It is usually a big challenge for geeks who would love to access their local server over the internet. Don’t you worry no more, we shall be exploring a tool that can be used to expose your local server and services behind a firewall on NAT over the internet. In this article you’ll learn to expose a Local Server behind a NAT or firewall to the internet using FRP Proxy.
FRP proxy is a reverse proxy written in Golang that allows you forward a port of your local server behind a firewall or NAT to a public server.
FRP proxy currently supports TCP, UDP, HTTP and HTTPS protocols.
Let us explore the basic configuration methods for FRP proxy.
Before you can have this setup up and running, you need the following:
- A local server that is behind a firewall or NAT, e.g your laptop.
- A remote server with a public IP, e.g AWS EC2 instance.
Installation of FRP Proxy
Let us jump into the installation part.
Step 1 – Download and extract FRP
Download the latest version of FRP from their Github repository. This should be downloaded on both the local and the public server.
wget https://github.com/fatedier/frp/releases/download/v0.34.1/frp_0.34.1_linux_amd64.tar.gzExtract the downloaded package
tar -xvf frp_0.34.1_linux_amd64.tar.gz
The following files are in the extracted directory:
$ cd frp_*_linux_amd64
$ ls
frpc frpc_full.ini frpc.ini frps frps_full.ini frps.ini LICENSE systemd
At the public server, the frps and frps.ini file are needed.
Step 2 – Setup Public server
On the public server, we only need to set the bind_port under the [common] in the frps.ini file to 7000. This is the default port, you can also define your own port depending on your preference.
$ sudo vi frps.ini
[common]
bind_port = 7000
Step 3 – Start FRP on public server
We need to start the service on the public server to allow connections from the local server.
The following command shall be used:
./frps -c ./frps.iniYou should see an output that the service is listening on the specified port:
$ ./frps -c ./frps.ini
2020/11/07 11:17:36 [I] [service.go:190] frps tcp listen on 0.0.0.0:7000
2020/11/07 11:17:36 [I] [root.go:212] start frps successStep 4 – Configure FRP on local server
With FRP up and running on the Public server, the next step is to configure the local server.
For example, to expose ssh on our local server. The required files on the local server are frpc and frpc.ini.
Edit the frpc.ini file and add the following details:
- Put the Public servers IP in the server_addr value and the port you defined in the Public server under the [common] section.
[common]
server_addr = <PUBLIC_SERVER'S IP>
server_port = 7000
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000In the above configuration, we have exposed port 22 of our local server to port 6000 of the public server.
We have also defined the protocol that we’re using, TCP.
We can also expose a web service running on your local server in the same configuration. You can add the webserver details just below the ssh configuration in the frpc.ini file.
In the example below, the webserver is running on port 80 of the local server and will be forwarded to port 8080 of the public server.
[web]
type = tcp
local_ip = 127.0.0.1
local_port = 80
remote_port = 8080Step 5 – Start FRP on local server
The following step is to start FRP service on the local server.
./frps -c ./frps.iniYou can now ssh to your local server using the following command:
ssh -oPort=6000 username@<Public-server's IP>You can also access the webserver running on the public server’s port 8080
http://<public_server's IP>:8080You should also allow the respective ports on the remote server if you have a firewall configured.
Monitor FPS using Dashboard
FPS has its own dashboard that can be configured to view the stats and metrics.
To activate you need to add the details below in the frps.ini file of the Public server.
[common]
bind_port = 7000
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = adminYou can specify the username and password to the details of your choice. Then restart frps.
You can open the dashboard on port 7500 of the public server.
Daemonize FRP service
You might want to have FRP services on local and public server running as a service/daemon.
To daemonize frps service on the public server:
- Copy the frps file to /usr/bin
sudo cp frp_*_linux_amd64/frps /usr/bin2. Copy the frps.service file in systemd folder to /etc/systemd/system.
sudo cp frp_*_linux_amd64/systemd/frps.service /etc/systemd/system3. Create folder called frp in /etc/ directory.
sudo mkdir -p /etc/frp4. Copy frps.ini file to /etc/frp
sudo cp frp_*_linux_amd64/frps.ini /etc/frp5. Reload daemon
sudo systemctl daemon-reload6. Start frps service
sudo systemctl start frps.serviceCheck service status after starting:
$ systemctl status frps
● frps.service - Frp Server Service
Loaded: loaded (/etc/systemd/system/frps.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2020-11-07 16:19:41 EAT; 1s ago
Main PID: 1081169 (frps)
Tasks: 11 (limit: 49439)
Memory: 16.3M
CGroup: /system.slice/frps.service
└─1081169 /usr/bin/frps -c /etc/frp/frps.ini
Nov 07 16:19:41 server.geeksforgeeks.org systemd[1]: Started Frp Server Service.
Nov 07 16:19:41 server.geeksforgeeks.org frps[1081169]: 2020/11/07 16:19:41 [I] [service.go:190] frps tcp l>
Nov 07 16:19:41 server.geeksforgeeks.org frps[1081169]: 2020/11/07 16:19:41 [I] [service.go:289] Dashboard >
Nov 07 16:19:41 server.geeksforgeeks.org frps[1081169]: 2020/11/07 16:19:41 [I] [root.go:212] start frps su>
Nov 07 16:19:42 server.geeksforgeeks.org frps[1081169]: 2020/11/07 16:19:42 [I] [service.go:444] [cde064bce>
Nov 07 16:19:42 server.geeksforgeeks.org frps[1081169]: 2020/11/07 16:19:42 [I] [tcp.go:63] [cde064bcec86ff>
Nov 07 16:19:42 server.geeksforgeeks.org frps[1081169]: 2020/11/07 16:19:42 [I] [control.go:446] [cde064bce>
Nov 07 16:19:42 server.geeksforgeeks.org frps[1081169]: 2020/11/07 16:19:42 [I] [tcp.go:63] [cde064bcec86ff>
Nov 07 16:19:42 server.geeksforgeeks.org frps[1081169]: 2020/11/07 16:19:42 [I] [control.go:446] [cde064bce>
To daemonize frpc service on local server:
- Copy frpc file to /usr/bin
sudo cp frp_*_linux_amd64/frpc /usr/bin2. Create folder called frp in /etc/ directory.
sudo mkdir -p /etc/frp3. Copy frpc.ini file to /etc/frp
sudo cp frp_*_linux_amd64/frpc.ini /etc/frp4. Copy the frpc.service file in ~/frp_*_linux_amd64/systemd folder to /etc/systemd/system/.
sudo cp frp_*_linux_amd64/systemd/frpc.service /etc/systemd/system/5. Reload daemon
sudo systemctl daemon-reload6. Start frpc service
sudo systemctl start frpc.serviceConfirm service is in running state:
$ systemctl status frpc
● frpc.service - Frp Client Service
Loaded: loaded (/etc/systemd/system/frpc.service; disabled; vendor preset: enabled)
Active: active (running) since Sat 2020-11-07 14:59:23 EAT; 1h 22min ago
Main PID: 1898174 (frpc)
Tasks: 11 (limit: 18957)
Memory: 3.9M
CGroup: /system.slice/frpc.service
└─1898174 /usr/bin/frpc -c /etc/frp/frpc.ini
Nov 07 16:20:05 local frpc[1898174]: 2020/11/07 16:20:05 [I] [control.go:276] [cde064bcec86ffe7] control writer i>
Nov 07 16:20:05 local frpc[1898174]: 2020/11/07 16:20:05 [I] [service.go:174] [cde064bcec86ffe7] try to reconnect>
Nov 07 16:20:05 local frpc[1898174]: 2020/11/07 16:20:05 [E] [control.go:158] [cde064bcec86ffe7] work connection >
Nov 07 16:20:05 local frpc[1898174]: 2020/11/07 16:20:05 [I] [visitor_manager.go:60] [cde064bcec86ffe7] gracefull>
Nov 07 16:20:05 local frpc[1898174]: 2020/11/07 16:20:05 [W] [service.go:177] [cde064bcec86ffe7] reconnect to ser>
Nov 07 16:20:06 local frpc[1898174]: 2020/11/07 16:20:06 [I] [service.go:174] [cde064bcec86ffe7] try to reconnect>
Nov 07 16:20:06 local frpc[1898174]: 2020/11/07 16:20:06 [I] [service.go:288] [cde064bcec86ffe7] login to server >
Nov 07 16:20:06 local frpc[1898174]: 2020/11/07 16:20:06 [I] [proxy_manager.go:144] [cde064bcec86ffe7] proxy adde>
Nov 07 16:20:06 local frpc[1898174]: 2020/11/07 16:20:06 [I] [control.go:180] [cde064bcec86ffe7] [ssh] start prox>
Nov 07 16:20:06 local frpc[1898174]: 2020/11/07 16:20:06 [I] [control.go:180] [cde064bcec86ffe7] [web] start prox>
You can now run FRP as a daemon. This helps if you want to run the service in the background, and also for management purposes.
Conclusion
We have successfully installed FRP proxy and configured it. This is a tool that can be very useful to system administrators who wish to access their locally hosted services through the internet. If this post has been useful to you, feel free to share and comment.
More articles to read on our website:
- Install posh-git on Windows – PowerShell environment for Git
- Install Kimai web-based time tracking application
- Configure KVM Networking With virsh, nmcli and brctl in Linux
- Faraday – Penetration Testing IDE & Vulnerability Management Platform
- Chezmoi – Securely Manage dotfiles across multiple machines
