[Curiosity driving force] Intranet forwarding-building an ICMP tunnel (PingTunnel)

1. Network topology

192.168.10.1 is the physical machine
192.168.10.111 is the bridge virtual machine 1 (linux)
192.168.10.109 is the dual network card virtual machine 2 (Linux with NAT connection IP is 10.10.10.136)
10.10.10.131 is the NAT virtual machine 3 (windows)
Purpose:
The physical machine is on the same network segment as the VPS and webserver. The
physical machine cannot communicate with the company's intranet
. The
webserver is equivalent to a VPN to connect to the company's intranet
. The physical machine can be connected to the company's intranet remotely by building a PingTunnel.

2. Environment setup and connection

Tools: VMware, centos7, windows7, PingTunnel

For vps (192.168.10.111) and webserver (192.168.10.109)

#针对vps（192.168.10.111）和webserver（192.168.10.109）
#分别安装pingtunnel
#使用root权限

#安装make
yum -y install gcc automake autoconf libtool make

#安装g++（可省）
yum install gcc gcc-c++

#安装libpcap的依赖环境
yum -y install byacc
yum -y install flex bison

#安装libpcap（报错尝试加sudo）
wget http://www.tcpdump.org/release/libpcap-1.9.0.tar.gz
tar -xzvf libpcap-1.9.0.tar.gz
cd libpcap-1.9.0
./configure
make && make install

#安装PingTunnel
wget http://www.cs.uit.no/~daniels/PingTunnel/PingTunnel-0.72.tar.gz
tar -xzvf PingTunnel-0.72.tar.gz
cd PingTunnel
make && make install

For webserver (192.168.10.109)

#启动pingtunnel
ptunnel
#或（-x为隧道指定连接密码）
ptunnel -x 123456

For vps (192.168.10.111)

ptunnel -p 192.168.10.109 -lp 8080 -da 10.10.10.131 -dp 3389
#或
ptunnel -p 192.168.10.109 -lp 8080 -da 10.10.10.131 -dp 3389 -x 123456

#-p 指定ICMP隧道另一端的IP
#-lp：指定本地监听的端口
#-da：指定要转发的目标机器的IP
#-dp：指定要转发的目标机器的端口
#-x：指定连接密码

Targeting (10.10.10.131)

#开启远程登录

Connection
Directly connect to port 8080 of vps (192.168.10.111) remotely on the physical machine (192.168.10.1)
, which is equivalent to connecting to port 3389 of the intranet target (10.10.10.131)

3. Problem avoidance

Failure to install is mostly due to permission problems. After the
environment is set up, all kinds of ping networks are connected, and the internal network IP3389 is still not connected. Turn off the iptables of Linux.