Most home broadband does not have an independent IPV4, and cannot be directly connected. FRP is an artifact of intranet penetration. You can build an FRP server through a server with a public IP address to forward traffic to achieve intranet penetration. FRP is open source on Github: https://github.com/fatedier/frp Download the corresponding version on the releases page. The compressed package only corresponds to different platforms, and each package decompression includes the server side and the client side.
下载
服务器端配置
- Download
I use centos on the server side, so download "frp_0.33.0_linux_amd64.tar.gz" on the releases page. If the server side is another system, just download the corresponding decompression.
In the decompressed folder:
"frps", "frps_full.ini", and "frps.ini" are executable files and configuration files that run on the server side .
"Frpc", "frpc_full.ini", and "frpc.ini" are executable files and configuration files that run on the client .
Modify the configuration file
Use the command vi frps.ini to modify the frps.ini file, then save and exit:
[common]
bind_addr=0.0.0.0
bind_port = 7000
token=12310086
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = admin123
Description :
- "bind_addr" is the server's local IP, which should not be changed.
- "bind_port" is the frp listening port.
- "token" is the recommended setting for verification token.
- "dashboard_port" is the port of the frp panel.
- "Dashboard_user" "dashboard_pwd" is the account password of the panel.
Except for the "bind_addr" parameter, other parameters can be modified according to your needs. Remember to remember the changed parameters.
Then give execution permissions to the server-side frps:
sudo chmod 755 ./frps
Run frps
./frps -c ./frps.ini
Can cooperate with nohup or screen to let frps run in the background. Pay attention to the firewall or pagoda and other ports that allow responses. Log in to the web page to check if it is indeed successful
访问面板
The panel is for reference only and can be used or not. Visit the
port 7500 configured on http://server ip:7500 , and
log in with the user name and password admin/admin123 configured above to see the following interface:
客户端配置
- Download frp
demo client for windows, download frp windows version "frp_0.33.0_windows_amd64.zip", unzip it and enter the folder:
- Modify the configuration file The
program used in the local demonstration is windows remote desktop, using port 3389. Need to use frp to forward the 3389 of the windows client to the server. For example, forward 3389 on the client to port 33389 on the server. Open the "frpc.ini" file with a text editor:
[common]
server_addr = FRP服务端VPSip
server_port = 7000
token=12310086
[RDP]
type = tcp
local_ip = 127.0.0.1
local_port = 3389
remote_port = 33389
Save and exit, execute in cmd
frpc.exe -c frpc.ini
If success appears, the connection is successful.
At this time, the server section also has a connection reminder
. There are also prompts in the control panel.
If there is no prompt, please pay attention to the port that allows the response in the server firewall or pagoda management panel !
Now we are on any computer on the external network, open the windows remote desktop program, enter the server ip: 33389, and then you can connect to the local windows.
Note that you must turn on the "Allow Remote Connection" of the windows computer, otherwise it may fail.
原理
- The server starts to monitor port 7000 according to the configuration file. The client starts up according to the configuration file and connects with the frp 7000 port of the server.
- After the two are successfully connected, the client reads the local configuration file and tells the server what port is needed for which forwarding operations.
- In the above operation, the client reads the local configuration file and tells the server that the client forwards the local 3389 port to 33389 on the server.
- Then the server opens a new listening port of 33389, and forwards the traffic from the external network to port 33389 to the client 3389
Summary:
This kind of penetration can achieve access to any host web service in the local area network by penetrating a certain host. Because the web services of the local area network 0.0.0.0, the local area network can communicate with each other.
The web service of the LAN local16 host is configured on the host whose ip is 192.168.50.75, and frpc.inithe configuration is:
[common]
server_addr = 37.116.10.215
server_port = 7002
token = 278739-7fe62-4138-9fd3-098afdf964b6a
#另一台主机上启动的服务
[local16_ai_recognize]
type = http
local_ip = 192.168.50.232
local_port = 5001
#配置的对外访问域名
custom_domains = ai-recognize.debug.alibaba.com
[local15_ssh]
#配置别的访问类型
type = tcp
local_ip = 192.168.50.75
local_port = 22
remote_port = 7005
Reference blog address:
teach you how to use FRP to do intranet penetration using remote desktop to connect to the windows computer at home
Another penetration tutorial:
lightweight intranet penetration proxy server nps trial