frp 是一个可用于内网穿透的高性能的反向代理应用,支持 tcp, udp, http, https 协议。
获取 VPS 的处理器架构
依据处理器架构选择对应版本的 frp、下载并解压
[jiong@centos7 ~]$ arch
[jiong@centos7 ~]$ wget 
https://github.com/fatedier/frp/releases/download/v0.21.0/frp_0.21.0_linux_amd64.tar.gz
[jiong@centos7 ~]$ tar -xzvf frp_0.21.0_linux_amd64.tar.gz
架构
在内网机器上使用 frpc 服务,将其「注册」到 frps 的机器上
外部用户便可以通过具有公网 IP 的 frps 机器访问到内网的机器,这实际上就是一个方向代理的过程
连接内网机器
# frpc.ini
[common]
server_addr = x.x.x.x
server_port = 7000
log_file = ./frps.log
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000
内网机器通过「x.x.x.x」与 frps 代理机器建立连接
内网机器通过 「frpc.ini」在 frps 代理机器上「注册」了一个代理服务,监听 6000 端口
当外部用户通过 SSH 连接代理机器的 6000 端口,便连接到了内网机器,这是一个方向代理了内网机器的过程。
通过查看事实日子可以看到 frp 的交互流程
[root@host frp]# tail -f frps.log
2018/11/15 00:47:18 [I] [service.go:130] frps tcp listen on 0.0.0.0:7000
2018/11/15 00:47:18 [I] [root.go:207] Start frps success
2018/11/15 00:48:33 [I] [service.go:319] client login info: ip [
112.5.201.153:52355
] version [0.21.0] hostname [] os [windows] arch [amd64]
2018/11/15 00:49:17 [I] [service.go:319] client login info: ip [211.97.128.100:3722
] version [0.21.0] hostname [] os [windows] arch [amd64]
2018/11/15 00:56:16 [I] [service.go:319] client login info: ip [112.5.201.153:52652
] version [0.21.0] hostname [] os [linux] arch [amd64]
2018/11/15 00:56:16 [I] [proxy.go:217] [5571d58b034abea2] [ssh] tcp proxy listen port [6000]
2018/11/15 00:57:33 [I] [proxy.go:87] [5571d58b034abea2] [ssh] get a new work connection: [
112.5.201.153:52652
]
2018/11/15 00:59:17 [I] [proxy.go:87] [5571d58b034abea2] [ssh] get a new work connection: [112.5.201.153:52652
]
2018/11/15 01:00:55 [I] [proxy.go:87] [5571d58b034abea2] [ssh] get a new work connection: [112.5.201.153:52652
]
2018/11/15 01:20:19 [I] [proxy.go:87] [5571d58b034abea2] [ssh] get a new work connection: [112.5.201.153:52652
]
2018/11/15 01:22:21 [I] [control.go:220] [9f010fa9d8b9ea9b] control writer is closing
2018/11/15 01:22:21 [I] [control.go:292] [9f010fa9d8b9ea9b] client exit success
2018/11/15 01:23:03 [I] [proxy.go:87] [5571d58b034abea2] [ssh] get a new work connection: [112.5.201.153:52652
]
2018/11/15 01:23:48 [I] [proxy.go:87] [5571d58b034abea2] [ssh] get a new work connection: [112.5.201.153:52652
]
2018/11/15 01:24:35 [I] [service.go:319] client login info: ip [211.97.128.100:3724
] version [0.21.0] hostname [] os [windows] arch [amd64]
2018/11/15 02:01:13 [I] [control.go:220] [3166cd00e061258b] control writer is closing
2018/11/15 02:01:13 [I] [control.go:292] [3166cd00e061258b] client exit success
2018/11/15 02:08:16 [I] [control.go:220] [4972517f0d8c09db] control writer is closing
2018/11/15 02:08:16 [I] [control.go:292] [4972517f0d8c09db] client exit success
2018/11/15 02:08:18 [I] [service.go:319] client login info: ip [112.5.201.153:52900
] version [0.21.0] hostname [] os [windows] arch [amd64]
2018/11/15 02:08:19 [W] [control.go:332] [9168626ea7c7ca07] new proxy [ssh] error: port already used
2018/11/15 02:08:19 [I] [proxy.go:401] [9168626ea7c7ca07] [home] stcp proxy custom listen success
以上配置实现了外部用户 SSH 连接内网无公共 IP 的虚拟机
外部用户指:未允许 frp 的机器
代理 WINDOWS 远程桌面
服务名称、转发端口不能重复,因为都是注册在「frps」上的
「frpc-1」在「frps」上注册了「home」、「company_visitor」这两个服务
当「frpc-2」在「frps」上某一注册服务的「sk」与「frpc-1」的「sk」一致时,代理到「frpc-1」的「3389端口」
# frpc-1
[common]
server_addr = 93.179.97.24
server_port = 7000
log_file = ./frpc.log
[home]
type = stcp
sk = mstsc
local_ip = 127.0.0.1
local_port = 3389
use_encryption = true
use_compression = true
[company_visitor]
type = stcp
sk = mstsc
role = visitor
server_name = company
bind_addr = 127.0.0.1
bind_port = 1116
use_encryption = true
use_compression = true
「frpc-2」在「frps」上注册了「company」、「home_visitor」这两个服务
当「frpc-1」在「frps」上某一注册服务的「sk」与「frpc-1」的「sk」一致时,代理到「frpc-2」的「3389端口」
# frpc-2
[common]
server_addr = 93.179.97.24
server_port = 7000
log_file = ./frpc.log
[company]
type = stcp
sk = mstsc
local_ip = 127.0.0.1
local_port = 3389
use_encryption = true
use_compression = true
[home_visitor]
type = stcp
sk = mstsc
role = visitor
server_name = home
bind_addr = 127.0.0.1
bind_port = 1118
use_encryption = true
use_compression = true
以上配置实现了「frpc-2」、「frpc-1」互相远程桌面
后台运行
WINDOWS 后台运行——注册服务
简而言之,winsw 能将 windows 的程序注册到服务中,此处用来自启及后台运行 frpc
下载winsw,在相应目录下编写 XML 配置文件
<service>
<id>frp</id>
<name>内网穿透</name>
<description>内网穿透</description>
<executable>frpc</executable>
<arguments>-c frpc.ini</arguments>
<onfailure action=”restart” delay=”60 sec”/>
<onfailure action=”restart” delay=”120 sec”/>
<logmode>reset</logmode>
</service>
执行命令注册为 windows 服务
winsw install
WINDOWS 后台运行——计划任务
创建 bat 脚本
@echo off
mode con cols=60 lines=20
color a
title 服务监听工具
:frpc
D:\frpc\frpc.exe -c d:\frpc\frpc.ini
ping -n 2 127.1 >nul
cls
goto frpc
控制面板创建计划任务,具体参见:创建windows计划任务使FRP开机启动
Linux 后台运行
后台运行的四种方法
supervisor
rc.local
systemd
nohup
使用 systemctl 设置开机自启
[root@host system]# vi /etc/systemd/system/frps.service
编写 frps.service 使用 systemctl 设置开机自启
[Unit]
Description=frps daemon
[Service]
Type=simple
ExecStart=/opt/frps/frps -c /opt/frps/frps.ini
[Install]
WantedBy=multi-user.target
[root@host system]# systemctl start frps
[root@host system]# systemctl enable frps
Xdhell 的隧道用法–待补充
转载请注明:XAMPP中文组官网 » 内网穿透