Due to the limitation of IPv4 resources, most local computers currently do not have public network IP.So to access your own local services (ssh, http, vnc, NAS, smart home interface callbacks - such as Typhoon elf custom semantics), you need a service to penetrate your intranet.
There are currently some tools such as peanut shells, ngrok, and so on.However,
- Peanut shells are charged;
- The second version of ngrok is also starting to charge fees (the first version is said to have some serious bugs).
Therefore, an open source solution is required.
I wrote a tcp penetration tool called Tcp Through with netty, which can be downloaded directly.Installation methods are described below
This project is divided into server side and client side, you can go to github to see more information
Server side: https://github.com/longshengwang/tcpthrough-server
Client side: https://github.com/longshengwang/tcpthrough-client
This tool has some useful functions
- Support for http api management server and command line management (self-written python library, I feel cool)
- Support security mode.client can only be accessed at the IP address of the trust list (best way to prevent attacks)
- Supports speed limits, functionality has been tested and available.However, there are currently no speed limits in the code, so you can modify the code yourself, as described in the comments in OuterServer in the server library.
- Client can set server control not allowed (isRemoteManage parameter on client side)
- Supports viewing real-time rates (no total is required)
- The management channel is encrypted with SSL to prevent registration information from being caught
- Separate the data plane from the control plane to improve performance (10 Gb/s+) for speed measurement under mac).
- Security checks are performed on both the management and control planes, and incorrect connections are kill ed and attacks are rejected.
- Server can add password validation and does not allow other client registrations.Server starts with the -s parameter.
Note: If it is a public network virtual machine (Ali cloud or Tencent cloud), remember to open the corresponding port
Server Installation and Running
# Download and Unzip wget https://github.com/longshengwang/tcpthrough-server/releases/download/v1.0/server-1.0.zip unzip server-1.0.zip cd server-1.0 # Starting the server side takes up three ports for control surface (default 9000), data surface (9009), and http service (8080).You can use--help to see how to set it bin/server
Note: Detailed parameters can be viewed through bin/server --help
The following example accesses port 22 of the localhost on the intranet through port 333 on the server side
Client Installation and Running
# Download and Unzip wget https://github.com/longshengwang/tcpthrough-client/releases/download/client-1.0/client-1.0.zip unzip client-1.0.zip cd client-1.0 # Start the client side, and the following field indicates that the client's localhost:22 service (here is the ssh service) is accessible through port 333 on the server bin/client -u my_home -s <server ip> -p 333 -l localhost:22 -p 333 -c true -a true
Note: Detailed parameters can be viewed through bin/client --help
- -c denotes whether the client can be controlled by the server (whether the proxyed service can be increased)
- -u client name, which is also the unique identity, cannot be duplicated under server
- -a indicates that the port being proxied can only be accessed by trusted hosts (how to add trusted hosts is mentioned on the command line below)
- -f means you can write all parameters to a file and point to it with-f
The file template is as follows
name=wls_home password=wo_shi_server_password remote_host=192.168.122.20 remote_data_port=9009 remote_manager_port=9000 local_host=192.168.122.20 local_port=22 remote_proxy_port=2222 is_remote_manage=true
You can view and manage connection information on server s through a python library (written by yourself)
➜ ~ pip install tcpth.cmd ➜ ~ tcpthcmd # If the http port on the server is not the default 8080, you can add-p <port> Welcome to use the tcp through. tcpthrough> help tcpthrough> help list -- get all registration get <name> -- get special name information monitor [<name>] -- monitor the information, refresh on 2s register add <name> <localhost:port> <proxy port> -- add registration register delete <name> <proxy port> -- delete registration trust add <name> [<proxy port>] <trusted ip> -- add trust ip trust delete <name> [<proxy port>] <trusted ip> -- delete trust ip trust get <name> [<proxy port>] -- get trust ip tcpthrough> tcpthrough> list # Columns are aligned on the command line, not after copies Name | Local Service | Proxy Port | Out Conn Count | Remote Managed | Security | Write Speed | Read Speed -------------------------------------------------------------------------------------------------------------- my_home | localhost:22 | 333 | 0 | true | true | 0KB/s | 0KB/s tcpthrough>
- Exit command line mode with exit or ctrl + d or ctrl + c
- If the client allows server-side control, the register command can be used to add and remove
- If the client turns on security mode-a, only trust adds <your-client-name> <your-ip>are used to add trusted IP addresses.
- monitor is connection information that can be printed once per 2s on the server side
- localhost in register add can be the IP address of other hosts in the client network