FRP内网穿透

• 配置FRP

FRP GitHub官网 下载对应系统的release版本。然后分别配置服务端的 frps.ini 和客户端的 frpc.ini 文件。

服务端

[common]
bind_port = 8000
bind_udp_port = 8000
bind_addr = 0.0.0.0
allow_ports = 10001-22500

dashboard_port = 7500
dashboard_user = user
dashboard_pwd = password

authentication_method = token
token = token
tls_only = true

客户端

[common]
server_addr = x.x.x.x
server_port = 8000
protocol = websocket
token = token
tls_enable = true

[BT Listen TCP]
type = tcp
local_ip = 127.0.0.1
local_port = 22223
remote_port = 22223

[BT Listen UDP]
type = udp
local_ip = 127.0.0.1
local_port = 22223
#remote_port = 22223

• 设置自启动

新建 frp.service 文件

$ sudo nano /lib/systemd/system/frp.service

写入内容

[Unit]
Description=frp service
After=network.target syslog.target
Wants=network.target

[Service]
Type=simple
# 服务端
ExecStart=/home/ubuntu/frp/frps -c /home/ubuntu/frp/frps.ini
# 客户端
# ExecStart=/root/frp/frpc -c /root/frp/frpc.ini

[Install]
WantedBy=multi-user.target

使用 systemctl 启动服务

# 启动frp
$ sudo systemctl start frp
# 开机自启动 
$ sudo systemctl enable frp
# 重启
$ sudo systemctl restart frp
# 停止
$ sudo systemctl stop frp
# 查看日志
$ sudo systemctl status frp

Dante Socks5代理

• 安装Dante

安装

$ apt update
$ apt install dante-server

检查安装版本

$ root@your_host:~# danted -v
Dante v1.4.2

• 配置Dante

检查服务器接口

$ root@your_host:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:50:56:06:d1:d0 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.1 scope global eth0
       valid_lft forever preferred_lft forever

备份原始配置文件并打开

$ mv /etc/danted.conf /etc/danted.conf.bak
$ nano /etc/danted.conf

修改配置文件

logoutput: /var/log/socks.log
# eth0替换成上面查询到的接口
internal: eth0 port = 1080
external: eth0
clientmethod: none
#socksmethod: none // for non-authentication
socksmethod: username
user.privileged: root
user.notprivileged: nobody

client pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: error connect disconnect
}
client block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect error
}
socks pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        command: bind connect udpassociate
        log: error connect disconnect
}
socks pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        command: bindreply udpreply
}

创建用户

$ useradd user -r
$ passwd user

使用 systemctl 启动服务

# 启动Dante
$ sudo systemctl start danted
# 开机自启动 
$ sudo systemctl enable danted
# 重启
$ sudo systemctl restart danted
# 停止
$ sudo systemctl stop danted
# 查看日志
$ sudo systemctl status danted

References:

  1. https://www.cometbbs.com/t/linux-centos-vps%E6%9C%8D%E5%8A%A1%E5%99%A8%E4%B8%AD%E5%AE%89%E8%A3%85frp%E5%86%85%E7%BD%91%E7%A9%BF%E9%80%8F%E8%BD%AF%E4%BB%B6%E4%B8%BA%E6%AF%94%E7%89%B9%E5%BD%97%E6%98%9Fbt%E7%A7%8D%E5%AD%90%E4%B8%8B%E8%BD%BD%E6%8F%90%E4%BE%9B%E5%85%AC%E7%BD%91ip%E7%BB%BF%E7%81%AF%E5%BC%80%E6%94%BE%E7%AB%AF%E5%8F%A3/60864
  2. https://community.hetzner.com/tutorials/install-and-configure-danted-proxy-socks5
  3. https://unix.stackexchange.com/questions/166782/how-can-i-force-socks-proxydanted-to-open-udp-port