Intranet penetration using FRP (dynamic domain name resolution)

This article uses a minimalist configuration. If you have special requirements, please refer to https://github.com/fatedier/frp literature

Environment preparation: Internet server (ubuntu) + local machine (ubuntu subsystem)

The local server windows can be configured similarly

What is frp

rp is a high-performance reverse proxy application, which can help you easily penetrate the intranet, provide services to the Internet, support tcp, http, https and other protocol types, and web services support routing and forwarding according to domain names.

preparation

1. You need an Internet Server windows or Linux (this article uses Ubuntu operating system)
2. One or more intranet PC s, indows or Linux are required (Ubuntu subsystem is adopted in this paper)

Software installation

Internet server

Download ftp:

wget https://github.com/fatedier/frp/releases/download/v0.20.0/frp_0.20.0_linux_amd64.tar.gz

Unzip frp:

mkdir /usr/local/frp    establish frp catalogue
tar -zxvf frp_0.20.0_linux_amd64.tar.gz    decompression frp
mv /frp_0.20.0_linux_amd64.tar.gz/* /usr/local/frp   Put the extracted file into frp Folder

Take a look at the file structure of frp:

[external chain picture transfer failed. The source station may have anti-theft chain mechanism. It is recommended to save the picture and upload it directly (img-jdnfdb3s-1630205245397)( https://s2.ax1x.com/2019/02/21/kR1DaV.png )]
Where FRPs Ini and FRPC Ini is a server-side configuration file and a local side configuration file

Configure FRPs Ini (frps.ini is configured because it is on the server side. Of course, you can also delete frpc.ini directly)

vi /usr/local/frp/frps.ini

# The asterisk part is for coding. You need to define it yourself
[common]
bind_port = **211
log_file = /var/log/frp.log
allow_port = **212-**220

# The following is the explanation
 first line[common] The default generation can be ignored
 Second line bind_port = **211 For server and local PC Port for communication
 Third line log_file = /var/log/frp.log by log File address
 Fourth line allow_port = **212-**220 Forwarding addresses for ports (one or more)
For example: Internet access gjweb.top:**212 Then the information of port 212 is forwarded to the intranet connected to port 212 PC

function:

./frps -c frps.ini

Intranet PC

Internet server

Download ftp:

wget https://github.com/fatedier/frp/releases/download/v0.20.0/frp_0.20.0_linux_amd64.tar.gz

Unzip frp:

mkdir /usr/local/frp    establish frp catalogue
tar -zxvf frp_0.20.0_linux_amd64.tar.gz    decompression frp
mv /frp_0.20.0_linux_amd64.tar.gz/* /usr/local/frp   Put the extracted file into frp Folder

Configure FRPC Ini (because it is on the PC side, configure frpc.ini. Of course, you can also delete frps.ini directly)
[external chain picture transfer failed. The source station may have anti-theft chain mechanism. It is recommended to save the picture and upload it directly (IMG ikpakdga-1630205245399)( https://s2.ax1x.com/2019/02/21/kR14Vx.png )]

vi /usr.local/frp/frpc.ini

# The asterisk is the coding part
[common]
server_addr = 97.64.39.132
log_file = /var/log/frpc.log
server_port = **211



[Web_80]
type = tcp
local_ip = 127.0.0.1
local_port = 80
remote_port = **212

# explain
 first line[common]  default
 Second line server_addr = 97.64.39.132 The address is your Internet server IP address
 Third line log_file = /var/log/frpc.log Is a log file
 In the fourth line, the port communicating with the server needs to be connected with the server bind_port Consistent configuration
 The fifth line[Web_80]The brackets can be customized
 Line 6 type = tcp For specific requirements of connection type, please refer to frp literature
 Line 7 local_ip = 127.0.0.1 Local address
 Line 8 local_port = 80 The server forwards back to the local port
 Line 9 remote_port = **212 Use 212 to connect to the server, which is consistent with the port developed by the server allow_port Consistent content

function:

./frpc -c frpc.ini

The frp installation is now complete

For example, if your local server is used as a web server
Access server domain name: the port you set can be accessed normally
[external chain picture transfer failed. The source station may have anti-theft chain mechanism. It is recommended to save the picture and upload it directly (img-qjz1xm61-1630205245402)( https://s2.ax1x.com/2019/02/21/kR3pi8.png )]

Regular problem

1. If you encounter inaccessible conditions, check whether the port settings are correct
2. For firewall problems, use ufw status to check whether the relevant port is prohibited

Set background operation

Create a new FRPs in the following location INI file

The contents are as follows:
[external chain picture transfer failed. The source station may have anti-theft chain mechanism. It is recommended to save the picture and upload it directly (img-conyvzq2-1630205245406)( https://s2.ax1x.com/2019/02/21/kR3Zd0.png )]
The ExecStart content is the command to be executed

Next:

sudo systemctl daemon-reload
sudo systemctl status frps