使用frp进行内网穿透
系统4年前 (2019-11-12)
frp用来做穿透内网,将内网或防火墙之后的机器,对外网环境提供服务
实验环境
外网环境: Windows Server 2019服务器
内网环境1: CentOS 7.7服务器 应用nginx环境 端口33605
内网环境2: Windows Server2016 应用RDP 端口3389
内网环境3: Windows Server2012 应用RDP 端口3389
下载地址https://github.com/fatedier/frp/releases
Windows服务端
解压后只保留frps.exe和frps.ini,其余文件删除
编辑frps.ini
[common] bind_addr = 0.0.0.0 #绑定所有地址 bind_port = 6001 #与客户端进行通信的端口 bind_udp_port = 7001 kcp_bind_port = 7000 #proxy_bind_addr = 127.0.0.1 #vhost_http_port = 33605 #vhost_https_port = 4430 #vhost_http_timeout = 60 #tcpmux_httpconnect_port = 1337 #dashboard_addr = 0.0.0.0 #dashboard_port = 7500 #dashboard_user = admin #dashboard_pwd = admin #enable_prometheus = true log_file = ./frps.log log_level = error log_max_days = 1 disable_log_color = false detailed_errors_to_client = true authentication_method = token authenticate_heartbeats = false authenticate_new_work_conns = false privilege_token = 1234567890 oidc_client_id = oidc_client_secret = oidc_audience = oidc_token_endpoint_url = #heartbeat_timeout = 90 #allow_ports = 33605 max_pool_count = 50 max_ports_per_client = 0 tls_only = false #subdomain_host = frps.com tcp_mux = true #custom_404_page = /path/to/404.html udp_packet_size = 1500
cmd下运行
d:\tool\frp\frps.exe -c d:\tool\frp\frps.ini
或者注册为系统服务
cd到frp所在目录 安装 winsw install 开启 winsw start 如果需要拆卸 停止 winsw stop 拆卸 winsw uninstall
Linux客户端
解压后只保留frpc和frpc.ini,其余文件删除
cd /root wget https://github.com/fatedier/frp/releases/download/v0.29.1/frp_0.29.1_linux_amd64.tar.gz tar xzvf frp_0.29.1_linux_amd64.tar.gz mv frp_0.29.1_linux_amd64 frp chmod +x /root/frp/frpc vim /root/frp/frpc.ini 修改为 [common] server_addr = 222.222.222.222 #服务端公网IP server_port = 6001 #与服务端通信的端口 #log_file = ./frpc.log #log_level = info #log_max_days = 1 privilege_token = 1234567890 #连接密码 [web] type = tcp local_ip = 127.0.0.1 local_port = 33605 remote_port = 33605
这里没有使用vhost方式,因为type配置为http,必须要设置域名解析
设置为系统服务
vim /usr/lib/systemd/system/frpc.service 增加 [Unit] Description=Frp Client Service After=network.target [Service] Type=simple User=root Restart=on-failure RestartSec=5s ExecStart=/root/frp/frpc -c /root/frp/frpc.ini ExecReload=/root/frp/frpc reload -c /root/frp/frpc.ini [Install] WantedBy=multi-user.target
执行
systemctl enable frpc.service && systemctl start frpc.service systemctl status frpc.service systemctl is-active frpc.service systemctl list-units --type=service
Windows客户端
解压后只保留frpc.exe和frpc.ini,其余文件删除
编辑frpc.ini
[common] server_addr = 222.222.222.222 server_port = 6001 privilege_token = 1234567890 #http_proxy = http://user:passwd@192.168.1.128:8080 #http_proxy = socks5://user:passwd@192.168.1.128:1080 #http_proxy = ntlm://user:passwd@192.168.1.128:2080 disable_log_color = false log_file = ./frpc.log log_level = error log_max_days = 1 disable_log_color = false #admin_addr = 127.0.0.1 #admin_port = 7400 #admin_user = admin #admin_pwd = admin #assets_dir = ./static pool_count = 5 tcp_mux = true #user = your_name login_fail_exit = true protocol = tcp tls_enable = true #tls_cert_file = client.crt #tls_key_file = client.key #tls_trusted_ca_file = ca.crt #dns_server = 8.8.8.8 #start = ssh,dns #heartbeat_interval = 30 #heartbeat_timeout = 90 #meta_var1 = 123 #meta_var2 = 234 udp_packet_size = 1500 [RDP] type = tcp local_ip = 127.0.0.1 local_port = 3389 remote_port = 5000
其他计算机如果还要穿透RDP,配置文件需要改为
[common] server_addr = 222.222.222.222 server_port = 6001 privilege_token = 1234567890 [RDP2] type = tcp local_ip = 127.0.0.1 local_port = 3389 remote_port = 6000
测试方法
浏览器访问
http://222.222.222.222:33605 就可以看到内网的nginx默认页面
mstsc连接
222.222.222.222:6000 可以远程管理
本站所有文章均可随意转载,转载时请保留原文链接及作者。
,想必也是非常愉悦的事!
