How can we use the extranet to access our intranet services? Some people say that third-party penetration tools can be used, but third-party penetration tools are generally not very stable and have various restrictions. If you want to break through these restrictions, you need to pay a certain fee. All use is very troublesome, so Is there a way for us to build a penetration service by ourselves? The answer is yes, let’s explain the frp tool in detail below.
frp is an internal network penetration tool. First, a server is required as the server (Linux external network), and your own (WIN10 internal network) computer is used as the client. I will explain the detailed installation and use process in a popular way. , not much nonsense and start directly.
Linux should open port 7000 7500 9600, don't miss it
The official website address, you can go up and download the version you need:
https://github.com/fatedier/frp/releases/tag/v0.33.0
Server installation:
Linux download: We download the file to the /usr/local/frp directory, create a new one if there is no directory, we first switch to the directory, download and decompress:
Download command:
wget https://github.com/fatedier/frp/releases/download/v0.44.0/frp_0.44.0_linux_amd64.tar.gz
Unzip command:
tar -zxvf frp_0.44.0_linux_amd64.tar.gz
After completion, switch to the directory /etc/systemd/system/ to create a new file frps.service, and then add the following content
[Unit]
Description=frps service
After=network.target syslog.target
Wants=network.target
[Service]
Type=simple
#Restart=always
Restart=on-failure
RestartSec=5s
#启动服务的命令(此处写你的frps的实际安装目录)
ExecStart=/usr/local/frp/frp_0.44.0_linux_amd64/frps -c /usr/local/frp/frp_0.44.0_linux_amd64/frps.ini
[Install]
WantedBy=multi-user.target
Switch to our installation directory, edit the file frps.ini inside, edit the content as follows
[common]
bind_addr = 172.20.185.38
bind_port = 7000
kcp_bind_port = 7000
vhost_https_port = 7001
dashboard_addr = 172.20.185.38
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = admin
log_file = ./frps.log
log_level = info
log_max_days = 3
authentication_timeout = 900
token=long123456
allow_ports = 2000-3000,3001,3003,4000-50000,3362
max_pool_count = 50
max_ports_per_client = 0Parameter Description
[common]
#Intranet IP
bind_addr = 172.20.185.38#frp open port
bind_port = 7000
kcp_bind_port = 7000
vhost_https_port = 7001
dashboard_addr = 172.20.185.38#Client access port
dashboard_port = 7500#Client access account
dashboard_user = admin#Client access password
dashboard_pwd = admin#log
log_file = ./frps.log
log_level = info#The log is cleared every 3 days
log_max_days = 3
authentication_timeout = 900#Set token, input
token=long123456 at will#Permeable ports, multiple can be configured, separated by commas
allow_ports = 2000-3000,3001,3003,4000-50000,3362
max_pool_count = 50
max_ports_per_client = 0
Save after configuration
sudo systemctl enable frps -- 设置开机自启动
sudo systemctl start frps -- 启动frps服务
sudo systemctl status frps -- 查看启动日志
sudo systemctl restart frps -- 重启服务
sudo systemctl stop frps -- 关闭服务
After completion, enter http://your server IP:7500/ and enter the account password admin admin. When you see the following interface, it means success.
Install the client below, we use 64-bit
Edit the file after the download is complete
write content
[common]
server_addr = 120.25.172.500
server_port = 7000
authentication_method = token
token = long123456[test-9600]
type = tcp
local_ip = 127.0.0.1
local_port = 9600
remote_port = 9600
Parameter explanation
[common]
#Server public network IP
server_addr = 120.25.172.500
server_port = 7000
authentication_method = token#Must be consistent with the token of the server
token = long123456[test-9600]
type = tcp#My local computer intranet IP
local_ip = 127.0.0.1#Local service ip, such as local service 9600 needs to penetrate
local_port = 9600#Server access IP such as 120.25.172.500:9600
remote_port = 9600
After the configuration is complete, double-click frpc.exe to start it.
Started successfully:
Browser input: 120.25.172.500:9600, make sure that our local service 9600 is started
This is equivalent to directly accessing our internal network 9600 by accessing the external network of 120.25.172.500:9600. Of course, this port can be set at will.