Routing and forwarding

Add route
- Official documents
- Specific configuration
Security group opens the corresponding port
Configure nat table back and forth must be configured
- iptables & ufw

Security group on

Official documents

Traffic forwarding

You know

The most important content is:

Suppose that the IP of a service (you understand) built on your hai wai server (transited) is 2.2.2.2, and a service port is 10000.

Assume that the IP of the transit server is 1.1.1.1, the local listening port and a service The port is inconsistent, the local listening port is 20000.

Then, the client of a certain service, the server of adding a certain service, the IP fill in 1.1.1.1, the port fill in 20000, other passwords / encryption methods / protocols / obfuscation, etc. are all the same as the original service account!

Set up frpc service to realize intranet penetration

refer@this

first step

Via the link: https://github.com/fatedier/frp/releases/download/v0.14.1/frp_0.14.1_linux_amd64.tar.gz download the frp installation package.
Save the downloaded installation package frp_0.14.1_linux_amd64.tar.gz to your public network IP server and intranet server respectively, and unzip them separately.

tar zxvf ./frp_0.14.1_linux_amd64.tar.gz
cd frp_0.14.1_linux_amd64/

# 目录内容如下
# frpc  frpc_full.ini  frpc.ini  frps  frps_full.ini  frps.ini  LICENSE

Second step

Modify the frps.ini configuration file in the directory on the public IP server, and change bind_port to the available port you like

Modify the frpc.ini configuration file in the intranet IP server, server_port is changed to the same port as the previous step bind_port, remote_port is set to a port available on the intranet, and server_addr is changed to your public network available server IP address.

[common]
server_addr = 123.123.123.123
server_port = 7000

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000

third step

Start the corresponding services of the public network server and the internal network server respectively.
First start frps in the public network server.

cd frp_0.14.1_linux_amd64/
./frps -c ./frps.ini

# 链接成功会出现如下内容
#2017/12/21 20:23:25 [I] [service.go:88] frps tcp listen on 0.0.0.0:7000
#2017/12/21 20:23:25 [I] [main.go:112] Start frps success
#2017/12/21 20:23:25 [I] [main.go:114] PrivilegeMode is enabled, you should pay more attention to security issues

# 以上命令用于测试，在实际使用中可使用如下命令在后台运行
nohup ./frps -c ./frps.ini > /dev/null 2>&1 &

After the public network server is successfully started, start frpc on the internal network server.

cd frp_0.14.1_linux_amd64/
./frpc -c ./frpc.ini

# 链接成功会出现如下内容
# 2017/12/21 20:18:13 [I] [control.go:277] [fabbf33cfb85d5bd] login to server success, get run id [fabbf33cfb85d5bd], server udp port [0]
# 2017/12/21 20:18:13 [I] [control.go:412] [fabbf33cfb85d5bd] [ssh] start proxy success

# 以上命令用于测试，在实际使用中请使用如下命令在后台运行
nohup ./frpc -c ./frpc.ini > /dev/null 2>&1 &

the fourth step

Access the intranet server directly via SSH in Linux or in the built-in Linux subsystem of Windows. Username is the user name of the intranet server, and the IP address behind is the IP address of the public network server.