FRP helps you expose a local server behind a NAT

  • Github: https://github.com/fatedier/frp
  • Document: EN, 中文
  • Introduction: frps is a fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
  • Advantage:compared with teamviewer, frp does not request you to install any application on your device (laptop, pc etc.), only you need to do is ssh -oPort=xxxx username@x.x.x.x. Compared with ngrox, open-source ngrox 1.x version may cause very serious memory leaks, improved ngrox 2.x version is not open-source any more.

This blog mainly tells how to communicate with your computer in LAN by SSH, based on frp 0.9.1

Server

  1. Modify frps_min.ini

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    [common]
    bind_addr = 0.0.0.0
    bind_port = 7000
    vhost_http_port = 80
    vhost_https_port = 443
    dashboard_port = 7500
    privilege_mode = true
    privilege_token = xxxxxx
    privilege_allow_ports = 2000-3000,4000-50000

    [ssh]
    type = tcp
    auth_token = xxxxx
    bind_addr = 0.0.0.0
    listen_port = 6000

    You should make the tokens complex enough, to ensure the safety. Notice one listen_port corresponds to one local machine behind a NAT of firewall. so if you want to add a newer proxy, you should add the below codes:

    1
    2
    3
    4
    5
    [new_ssh]
    type = tcp
    auth_token = xxxxx
    bind_addr = 0.0.0.0
    listen_port = 6001

    However it could be quite inconvenient, cause we have to operate it each time we want to add a new proxy, so privilege mode is coming out, which allows you to modify configuration in your local machine, without changing server setting. And definition of privilege_allow_ports could prevent abuse of ports in privilege mode.

  2. Start frps in background

    1
    nohup ./frps -c ./frps_min.ini &

    Sometimes it needs root permission, then you have to command sudo -s to enter root user at first.

Client

  1. modify frpc_min.ini

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    [common]
    server_addr = x.x.x.x
    server_port = 7000
    auth_token = xxxxx
    privilege_token = xxxxx

    [ssh]
    privilege_mode = true
    type = tcp
    local_ip = 127.0.0.1
    local_port = 22
    remote_port = xxxx

    Notice I enable privilege mode here. The auth_token and privilege_token should be the samle as which in server.

  2. start frpc in the backgroud

    1
    nohup ./frpc -c ./frpc_min.ini

User

1
ssh -oPort=xxxx username@x.x.x.x

Here oPort is the remote_port in frpc_min.ini, username is the name of local machine behind the NAT.

Restart and stop

restart (or reload): ./frps -c ./frps_min.ini --reload

stop: use ps -ef | grep frp to get frps or frpc pid, then kill -9 $(pid)