Author: Shen Fu will introduce “intranet penetration” from three aspects: “what, why and how to do it”. Intranet penetration is the ability to access devices at home anytime and anywhere you have the network. But in fact, the role of the Internet is that. So why should we use intranet penetration? This is the next discussion:.
First of all, understand how the Internet can connect each device and make each device communicate with each other. The basis of communication is that I can find you. How can I find you? Because you have a unique address, that is, the IPv4 address. But the IPv4 address is only 4.2 billion, which is not enough for each device to share, so the device that is not allocated can not communicate. To solve this problem, there is ipv6 NAT technology and dynamic allocation.
IPv6 has nearly countless addresses. The solution to NAT technology is that many devices can use an ipv4 address. For example, the router at home can use an ipv4 address to let many devices access the Internet together. The principle is that when you send a request packet, **The router will remember that the packet is sent by your device (that is, remember the device’s intranet ip) and change the request packet data (you can make the request packet enter the intranet from a specific port when it comes back). At the same time, it will bind the port number and the device’s intranet ip * *. Then when the packet that answers your request comes back through your router’s ipv4 address, The router will query which port this packet was received, and check which intranet IP address this port is bound to, and then send it.
In this way, all intranet devices can use an ipv4 address to access the Internet dynamically. Because dynamic allocation has all dynamic public ip addresses, that is, changing ipv4 addresses. Its mechanism is to let the devices with network requirements be allocated to public ip, and the devices without network requirements are not given public ip for the time being. The next three methods are how to connect home devices.
Since ipv6 enables every device to have an address, it can be directly connected to the device in your home for dynamic allocation, which means that you have a public IP address. So it is also simple: do a port forwarding on the router (that is, let the router know the data coming in from a port in advance, which device to send to, and do not need the intranet device to send data before binding).
Finally, NAT is our topic today. If there is no public network, the probability is that NAT has two or more layers. Then you can’t do port forwarding on the outermost device, so you need a cloud server with public network IP. Go to Alibaba Cloud or Tencent Cloud and rent one to let your home device contact the cloud server, and you can also contact the cloud server, so you can transfer traffic through the cloud server, You are connected to the equipment at home.
Why do you need intranet penetration, that is, why do you need to access the devices at home anytime and anywhere? I don’t know why. It may be convenient for mobile office. It may be that your mobile phone can’t store too much data, files and photos. It may be how to do it after a long time away from home https://gofrp.org/docs ）As we said earlier, if you need cloud service (using frps) to communicate with your home computer (using frpc), you need it.
To configure two computers, first configure the ECS to download frp from the ‘install’ in the Chinese document. There are many files on the page. Common ones are: linux system – linux windows system – windows 32 bit – 86 or no 64 bit – 64 must write arm architecture – arm must write
X86 architecture – amd or not (I’m a little confused about this, why amd is not intel) Next, you need to be able to operate the ssh tool a bit, download the file according to your computer (cloud server) with public IP, and then put it into the cloud server. Use SFTP page to enter the folder that just emerged after decompression, and change the frps.ini file, for example:
The cd command enters the folder that appears after decompression
Press i key to enter the editing and enter the following contents
After entering, press the esc key to exit editing, and directly enter: wq to save and exit the file. After the ECS is configured, the client (home computer) is recommended to use Docker, which is easy to uninstall and can isolate the original environment. After downloading the Docker app, it should automatically add a shared folder, which is called frp.
Put a file named frpc.ini in this frp folder. You can change the suffix name with a txt file. (It is recommended that you buy a domain name and DNS resolves it to the public IP address of the cloud server, and then apply for an ssl certificate for free, regardless of nginx or other, whatever).
Go to the docker registry to search for frpc, and select the one with the most stars. Here is the frpc of snowdreamtech in Qunhui. After downloading, go to the docker image, double-click the frpc just downloaded (check whether it is frpc), and start setting the container
After the application, count which port number you want to use to access the domain name of the ECS, open the port number firewall in the ECS, and finally use the domain name+port number to access the intranet. Just now, the ssl certificate is useless. If the website is unsafe when accessing the intranet, you can import the ssl certificate into the certificate of Qunhui.
PS: If you don’t understand ssl certificate operation or other operations, the comment area tells me that I can update the article in about a week to solve such problems.