FRP easily achieves intranet penetration

Enterprise 2021-01-28 11:35:15 views: null

table of Contents

FRP easily achieves intranet penetration

1. What is FRP?

FRP (Fast Reverse Proxy) is a simple, easy to use and stable tunnel tool. It is a high-performance reverse proxy application that can easily penetrate the internal network and provide services to the external network. FRP supports TCP, UDP, KCP, HTTP, HTTPS and other protocol types, and supports Web services for routing and forwarding based on domain names. To bypass the complicated network external service starts with it, Go.

2. How to play FRP

1. FRP communication process

Insert picture description here
Communication process: the intranet server and the public network virtual machine establish a tunnel through FRP, and the user requests the public network virtual machine to access the intranet server

2. FRP term explanation

FRPC	#FRP的客户端
FRPS	#FRP的服务端
frps.ini	#服务端的配置文件
frpc.ini	#客户端的配置文件

3. Preparation for using FRP

#公网服务器 = 阿里云、腾讯、天翼云等
1、一台有**固定IP**的公网服务器(Windows、Linux)

2、一台内网设备(Windows、Linux)

3、一台笔记本或台式机(调试用)

3. How to deploy FRP

1. FRP server deployment

步骤一:下载获取安装包  
wget https://github.com/fatedier/frp/releases/download/v0.33.0/frp_0.33.0_linux_amd64.tar.gz

步骤二:解压安装包到/etc/frp目录
mkdir /etc/frp && tar -zxvf frp_0.33.0_linux_amd64.tar.gz -C /etc/frp

步骤三:修改FRP服务端配置文件
vim /etc/frp/frps.ini

----------
[common]
bind_port = 20001 根据实际情况个人喜好更新IP端口

提示:20001端口需要在阿里云等公网服务器的安全组、防火墙里面放通
----------

2. FRP client deployment

步骤一:下载客户端安装包
windows端:
https://github.com/fatedier/frp/releases/download/v0.33.0/frp_0.33.0_windows_amd64.zip
Linux端:
wget https://github.com/fatedier/frp/releases/download/v0.33.0/frp_0.33.0_linux_amd64.tar.gz

步骤二:解压安装包到对应文件夹
mkdir /etc/frp && tar -zxvf frp_0.33.0_linux_amd64.tar.gz -C /etc/frp

步骤三:修改配置文件
vi /etc/frp/frpc.ini
----------
[common]
server_addr = 120.120.*.* #修改成服务端的公网IP或者域名也可以
server_port = 20001 #服务端的请求端口

[ssh] #Linux的ssh连接
#端口类型tcp、udp、http、https等
type = tcp	

#内网设备的IP,可以是这台设备的自身或其他
local_ip = 192.168.3.2 

#内网IP端口,22端口对应的是ssh
local_port = 22 

#在外网访问的端口,自定义
remote_port = 26666 

[RDP] #Windows远程桌面连接
type = tcp	
local_ip = 127.0.0.1
local_port = 3389	
remote_port = 28888	

步骤四:启动程序,并放到后台启动
Linux端:
1、cd /etc/frp
2、nohup sh /etc/frp/frpc -c /etc/frp/frpc.ini &

Windows端:
1、打开CMD命令行提示符工具
2、cd c:\frp\
3、start /b frpc.exe -c c:\frp\frpc.ini

Fourth, FRP is set to service startup (Linux)

1. The FRP server is started as a service (Linux)

#1、编辑frps.service
vi /etc/frp/systemd/frps.service

[Unit]
Description=FRP to bypass NAT Network
Wants = network-online.target
After=network.target 

[Service] 
Type=simple 
ExecStart=/etc/frp/frps -c /etc/frp/frps.ini
#ExecReload=/etc/frp/frps
#ExecStop=/etc/frp/frps

StandardOutput = syslog
StandardError = inherit

PrivateTmp=true 

[Install] 
WantedBy=multi-user.target
保存

#2、复制frps.service到lib库
cp /etc/frp/systemd/frps.service /lib/systemd/system/

#3、重新加载,启动服务并设置开机自启动
systemctl-daemon-reload
systemctl start frps.service
systemctl enable frps.service

2. The FRP client is started as a service (Linux)

#1、编辑frpc.service
vi /etc/frp/systemd/frpc.service

[Unit]
Description=FRP to bypass NAT Network
Wants = network-online.target
After=network.target 

[Service] 
Type=simple 
ExecStart=/etc/frp/frpc -c /etc/frp/frpc.ini
#ExecReload=/etc/frp/frpc
#ExecStop=/etc/frp/frpc

StandardOutput = syslog
StandardError = inherit

PrivateTmp=true 

[Install] 
WantedBy=multi-user.target
保存

#2、复制frps.service到lib库
cp /etc/frp/systemd/frpc.service /lib/systemd/system/

#3、重新加载,启动服务并设置开机自启动
systemctl-daemon-reload
systemctl start frpc.service
systemctl enable frpc.service

Fourth, FRP server expansion

1. Point-to-point intranet penetration configuration

#frps.ini服务端
[common]
bind_port = 7000
bind_udp_port = 7000

#frpc.ini客户端【*在需要暴露到内网的机器上部署 frpc*】
[common]
server_addr = x.x.x.x
server_port = 7000

[p2p_ssh]
type = xtcp
#只有 【SK】 一致的用户才能访问到此服务,类似Token
sk = abcdefg
local_ip = 127.0.0.1
local_port = 22

#frpc.ini客户端【*在想要访问内网服务的机器上也部署 frpc*】
[common]
server_addr = x.x.x.x
server_port = 7000

[p2p_ssh_visitor]
type = xtcp
# xtcp 的访问者
role = visitor
# 要访问的 xtcp 代理的名字
server_name = p2p_ssh
sk = abcdefg
# 绑定本地端口用于访问 ssh 服务
bind_addr = 127.0.0.1
bind_port = 6000

to sum up

Advantages: FRP can bypass the administrator to publish applications and servers to the external network through the establishment of a tunnel on various complex corporate intranets. FRP can be used as an emergency means for operation and maintenance personnel. The inner net of a certain shell is stable in penetration.

Disadvantages: easy to be penetrated by the outside, can be used with Token, frp+openVpn, etc. to enhance security. And the bottleneck of the application network speed published by FRP is the fixed IP network speed, not the client that initiates the request.

If Mr. UP has something wrong, you are welcome to suggest and point it out~ Thank you
for your support~ Don’t be sure next time

Guess you like

Origin blog.csdn.net/sinat_38457621/article/details/113211150
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com