd64.tar.gz to your public network IP server and intranet server respectively, and unzip them separately.
tar zxvf ./frp_0.14.1_linux_amd64.tar.gz
cd frp_0.14.1_linux_amd64/
# 目录内容如下
# frpc frpc_full.ini frpc.ini frps frps_full.ini frps.ini LICENSE
Second step
Modify the frps.ini configuration file in the directory on the public IP server, and change bind_port to the available port you like
Modify the frpc.ini configuration file in the intranet IP server, server_port is changed to the same port as the previous step bind_port, remote_port is set to a port available on the intranet, and server_addr is changed to your public network available server IP address.
[common]
server_addr = 123.123.123.123
server_port = 7000
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000
third step
Start the corresponding services of the public network server and the internal network server respectively.
First start frps in the public network server.
cd frp_0.14.1_linux_amd64/
./frps -c ./frps.ini
# 链接成功会出现如下内容
#2017/12/21 20:23:25 [I] [service.go:88] frps tcp listen on 0.0.0.0:7000
#2017/12/21 20:23:25 [I] [main.go:112] Start frps success
#2017/12/21 20:23:25 [I] [main.go:114] PrivilegeMode is enabled, you should pay more attention to security issues
# 以上命令用于测试,在实际使用中可使用如下命令在后台运行
nohup ./frps -c ./frps.ini > /dev/null 2>&1 &
After the public network server is successfully started, start frpc on the internal network server.
cd frp_0.14.1_linux_amd64/
./frpc -c ./frpc.ini
# 链接成功会出现如下内容
# 2017/12/21 20:18:13 [I] [control.go:277] [fabbf33cfb85d5bd] login to server success, get run id [fabbf33cfb85d5bd], server udp port [0]
# 2017/12/21 20:18:13 [I] [control.go:412] [fabbf33cfb85d5bd] [ssh] start proxy success
# 以上命令用于测试,在实际使用中请使用如下命令在后台运行
nohup ./frpc -c ./frpc.ini > /dev/null 2>&1 &
the fourth step
Access the intranet server directly via SSH in Linux or in the built-in Linux subsystem of Windows. Username is the user name of the intranet server, and the IP address behind is the IP address of the public network server.
ssh -oPort=6000 [email protected]