Even monkeys can penetrate the intranet!

Hello, everyone, I am amazing.

I recently turned my old computer into a NAS, and I wanted to try to penetrate the intranet. I looked at some solutions, but found that none of them were the latest version and could not be used at all. This time I will share with you the steps of intranet penetration that even a monkey can do.

1. Preparation prerequisites

Prepare the following resources in advance:

• A Tencent Cloud server is available for free trial for one month.
• For local services, this article uses the installed Feiniu NAS system and runs the Trilium docker image, port 8082.
• Supports multiple protocols such as TCP, UDP, HTTP, HTTPS, etc., focusing on high-performance reverse proxy application frp installation package for intranet penetration (latest version 0.61.0)

2. Server-side steps (Tencent Cloud Server)

1. Download

The latest version of frp, or you can download it in advance and upload it to the server:

 wget https://github.com/fatedier/frp/releases/download/v0.61.0/frp_0.61.0_linux_amd64.tar.gz

2. Unzip

Unzip in the downloaded directory:

 tar -zxvf frp_0.61.0_linux_amd64.tar.gz

After decompression, the following figure is shown:

Enter the unzipped directory:

You can see several files, frpc (client script), frpc.toml (client configuration), frps (server script), frps.toml (server configuration)

3. Edit the server configuration

We are currently editing the server configuration:

 frps.toml

You can use winSCP to connect to the server and open, edit and save directly:

Let's check what the following configurations contain:

The following are the contents of the configuration file:

 # 服务端口bindPort = 7001 #通过此端口和客户端进行连接# 授权码，请改成更复杂的客户端会用到auth.token = "tokenxxxxxxx" # 服务端通过此端口监听和接收公网用户的http请求vhostHTTPPort = 7002 # dashboard配置及fpr网页登录的监控地址和端口webServer.addr = "0.0.0.0" webServer.port = 7003 # dashboard 用户名密码，可选，默认为空webServer.user = "admin" webServer.password = "admin"

4. Open the server firewall

The above ports 7001, 7002, and 7003 are all open in the firewall policy.

You can operate in Tencent Cloud:

5. Start the server

After completing the above steps, we start the fpr server and use one of the following commands in the directory just unzipped:

 ./frps -c ./frps.toml # 直接启动，命令窗口关闭后， ./frps -c ./frps.toml & # 后台守护执行

At this point you can see that the startup is successful:

3. Client-side steps (local server)

1. Download

The steps for uploading and installing are the same as those on the server:

Switch to the frp directory and you can see the following files.

2. Edit the client configuration

Also go to the frp directory and edit the frpc.toml file:

 serverAddr = "42.xxx.xxx.xxxx" #公网服务器地址serverPort = 7001 #fpr服务端的端口auth.token = "tokenxxxxxxx" #和上面服务端一样的token [[proxies]] # web 服务器http服务的方式作为进行内网穿透， frp支持TCP,UDP, HTTP,HTTPS, TCPMUX,STCP,SUDP 等name = "web" type = "http" localPort = 8082 customDomains = ["www.xxxx.xxx","42.xxx.xxx.xxxx"] # 域名或者，公网服务器地址

3. Start the client

Use the following command to start the client:

 ./frpc -c ./frpc.toml ./frpc -c ./frpc.toml & # 后台守护执行

At this point, intranet penetration has been achieved:

Log in to the frp website to check the service status (public IP + port 7003). The username and password are webServer.user and webServer.password in the server frps.toml.

You can see the reverse proxy http service:

Now you can access the service on the local Linux server through the public IP + port 7002.