Building frp – The Ultimate Intranet Penetration Tool for Linux

Environment:

Local Network <---> Public Network<—> Internal Network
 

Server (Linux, proxy):

23.105.195.x
Domain (resolve to
23.105.195.x in advance)

vpn.xxx.org
 

Client (Linux, internal):

192.168.20.x

Project URL:

https://github.com/fatedier/frp/releases

One PC

Configure Server:

mkdir -p /usr/local/frp && && cd /usr/local/frp
wget http://mirror.cnop.net/frp/frp_0.13.0_linux_amd64.tar.gz

tar -zxvf frp_0.13.0_linux_amd64.tar.gz && mv frp_0.13.0_linux_amd64/* ./
 

Focus on 4 files: frpc, frpc.ini (client) and frps, frps.ini (server).

 

Configure server (public VPS): first deletefrpc、frpc.iniboth files

rm -rf frpc frpc.ini

vi ./frps.ini

bind_port = 7000 # communication port with client

vhost_http_port = 6081 # custom port for accessing client web service

Start:

./frps -c ./frps.ini

Configure auto-start:

vi /etc/systemd/system/frps.service

 

[Unit]

Description=FRP Client Daemon

After=network.target

Wants=network.target

 

[Service]

Type=simple

ExecStart=/usr/local/frp/frps -c /usr/local/frp/frps.ini

Restart=always

RestartSec=20s

User=nobody

 

[Install]

WantedBy=multi-user.target

 

systemctl daemon-reload && systemctl start frps && systemctl enable frps

Configure Client:

mkdir -p /usr/local/frp && && cd /usr/local/frp && wget https://github.com/fatedier/frp/releases/download/v0.13.0/frp_0.13.0_linux_amd64.tar.gz

 

tar -zxvf frp_0.13.0_linux_amd64.tar.gz && mv frp_0.13.0_linux_amd64/* ./

 

First deletefrps、frps.iniboth files, then configure:

rm -rf frps frps.ini

vi ./frpc.ini # remove comments below

 

[common]

server_addr = 23.105.195.48 #public server IP

server_port = 7000 #same as server bind_port, forwarding port on server
 

[ssh]

type = tcp

local_ip = 192.168.20.126 #internal server IP

local_port = 22 #internal SSH default port

remote_port = 6000 #custom port for internal SSH access, used for remote testing

 

[web]

type = http

local_port = 8181 # internal web service port

custom_domains = vpn.xxx.org #bound public server domain (top-level or subdomain)

 

[mysql]

type = tcp

local_port = 3306 # internal MySQL port (default 3306)

remote_port = 13306 # external port for MySQL access

 

./frpc -c ./frpc.ini

Configure auto-start:

vi /etc/systemd/system/frpc.service

 

[Unit]

Description=FRP Client Daemon

After=network.target

Wants=network.target

 

[Service]

Type=simple

ExecStart=/usr/local/frp/frpc -c /usr/local/frp/frpc.ini

Restart=always

RestartSec=20s

User=nobody

 

[Install]

WantedBy=multi-user.target

 

systemctl daemon-reload && systemctl start frpc && systemctl enable frpc

Access Test:

Test with PC:

(1) External SSH access to internal server (using config data):

23.105.195.x (or vpn.xxx.org) port 6000Username Password

 

(2) Custom domain access to internal web service (using config data):
 

vpn.xxx.org:6081

 

(3)mysql
Port 13306

 

Leave a Comment

Your email address will not be published.