内网穿透初步探索实践

内网穿透初步

正常来说两台Linux设备只有在同一局域网下才可以进行互相的ssh远程登录

那么如果不在一个网段下，比方说一台在家里连着家里的WIFI，一台在学校连着实验室的WIFI，这种情况要想实现ssh远程登录则需要用到内网穿透

这就需要用到一个开源框架frp

https://github.com/fatedier/frp

在这里下载与主机架构对应的版本

https://github.com/fatedier/frp/releases

查看安装的Linux架构/版本

cat /proc/version

prejudice@prejudice-VirtualBox:~$ cat /proc/version
Linux version 5.4.0-122-generic (buildd@lcy02-amd64-035) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #138~18.04.1-Ubuntu SMP Fri Jun 24 14:14:03 UTC 2022

[lighthouse@VM-4-11-centos ~]$ cat /proc/version 
Linux version 4.18.0-348.7.1.el8_5.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version 8.5.0 20210514 (Red Hat 8.5.0-4) (GCC)) #1 SMP Wed Dec 22 13:25:12 UTC 2021

💡 x86_64即amd64

学习视频

其实B站搜frp就有很多

如何优雅地访问远程主机？SSH与frp内网穿透配置教程

frp安装使用教程

学习文档

官网给了教程，实在是很贴心

https://gofrp.org/docs/

通过 SSH 访问内网机器

运行下述命令的时候

ssh -oPort=6000 test@x.x.x.x

中间-oPort=6000实际上可以简化为-p 6000

这里的端口是公网用于listen的端口，frp 会将请求 x.x.x.x:6000 的流量转发到内网机器的 22 端口，因此这里x.x.x.x也是公网IP

服务端有两个端口，一个负责接收客户端的连接，一个负责监听与流量转发，有点类似于TCP通信的connectfd和listenfd ，实际上也是基于TCP通信实现的

因此需要在云服务器上打开两个端口的防火墙

简单实操

云服务器端

运行服务端程序

[lighthouse@VM-4-11-centos frp_0.44.0_linux_amd64]$ ./frps -c ./frps.ini 
2022/07/21 21:18:23 [I] [root.go:209] frps uses config file: ./frps.ini
2022/07/21 21:18:23 [I] [service.go:194] frps tcp listen on 0.0.0.0:7000
2022/07/21 21:18:23 [I] [root.go:218] frps started successfully

笔记本端运行./frpc -c ./frpc.ini 后，新建个登录窗口

[lighthouse@VM-4-11-centos /]$ ssh -p 6000 redwall@1.116.137.21
redwall@1.116.137.21's password: 
Welcome to Ubuntu 18.04.6 LTS (GNU/Linux 5.4.0-122-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

0 updates can be applied immediately.

New release '20.04.4 LTS' available.
Run 'do-release-upgrade' to upgrade to it.

Your Hardware Enablement Stack (HWE) is supported until April 2023.
Last login: Thu Jul 21 17:05:31 2022 from 192.168.1.137
redwall@redwall-G3-3500:~$

看到已经成功远程登录，可以进行相关操作了

redwall@redwall-G3-3500:~$ ls
catkin_ws  CUDA_Samples  Test  公共的  模板  视频  图片  文档  下载  音乐  桌面
redwall@redwall-G3-3500:~$ pwd
/home/redwall

注意到客户端连接时会提示

2022/07/21 21:30:39 [I] [service.go:450] [f4703ace8f5e3c8f] client login info: ip [114.213.236.99:47292] version [0.44.0] hostname [] os [linux] arch [amd64]
2022/07/21 21:30:39 [I] [tcp.go:64] [f4703ace8f5e3c8f] [ssh] tcp proxy listen port [6000]
2022/07/21 21:30:39 [I] [control.go:465] [f4703ace8f5e3c8f] new proxy [ssh] type [tcp] success

有远程登录时会提示

2022/07/21 21:31:01 [I] [proxy.go:179] [f4703ace8f5e3c8f] [ssh] get a user connection [1.116.137.21:52368]

退出ssh远程登录时会提示

2022/07/21 21:28:31 [I] [control.go:307] [a1a79c2d05ad0fae] control writer is closing
2022/07/21 21:28:31 [I] [proxy.go:88] [a1a79c2d05ad0fae] [ssh] proxy closing
2022/07/21 21:28:31 [W] [proxy.go:176] [a1a79c2d05ad0fae] [ssh] listener is closed: accept tcp [::]:6000: use of closed network connection
2022/07/21 21:28:31 [I] [control.go:396] [a1a79c2d05ad0fae] client exit success

还是非常人性化的

笔记本端

打开终端查看网络信息

redwall@redwall-G3-3500:~$ ifconfig 
enp59s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 8c:47:be:3b:dd:d2  txqueuelen 1000  (以太网)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (本地环回)
        RX packets 1351  bytes 123182 (123.1 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1351  bytes 123182 (123.1 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp0s20f3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.137  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::5348:35ba:d99a:6366  prefixlen 64  scopeid 0x20<link>
        ether ac:12:03:c9:3a:01  txqueuelen 1000  (以太网)
        RX packets 11079  bytes 12274960 (12.2 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3983  bytes 509254 (509.2 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

简单配置frpc.ini

[common]
server_addr = 1.116.137.21
server_port = 7000

[ssh]
type = tcp
local_ip = 192.168.1.137
local_port = 22
remote_port = 6000

打开一个终端运行

redwall@redwall-G3-3500:~/Test/frp_0.44.0_linux_amd64$ ./frpc -c ./frpc.ini 
2022/07/21 21:19:06 [I] [service.go:349] [a1a79c2d05ad0fae] login to server success, get run id [a1a79c2d05ad0fae], server udp port [0]
2022/07/21 21:19:06 [I] [proxy_manager.go:144] [a1a79c2d05ad0fae] proxy added: [ssh]
2022/07/21 21:19:06 [I] [control.go:181] [a1a79c2d05ad0fae] [ssh] start proxy success