Take a quick look (using raspberry pie to build a home nas). How about raspberry pie to do nas? DIY plan part 4: raspberry pie to build a full-featured NAS server (03): understand your network&what is intranet penetration,

Author: Genvis of the Stark family shares interesting and valuable software skills and growth life for you. Click to focus and automatically push more content to be written in the front (the previous article can click on the avatar to view the [DIY Plan] column). After the last download machine was built, the happy download time of sleeping time began. As long as the seed is not very popular, the download speed is also very considerable.

I woke up and downloaded a lot of things added yesterday

But now our NAS can only be accessed and operated by LAN. If it is not accessible in other networks (such as mobile 5g), it is impossible to search the IP address of NAS in 5g networks. In order to successfully build personal cloud disks, blogs and other functions that need external access, we will share the relevant solutions and simple principles of remote access separately this time.

Just talk about some simple principles and solutions, but don’t study the basic structure deeply. If there is something wrong, you can also come up to discuss the computer network course! At the same time, the soul painter is online! Basic network knowledge The communication between two devices is actually the need to establish a link between them (let’s forget about several layers and recall what we have learned).

The same is true for us to access the Internet. It is also necessary to establish a link between your computer and the server you want to access. Simply draw a diagram to show that (of course, many things are omitted)

Between simple communications, both sides can send and receive data. Public IP can be expanded a little according to the above figure. Let’s introduce the concept of public IP.

In the public network, the servers of each company have a public IP address, and the computer equipment is connected to the public network through the Internet service provider (ISP). At this time, this PC should also have a public IP address (it is casually written in the figure), so that both sides can access it. It is very reasonable. However, the public IP address is generally dynamic, long, hard to remember and disorderly, so we need to use DDNS, that is, the dynamic domain name.

Like visiting Baidu and other websites, they all have their own domain names. No matter how the IP changes, they will be bound to the router and intranet under the domain name www. However, the actual situation is certainly not the case. Everyone knows that the IPv4 address is limited, so the public network IPv4 on the public network is very valuable. Operators must not let each device have a public network IP.

At this time, our magic router appeared.

The router’s WAN port connects to the public network, obtains a public IP address, and then carries out NAT forwarding. Through the LAN port, we can connect all the devices in our home, so that the devices in our home can obtain an intranet IP address, which can ensure the connection of multiple devices, and will not consume the IPv4 address. Of course, the devices in the internal network can freely access other devices in the public network (such as servers of other companies), However, if the device in the public network wants to access the device in the intranet, it needs a router with the public IP address to carry out port forwarding.

(To be specific later) According to the above principle, open Baidu Search IP address query, look at the IP address displayed by yourself, and then compare the IP address of the router. It should be basically that everyone is inconsistent (except for the private line). Then it is very likely that we have entered the big intranet (mobile must be). In simple terms, the effect is as follows:

In this case, the router does not get the public IP, but is still in a distributed intranet. This is also to save the IPv4 address. The operator allows multiple users’ routes to share a public IP. At this time, it is not easy for the devices connected to the public network to access the devices in the intranet. Well, here we should have a certain concept of the network connection.

The first chapter is about how to remotely access the devices in the intranet. All the remote access solutions are basically the following. The specific solution depends on your specific situation, focusing on the last two methods (not because of anything else, just because I am a big intranet mobile…) public IP access.

If you can get the public IP, it must be the most convenient because your device (router) can get the unique identification number in the network, and other devices can access it easily. Just tell the specific steps: 1. What you need to do to get the public IP here is to get your public IP with the operator. If you are a telecommunication network, you may not be in the big intranet, then the success rate may be higher.

Communicate with the customer service that you need to use a webcam or something like that, which should provide you with the need to restart the optical cat dialing (Unicom can try it, but it’s not easy to hear it, so it’s OK to move it). 2. Set the optical cat bridging here. Note that the customer service should set the optical cat to the bridging mode, and then dial with its own route (if there is also a port forwarding setting on the optical cat).

3. Router port mapping The router port needs to be mapped to the port on your NAS. For example, if the original 9001 port is a downloader, map it to the 9001 port of the router address. This allows access. It is about this interface:

4. As mentioned above, using DDNS, the public IP is dynamic and can be changed at any time. Therefore, it is necessary to bind the domain name with Alibaba Cloud, Tencent Cloud and other services to provide domain name services. The miscellaneous domain name is also very cheap. The rest is to resolve the domain name according to the specific device setting script, and update it every other time (because there is no public IP, the specific operation will be solved by itself).

When accessing IPV6, some people will say that there is no public IP and IPV6. In fact, IPV6 is not very recommended. There is a certain threshold, and there are some bugs that are not easy to solve for the time being. Let’s simply say that in the absence of public IP, IPV6 is indeed a solution.

As we all know, there are many IPV6 addresses (it may not be precise to say that it can’t be used up, but it seems that it can’t be used up at present). The general steps are as follows: 1. To set up optical cat bridge, first of all, you should set up optical cat bridge, and the router should support IPV6 so that you can dial with the router, and then open the IPV6 function on the router, so that each device in the intranet will have an independent IPV6 address.

2. Set up a firewall. When you get the IPV6 address of the LAN device, you can’t access it directly. This is because IPV6 is not popular enough, so the router’s intranet device will not be exposed to the public network at will. At this time, you need a router that can modify the firewall settings (such a router is already valuable).

Of course, another way is to use soft routes such as openwrt and Merlin to modify the firewall and add firewall rules. Add the port number to the firewall (I will try to find out if there is a chance for soft routes later, but I won’t talk about the specific details here) 3. Use DDNS.

Because the address of IPV6 is also dynamic, it is also necessary to use dynamic domain names. This is the same as the last step of the previous method. Refer to the dynamic domain name tutorial of IPV4. 4. There is also a bug that is not easy to solve when using IPV6. That is, the device using IPV4 cannot access the device of IPv6. It needs to involve 4to6.

Everyone should have seen the term “intranet penetration” more or less. It looks very powerful.

接下来的两种方法是在没有公网IP的情况下常用的内网穿透解决方案，前者较为简单后者稍复杂一些，也有一定的区别先说一下缺点，对于非氪金或者微氪玩家来说：慢&限流，数据传输速率取决于服务器给的带宽，但是一般都很低，勉强可以访问一下。

(We hereby name a certain shell, which has a free bandwidth of 1Mbps, that is, a speed of more than 100k, and it is easy to open it.) There are also many solutions, such as zerotier, ngrok, nps, dandelion, Shenzhuo Internet, various types of frp, etc. Our purpose here is to simply access, and only introduce two representative methods. If you have better software, you can share it with each other.

Virtual networking is a P2P solution. Simply put, the client can be grouped in a virtual LAN to achieve communication. This method will try the intranet first, and then udp holes to achieve p2p. If it is really not feasible, it will use the public network server to forward a most familiar application, teamviewer, which is the nearest virtual networking software to us at that time.

(It seems that it can’t be used now) The advantage of this solution is that it can establish a connection directly through the client. In terms of steps, it will be relatively easy to operate many solutions, such as sunflower, Shenzhuo Internet, and zerotier, which are mainly virtual networking solutions. Here we take zerotier as an example to build, This is the least restrictive of all free solutions (the connection is slow because the p2p servers are in foreign countries, and you need to use cloud servers to build moon to be faster).

The use of dandelion and other software will be simpler

(Note: zerotier is all in English) 1. Register a zerotier account

In the account column, we can see that the maximum number of users connected to the virtual network is 50, which is sufficient for daily use.

2. Create a new virtual network and see the ID of the virtual network (this ID is used to connect other devices to the network)

You can also choose a name. Select the default private type here. The administrator should audit the device when it joins the network. The rest can be left by default temporarily. It shows that there is no device connected to the network, so proceed to the next step of installation

3. Install zerotier on NAS. In the download interface, select the installation package according to your system. Here we install the client on NAS first.

You can also see the relevant clients of Qunhui and WeChat. Here, the raspberry pie chooses the Linux installation method.

Copy the first Linux command to the final shell, and then wait for a short time. The installation is successful

4. When adding NAS to the virtual network, you can add it in the management interface, or add it in the device. Here you have opened ssh and added your own network ID. After entering the command, it shows that the addition is successful, and then go to the administrator interface to refresh it. After checking the previous Auth, you can successfully join.

And zerotier will assign an IP address to the NAS. 5. Install the client on Windows and join the network

6. Use the address assigned by zerotier to visit it happily. It is easier to install similar software in China, and the tutorial is more clear that the basic process is to install the client on the LAN device, and then add it with the same network ID (if you cooperate with some boxes, you can only provide the routing end security software, and the other intranet devices can directly forward the connection).

The FRP intranet penetration virtual networking is relatively simple in the operation process, but it also has its disadvantages. It is necessary to install a client if others want to access your intranet equipment, and it can not be as convenient as we can access other companies’ servers. This time, we can introduce a more stable solution of frp. frp is an intranet penetration method based on public network server traffic forwarding. As we said earlier, because the servers of large companies have public IP, So our intranet devices can access it.

The principle of frp is the same. In simple terms, we only need to set up a server with public IP, and then connect with intranet devices. Finally, the port mapping can be accessed.

FRPC is the client, that is, the local device end that you want to bind to is the server end, that is, the device end frp with public IP is based on the need for a vps server. You can buy it on Tencent Cloud or Alibaba Cloud ECS if you need it (cheap). It is still very cost-effective if you catch up with the activity.

Sakura frp Let’s first say that we don’t buy servers, but use the free Sakura frp to build (the core of building is the same). This is a convenient self-built server site built for MC players at that time. You can sign in to get traffic, and the navigation of the site is also very detailed. 1. Register natfrp.com on the official website

2. You can see the remaining traffic, bandwidth, number of tunnels, etc. on the main interface

3. Create a tunnel Create a new tunnel. The local address can remain the default. Fill in the intranet device port you want to access, and then create it.

Prompt after success

4. In the configuration of intranet devices, you can take a good look at the corresponding operating system of their documents, which is very detailed. Since we are a Linux system with arm64 architecture, the operation is as follows: view the architecture and find the corresponding download address to download

5. Modify the configuration file and open the tunnel

6. View tunnel status

7. Copy address Pleasantly visit and copy the address in the tunnel list, and then add the port number to visit the points needing attention. 1. Real name authentication is required for domestic nodes, and real name authentication is also required for HTTPS ICP filing. 2. Fill in the correct local address. 3. You can use the Windows initiator to manage the tunnel view log

4. Some local applications will have Internet access security detection. For example, qbittorrent needs to be set or it cannot be accessed

Use your own vps server to build frp. If you have your own cloud server, or want penetration to be more stable, you can build your own frp penetration to find the frp project in github. 1. Download the corresponding configuration file package because my cloud server is x86_ 64 Centos system, so you need to download the arm64 version.

2. Log in to the ECS using the final shell

Drag the compressed package to the root and decompress it

3. File structure: frpc is the client file, and frps is the server file

Here, our cloud server is the server. Modify ini configuration file to add token

4. Run the server input command, and the server runs successfully

5. Set the configuration file to realize self-starting

Enter the command (consistent with the previous sakura frp core operation)

6. Create a client configuration file. Above is the public IP address of the server, and below is the corresponding intranet device address mapping

Then put it into NAS. Refer to the previous docker installation instruction for the installation method of frp. (Note that the x86 image cannot be used for arm.) Here, you need to configure an environment variable, and then bind the volume with the placed ini file

After completion, you can access it. Next time, you need to stop the image and modify the port mapping of the configuration file. Now the mobile phone can use the cloud server to access your NAS at home. In summary, there is no obvious difference between the advantages and disadvantages of these access methods. Zerotier for different scenarios is not as good as dandelion when it is not connected.

When we do some operations that do not require high bandwidth, such as checking the status of daily visits, or putting a bt in, then the free bandwidth is sufficient (of course, watching movies and other things still need to be faster). The public IP is yyds, and I hope IPV6 can go further.