Frp Internal Network Penetration Service Setup#
Introduction#
This article was written on 2023-04-24, with the server using Alibaba Cloud Free Tier Server running Ubuntu 18. The client uses Microsoft Windows 10 Enterprise N. The frp version is frp_0.48.0. It uses frp internal network penetration for campus network to facilitate Windows Remote Desktop, stable-diffusion page, Alist, and more.
Server#
Download#
| Github Homepage | Releases Page |
The frp version corresponds to the system and architecture.
Don't know which version to download? Use hostnamectl to check Linux system information:
# hostnamectl
Static hostname: gaoqiqiang
Icon name: computer-vm
Chassis: vm
Machine ID: ec8469a4caecdssfc4eb
Boot ID: 78dded31dc7e9f2a6c62
Virtualization: kvm
Operating System: Ubuntu 18.88.8 LTS
Kernel: Linux 5.55.0-202-generic
Architecture: x86-64 # x86-64 is also amd64
Extract and Move (Install) to Specified Directory#
# Extract
tar -zxvf compressed_file_name.tar.gz
# Move
mv ./frp /opt/
Configure frps.ini#
Since the project will be updated, the configuration below is only for reference for a specific version [frp_0.48.0]. The most effective way to configure is to check the frps_full.ini file in the downloaded files or view the repository page (you can use web translation) Repository
vim /opt/frp/frps.ini
Note: Comments must occupy a single line! Incorrect configuration: bind_port = 7000 # Incorrect comment
[common]
bind_addr = 0.0.0.0
bind_port = 7000
dashboard_port = 7500
# Specify the UDP port that the frps service binds to, which helps the frpc client penetrate NAT.
bind_udp_port = 7001
# UDP port for kcp protocol, it can be the same as bind_port.
# If not set, kcp will be disabled in frp.
kcp_bind_port = 7000
# Password for client connection
token = 12345678
# Setting log_file will not output logs to the console
log_file = ./frps.log
# trace, debug, info, warn, error
log_level = info
# Only allow frpc to bind the ports you list; if you set nothing, there will be no restrictions
#allow_ports = 2000-3000,3001,3003,4000-50000
# Dashboard user and password for basic authentication protection
dashboard_user = adminName
dashboard_pwd = password
Manual Run Test#
It is recommended to comment out log_file = ./frps.log so that you can see information in the console.
/opt/frp/frps -c /opt/frp/frps.ini
Check the output
[I] [root.go:206] frps uses config file: /opt/frp/frps.ini
[I] [service.go:200] frps tcp listen on 0.0.0.0:7000
[I] [service.go:210] frps kcp listen on udp 0.0.0.0:7000
[I] [service.go:302] nat hole udp service listen on 0.0.0.0:7001
[I] [service.go:317] Dashboard listen on 0.0.0.0:7500
[I] [root.go:215] frps started successfully
# Run successful
If the run fails, you can refer to the output information and check the frps.ini configuration, Google (GPT) for help.
Configure frps Service Item#
Use systemd to manage the service, ensure your Linux uses systemd (if not, you can install it) or use available management software, please learn on your own.
vim /lib/systemd/system/frps.service
The content is as follows:
[Unit]
Description = frps daemon # Service item description
After = network.target syslog.target
Wants = network.target
[Service]
Type = simple
# Replace /opt/frp with your actual frp installation directory
ExecStart = /opt/frp/frps -c /opt/frp/frps.ini
[Install]
WantedBy = multi-user.target
If this is not the first time editing this file, you may need to reload it.
Use the systemctl daemon-reload command to reload the configuration and apply changes.
Service Item Commands#
# Start frps
sudo systemctl start frps
# Enable auto-start
sudo systemctl enable frps
# Restart application
sudo systemctl restart frps
# Stop application
sudo systemctl stop frps
# Check status and logs
sudo systemctl status frps
Client#
Download Corresponding Version of frp#
Check Windows architecture:
Use msinfo32 or systeminfo command.
If System Type: x64-based PC, choose the amd64 Windows version.
Configure frpc.ini#
Test Demo#
You need to have a service available for testing to check the actual operation of the service, such as Alist, Remote Desktop, etc.
If you have nothing, you can use the open-source software Simple Web Server to set up a simple website service for testing. This software is supported by my Chinese localization, and even the official documentation has been translated! | Github Page | Releases Page | Official Website | Official Documentation |
Start Configuration#
Note: Comments must occupy a single line! Incorrect configuration: bind_port = 7000 # Incorrect comment
[common]
# Server address
server_addr = 822.222.222.229
# Server bind_port
server_port = 7000
token = 12345678
# ServerUDPPort specifies the port used by the server to penetrate the NAT tunnel. By default, this value is 0.
# This parameter is only used when executing "nathole discover" in the command line.
# server_udp_port = 0
# If you want to connect to frps through http proxy, socks5 proxy, or ntlm proxy, you can set http_proxy here or in global environment variables.
# Only effective when the protocol is tcp.
# http_proxy = http://user:[email protected]:8080
# http_proxy = socks5://user:[email protected]:1080
# http_proxy = ntlm://user:[email protected]:2080
# Name of the service, can be anything
[web]
# Type of traffic forwarding
# tcp | udp | http | https | stcp | xtcp, default is tcp
type = tcp
# Local address
local_ip = 127.0.0.1
# Local port
local_port = 9999
# Remote port
remote_port = 8083
[rdp]
type = tcp
local_ip = 127.0.0.1
local_port = 3389
remote_port = 8082
Manual Run Test#
Note: The server side needs to be running normally; it is recommended to run both sides manually for real-time log viewing.
Run in Windows cmd
cd /d frp_directory
frpc.exe -c frpc.ini
[I] [service.go:299] login to server success, get run id [xx], server udp port [7001]
[I] [proxy_manager.go:142] proxy added: [sd rdp]
[I] [control.go:172] [sd] start proxy success
[I] [control.go:172] [rdp] start proxy success
# Penetration successful, corresponding service successfully mapped
Server-side log
[I] [service.go:500] client login info: ip [xxx] version [0.48.0] hostname [] os [windows] arch [amd64]
[I] [tcp.go:66] [] [sd] tcp proxy listen port [8888]
[I] [control.go:464] new proxy [sd] type [tcp] success
[I] [tcp.go:66] [] [rdp] tcp proxy listen port [9999]
[I] [control.go:464] [] new proxy [rdp] type [tcp] success
The service is successful; access the corresponding port to see the result.
Configure frpc Service Item#
There are many ways to set regular programs as service items on Windows. I use the open-source software nssm. Although the software has not been updated for many years, the GUI interface is not very convenient to use on Win10, but it is still usable.
The use of nssm software is not covered in this article.
Available software includes:
- nssm (open-source, free) | Official Website | Download Link | Git Page |
- AlwaysUp (closed-source, paid) | Official Website | Reference Link |
Frp Console#
Access: http://IP_address:7500 If authentication is configured in frps.ini, you will also need to enter the username and password.
Others#
About Configuration Files#
[common] means common configuration. Configuring in this node manner is a common practice in ini files. As the name suggests, if there are multiple frps servers, you can also set each application's frps service separately. This article will not elaborate; referring to the official documentation is the best way to learn frpc.ini.
nathole discover is a command-line tool in the frp toolkit used to detect whether there is a NAT tunnel in the current network environment and attempt to establish a connection by penetrating the NAT tunnel.
When using frp for internal network penetration, if there is a NAT tunnel between the client and the server, it will lead to an inability to establish a connection. By executing the nathole discover command, frp can detect whether there is a NAT tunnel in the current network environment and attempt to establish a connection by penetrating the NAT tunnel, thus solving the connection problem.
When executing the nathole discover command, frp will send UDP packets to the server and obtain information such as NAT type and public IP address from the server's response. Based on the obtained information, frp attempts to penetrate the NAT tunnel using different methods to establish a connection.
It is important to note that the nathole discover command is only applicable to UDP type proxies, as it requires the use of UDP packets for detection. If you are using a TCP type proxy, you cannot use the nathole discover command to penetrate the NAT tunnel.
Proxy Types#
frp supports various proxy types to adapt to different usage scenarios.
| Type | Description |
|---|---|
| tcp | Pure TCP port mapping; the server routes to different internal services based on different ports. |
| udp | Pure UDP port mapping; the server routes to different internal services based on different ports. |
| http | Customizes some additional features for HTTP applications, such as modifying Host Header and adding authentication. |
| https | Customizes some additional features for HTTPS applications. |
| stcp | Secure TCP internal proxy; requires frpc to be deployed on both the accessed and accessing machines, no need to expose ports on the server. |
| sudp | Secure UDP internal proxy; requires frpc to be deployed on both the accessed and accessing machines, no need to expose ports on the server. |
| xtcp | Peer-to-peer internal penetration proxy; functions the same as stcp, but traffic does not need to go through the server. |
| tcpmux | Supports multiplexing of server TCP ports, allowing access to different internal services through the same port. |
Reference links:
| Feature Characteristics | Proxy Types |
Resource Summary#
- Frp
| Github Homepage | Frp Official Documentation | - Alibaba Cloud Free Tier Program
| Homepage | Student Page | - Simple Web Server
| Github Page | Releases Page | Official Website | Official Documentation | - nssm
| Official Website | Download Link | Git Page | - AlwaysUp
| Official Website | Reference Link |