Still frustrated by the lack of a public IP address? Today I teach you all, the fastest 2 minutes to take you to build enterprise-class penetration service, Ngrok, peanut shell, NATAPP, FRP, nail penetration, take you to complete the net, install forced to sell MOE 0 cost.
Are you troubled by the following questions
- I want to install a B to let other students access my program on the Internet, how to do?
- Received a small outsourcing, Demo to the customer no site, how to do?
- Do wechat, Alipay and other third-party platform functions, there is no external callback address, how to do?
Matching video address, click me watch video
An overview of the
Intranet penetration, also known as NAT penetration, is a computer term that translates to allowing your computer to be accessed directly by your friends. Usually our computers can’t be accessed by themselves. Because our computers lack their own independent IP addresses. Now that IP is scarce, telecom operators will no longer randomly assign fixed IP addresses to individuals.
Intranet penetration is usually achieved through port mapping on routers. However, not everyone has the permission to access and set up routers, and there may be complex network structure of multi-level routers. Port mapping also cannot be implemented.
Tool to compare
-
Ngrok
Open source, old penetration tool, source code has not been updated for a long time
-
Nailing through
Tools based on NGROk package, simple, quick, novice, individual developers the best choice
-
Peanut shells
You need to establish an account for real-name authentication, pay 2 bao Wei Long latiao fee, you can choose a shell domain name, the registration process is more troublesome, traffic restrictions
-
NATAPP
Free channel: provides HTTP, TCP,UDP full tunnel penetration, random domain name/random TCP,UDP port, random change of domain name/port, 4 packets can enjoy unlimited traffic, customized domain name and other benefits
-
FRP self-built
Open source, powerful and awesome, suitable for enterprise development and use, can penetrate any conventional legal port (including 22), need to provide cloud server, own domain name, broadband upper limit determined by your server.
Ngrok (strong)
Ngrok has three optional versions, international version, domestic version, millet ball version, here I take the domestic version and millet ball version as the explanation.
Ngrok international version
Login international version of the official website, registered account, but the foreign version of the visit is very slow, time is money, do not recommend to toss, eager to install force I give up decisively.
Ngrok domestic version
Because of the speed of access, there is a domestic version, named sunny-ngrok, visit the address as follows:
- Liverpoolfc.tv: ngrok. Cc
- Background address: www.ngrok.cc/user
The steps are as follows:
-
Visit the ngrok website to download the client for your computer, and download the Mac version
-
Now what about the website? After registering, log in to the background address
-
Prompt binding public number, scan code binding
-
Open free tunnel to try the effect, if often use, suggest to buy a 10 yuan
-
Configure server mapping information
The tunnel ID in the figure above is the key, circled, to be used next
-
Start the Client
Open CMD in the command line window and cut flowers to the downloaded client directory
-
Enter the following command to start the client
Exe clientid Tunnel ID For example, run sunny.exe clientid 56259703FE6e1755Copy the code
This is what happens when you succeed
The preceding domain name maps to port 9080 on my host, which means that accessing the preceding domain name is the same as accessing 127.0.0.1:9080 on my host
-
Next, an accessible service starts locally, with port 9080
-
Browser access, or ask your friend to visit from afar, by the way, install B
These two messages can be deleted in editing as follows
So let’s visit again
-
conclusion
- Downloading a Client
- Buy a tunnel from the official website and use it as a channel to get through to your local area. Record the tunnel ID
- (Optional) Setting HTTP Authorization Information
- Start the client using the command line interface (CLI) and enter the corresponding command and tunnel ID to return to the page for successfully starting the client
- Enable the Http service for the local port (in any language)
- Use the domain name given by the client to access and watch
- Disadvantages: Frequent convulsions, unstable service, not recommended
Millet ball ngrok
Built by individual developers based on ngrok1.7 version of the source code, the official website: ngrok.ciqiuwl.cn/
-
Go to the console to register and get the token…
-
After login, download the client corresponding to your machine version on the console home page and unzip it to your favorite directory
-
Obtain the token on the console
-
Modify the ngrok.conf configuration file in the decompressed directory, because some parameters have been used
The preceding ports can also be modified based on the actual situation
-
On the command line, go to the ngrok client directory
-
Start the BAT shortcut or run the following command
-
Execute the command
Ngrok. exe -config ngrok.conf -log=ngrok.log start Tunnel name Example: ngrok.exe -config ngrok.conf -log=ngrok.log start httptunCopy the code
-
Click the shortcut bat to start
-
The result of success is as follows. If it fails, check that the token is correct and the subdomain is complex enough
-
The results of failure are as follows
-
-
Start the server to verify that the request penetration result is valid
-
The usage is almost the same as the ngrok domestic version, indicating that the domestic version is also based on services provided by open source programming
Nail penetration (simple)
Github download address
Junge prepared the download address
- Link: pan.baidu.com/s/1KbQG-omG…
- Extraction code: NSNH
Use Windows
I have it in D:\tifang\code\ tfServer \ untidy directory
-
Open the CMD command line, go to the current directory, and enter the following parameters
C: Users\nobug>D: D:\>cd D:\tifang\code\tfserver\pierced\ D:\tifang\code\tfserver\pierced>cd windows_64 D:\tifang\code\tfserver\pierced\windows_64>ding.exe -config=./ding.cfg -subdomain=abcdefg 9085Copy the code
-
Result after execution
The figure below mapped to your local said domain name http://abcdefg.vaiwan.com http://127.0.0.1:9085
-
Enable local port 9085 service, then access the interface in the browser
-
Try to access the penetrate domain name
Use the MAC
Please refer to the official documents for details
Linux USES
Wait to supplement, auspicious see official document
Peanut shell (personalized)
- Open the peanut shell official website, download the peanut shell client and install it
- Sign up for a peanut shell account and log in
- Configure and use according to the help video and official help manual of peanut shell
- Peanut shells are often criticized for their complexity, occasional twitching and slow Internet connection
NATAPP (So-so)
-
Open the official website of NATAPP and download the corresponding client to the local PC
-
Log in with a NatApp account
-
Buy a free tunnel and configure it to obtain a token
-
Start the EXE file using the CMD command line interface (CLI) and specify the token
natapp.exe -authtoken=c92c66463fa9fc69 Copy the code
-
Browser access
-
Official document address: natapp.cn/article/nat…
Intranet Penetration Principle
Other Intranet penetration tools, NAT123, little Ant
FRP self-built (the strongest, preferred by enterprises)
Based on using
The self-built FRP requires the deployment of a server and a client. The server, like the peanut shell server and nGROk server, exposes a communication port and communicates with the client after the connection
-
The service side
Need to have public IP, the most suitable machine for cloud services (Ali Cloud/Tencent Cloud)
-
The client
Local Linux VMS or other physical machines
-
Download the FRP source code on the server side and client side respectively
$Wget HTTP: / / https://github.com/fatedier/frp/releases/download/v0.33.0/frp_0.33.0_linux_amd64.tar.gz $The tar XZVF frp_0. 33.0 _linux_amd64. Tar. Gz $The mv frp_0. 33.0 _linux_amd64 FRP Copy the code
-
The server deleted configurations related to the client. Procedure
$ rm -f frpc frpc.ini frpc_full.ini Copy the code
-
The client deleted configurations related to the server. Procedure
$ rm -f frps frps.ini frps_full.ini Copy the code
-
View the default configuration items of the client and server
[common] server_addr = 127.0.0.1 server_port = 7000 [SSH] type = TCP Local_ip = 127.0.0.1 local_port = 22 remote_port = 6000Copy the code
-
Configure the simplest FRPS
$ vim frps.ini[common] bind_port = 7000 # means to listen on port 7000 as an entry point for client conversationsCopy the code
Enable the firewall on port 7000 of the cloud server so that external users can access Intranet services through port 7000
My client IP is in port 101.81.125.0, so the client can connect to this server through port 7000
-
Starting the server
$ nohup ./frps -c frps.ini & Copy the code
-
The client configuration is as follows
$ vim frpc.ini[common] server_addr = Public IP address server_port = 7000Copy the code
-
Start the client
$ nohup ./frpc -c frpc.ini & Copy the code
Dashboard use
-
Server Configuration
Dashboard_port = 7500 # Username used to log in to the dashboard dashboard_user = admin Dashboard_pwd = admin Dashboard_pwd = adminCopy the code
-
Client Configuration
[common] server_addr = Public IP address server_port = 7000Copy the code
-
Configure an access security group for port 7500
-
Open the WEB page to view the FRP dashboard, visit http://server public IP address :7500 port in the browser, and enter the user name and password to log in
TCP penetration
-
Server Configuration
[common] bind_port = 7000 Copy the code
-
Client Configuration
[common] server_addr = IP address of the cloud server server_port = 7000 #Add the following configuration [ssh22] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 6000 #The preceding configuration indicates that port 6000 of the cloud server is open to clients Copy the code
-
SSH connection
$SSH 127.0.0.1 -l root -p 6000 Copy the code
The WEB through
-
Server Configuration
[common] bind_addr = 0.0.0.0 bind_port = 7000 Privilege_token = tokenABC vhost_http_port = 80 Vhost_https_port = 443 #HTTPS Port used by the hostCopy the code
Vhost_http_port = 80 and vhost_https_port = 443 do HTTP for port 80 and HTTPS for port 443, just like nginx.
Vhost_http_port and vhost_https_port normally use port 80 and port 443, but these two ports can easily be used by Nginx
-
Client Configuration
[common] server_ADDR = IP address of the cloud server server_port = 7000 Privilege_token = tokenABC [webtest] type = HTTP local_IP = 127.0.0.1 local_port = 80 custom_domains = webtest.it235.comCopy the code
-
Ali Cloud needs to open port 7000 for client access
-
Port 80 on the server cannot be occupied. If you want to remove the occupied port, you must work with Nginx to reverse proxy it to port 808
-
Nginx is used locally for domain name receiving reverse proxy
server { listen 80; server_name webtest.it235.com; location / { proxy_passhttp://127.0.0.1:9080/; }}Copy the code
MySQL to penetrate
-
Server Configuration
[common] bind_port = 7000 Copy the code
-
Client Configuration
[common] server_ADDR = CLOUD server IP server_port = 7000 [mysql_test] type = TCP local_IP = 127.0.0.1 local_port = 3306 remote_port = 3366Copy the code
-
The cloud server IP address and port 3366 can be used to connect to MySQL from the external network
Updates continue at….