利用frp实现内网穿透

警告
本文最后更新于 2019-10-08,文中内容可能已过时。

无论是在服务器端还是在客户机端,均需要安装 frp、并启动相关的服务。其中:

  • frps.init 是服务器配置文件
  • frpc.init 是客户端配置文件

服务器配置

  • 下载 frp

    1
    2
    
    cd ~
    wget https://github.com/fatedier/frp/releases/download/v0.21.0/frp_0.21.0_linux_amd64.tar.gz
  • 解压

    1
    2
    
    tar -xzvf frp_0.21.0_linux_amd64.tar.gz
    cd frp_0.21.0_linux_amd64/
  • 配置服务器,使用 7000 作为监听端口

    1
    2
    3
    4
    5
    6
    
    vim frps.ini
    
    [common]
    #bind_addr = 127.0.0.1
    bind_port = 7000
    token = *********
  • 增加允许访问的端口。这个是需要通过 7000 的端口转发去访问的客户机端口,可以配置多个。比如我们在客户机的 frpc.init 增加了3个可以访问的端口,那么我们就需要告诉服务器,需要开放 601160356066 这3个端口的远程访问权限:

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    
    [common]
    server_addr = 114.67.109.5
    server_port = 7000
    token = *********
    
    [sshlocal]
    type = tcp
    local_ip = 127.0.0.1
    local_port = 22
    remote_port = 6011
    
    [ssh135]
    type = tcp
    local_ip = 192.168.1.135
    local_port = 22
    remote_port = 6035
    
    [ssh166]
    type = tcp
    local_ip = 192.168.1.166
    local_port = 22
    remote_port = 6066

    开放端口使用命令 FirewallD

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    
    ## 增加远程访问 端口
    # 1.FirewallD防火墙开放8787端口
    firewall-cmd --zone=public --add-port=6011/tcp --permanent
    firewall-cmd --zone=public --add-port=6035/tcp --permanent
    firewall-cmd --zone=public --add-port=6066/tcp --permanent
    firewall-cmd --zone=public --add-port=6088/tcp --permanent
    firewall-cmd --zone=public --add-port=6099/tcp --permanent
    
    firewall-cmd --zone=public --add-port=7066/tcp --permanent
    firewall-cmd --zone=public --add-port=7099/tcp --permanent
    
    # 2.重启防火墙
    systemctl restart firewalld.service
    
    
    ## CentOS6 使用以下命令
    ## 开放 8899 端口
    /sbin/iptables -I INPUT -p tcp --dport 8899 -j ACCEPT
    ## 然后保存
    /etc/rc.d/init.d/iptables save
    ## 查看打开的端口
    /etc/init.d/iptables status
  • 开启后台服务,通过 nohup 实现不间断的运行服务,记得在服务器是启动 frps 服务:

    1
    
    nohup ./frps -c frps.ini &

客户端配置

  • 下载、解压“:

    1
    2
    3
    4
    5
    
    cd ~
    wget https://github.com/fatedier/frp/releases/download/v0.21.0/frp_0.21.0_linux_amd64.tar.gz
    
    tar -xzvf frp_0.21.0_linux_amd64.tar.gz
    cd frp_0.21.0_linux_amd64/
  • 配置客户机,客户端的配置文件在 frpc.init

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    
    [common]
    server_addr = xxx.xxx.xxx.xxx  	## 这里是填写服务器的固定 IP
    server_port = 7000				## 这里需要跟服务器端监听的端口一致,默认 7000
    
    [sshlocal]
    type = tcp
    local_ip = 127.0.0.1			## 本机
    local_port = 22
    remote_port = 6011
    
    [ssh135]
    type = tcp
    local_ip = 192.168.1.135		## 配置的本地内网服务器
    local_port = 22
    remote_port = 6035
    
    [ssh166]
    type = tcp
    local_ip = 192.168.1.166
    local_port = 22
    remote_port = 6066
    
    [ssh188]
    type = tcp
    local_ip = 192.168.1.188
    local_port = 22
    remote_port = 6088
    
    [ssh199]
    type = tcp
    local_ip = 192.168.1.199
    local_port = 22
    remote_port = 6099
    
    [ssh166_rstudio]				## 配置的本地内网服务器, Rstudio
    type = tcp
    local_ip = 192.168.1.166
    local_port = 8787
    remote_port = 7066
    
    [ssh199_rstudio]
    type = tcp
    local_ip = 192.168.1.199
    local_port = 8787
    remote_port = 7099
  • 客户机开启后台服务命令,配置文件是 frpc.init

    1
    
    nohup ./frpc -c frpc.ini &

    提示连接成功:

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    
    2019/10/08 20:11:19 [I] [proxy_manager.go:300] proxy removed: []
    2019/10/08 20:11:19 [I] [proxy_manager.go:310] proxy added: [ssh199 ssh166_rstudio ssh199_rstudio sshlocal ssh135 ssh166 ssh188]
    2019/10/08 20:11:19 [I] [proxy_manager.go:333] visitor removed: []
    2019/10/08 20:11:19 [I] [proxy_manager.go:342] visitor added: []
    2019/10/08 20:11:19 [I] [control.go:246] [60429e396343771b] login to server success, get run id [60429e396343771b], server udp port [0]
    2019/10/08 20:11:19 [I] [control.go:169] [60429e396343771b] [ssh135] start proxy success
    2019/10/08 20:11:19 [I] [control.go:169] [60429e396343771b] [ssh166] start proxy success
    2019/10/08 20:11:19 [I] [control.go:169] [60429e396343771b] [ssh188] start proxy success
    2019/10/08 20:11:19 [I] [control.go:169] [60429e396343771b] [ssh199] start proxy success
    2019/10/08 20:11:19 [I] [control.go:169] [60429e396343771b] [ssh166_rstudio] start proxy success
    2019/10/08 20:11:19 [I] [control.go:169] [60429e396343771b] [ssh199_rstudio] start proxy success
    2019/10/08 20:11:19 [I] [control.go:169] [60429e396343771b] [sshlocal] start proxy success

    并且我们可以在服务器端看到端口已经开启转发功能:

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    
    [root@JD ~]# netstat -ntlp
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      24860/mysqld
    tcp        0      0 127.0.0.1:1234          0.0.0.0:*               LISTEN      2817/ifrit-agent
    tcp        0      0 0.0.0.0:8787            0.0.0.0:*               LISTEN      25292/rserver
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      11953/sshd
    tcp6       0      0 :::6088                 :::*                    LISTEN      22623/./frps
    tcp6       0      0 :::6066                 :::*                    LISTEN      22623/./frps
    tcp6       0      0 :::6099                 :::*                    LISTEN      22623/./frps
    tcp6       0      0 :::6035                 :::*                    LISTEN      22623/./frps
    tcp6       0      0 :::22                   :::*                    LISTEN      11953/sshd
    tcp6       0      0 :::7000                 :::*                    LISTEN      22623/./frps
    tcp6       0      0 :::7066                 :::*                    LISTEN      22623/./frps
    tcp6       0      0 :::6011                 :::*                    LISTEN      22623/./frps
    tcp6       0      0 :::7099                 :::*                    LISTEN      22623/./frps

使用 ssh 连接

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
ssh -p 6066 fl@xxx.xxx.xxx.xxx
''$'\n''            '   boost_1_70_0.tar.bz2   Documents              log      Pictures          Templates   Videos
 anaconda2              clion-2019.2           Downloads              Music    Public            test.pdf
 anaconda3              CLionProjects          Dropbox                myData   R                 test.Rmd
 antigen.zsh            data                   libraries              mydeck  'R 入门教程.pdf'   texmf
 bin                    Desktop               'Linux 入门教程.html'   myLog    tarball           tmp
 Boost                  disk                  'Linux 入门教程.pdf'    opt      temp              tmp_disk

RSA key fingerprint is ×××××××××××××××××××××××××××××××××××××××××
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[XXX.XXX.XXX.XXX]:6066' (RSA) to the list of known hosts.
Last login: Tue Oct  8 20:03:19 2019 from 192.168.1.111

总结

其实网上有很多类似的教程,但是如果一味的照搬他们的方法,其实是不能实现连接的。这里面的小技巧是要记得使用 firewall 开放端口的远程访问权限,才能进行转发。

相关内容

william 支付宝支付宝
william 微信微信
0%