站点图标 Linux-技术共享

使用NPS实现内网穿透

NPS简介

背景

 
 
nps是一款轻量级、高性能、功能强大的内网穿透代理服务器。目前支持tcp、udp流量转发,可支持任何tcp、udp上层协议(访问内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns解析等等……),此外还支持内网http代理、内网socks5代理、p2p等,并带有功能强大的web管理端。
 
1、做微信公众号开发、小程序开发等----> 域名代理模式
 
2、想在外网通过ssh连接内网的机器,做云服务器到内网服务器端口的映射,----> tcp代理模式
 
3、在非内网环境下使用内网dns,或者需要通过udp访问内网机器等----> udp代理模式
 
4、在外网使用HTTP代理访问内网站点----> http代理模式
 
5、搭建一个内网穿透ss,在外网如同使用内网vpn一样访问内网资源或者设备----> socks5代理模式
 
 
 

端口、密码和IP说明

 
 
假设公网服务器ip为172.16.186.11
 
nps默认配置文件使用80,443,8080,8024端口
 
80和443端口用于主机模式默认端口
 
8080为web管理访问端口,web登陆账密默认为admin/nps.conf中的web_password项定义
 
8024为网桥端口,用于服务器和客户端之间的通信
 
 
 
 
 
服务端IP
 
172.16.186.11/24(外)/node1
 
172.16.1.11/24(内)/node1
 
Linux客户端IP
 
172.16.1.12/24/nod2
 
Win客户端IP
 
172.16.1.13/24
 

服务端前期配置

 
 
1、关闭防火墙、SELinux
 
[root@node1 ~]# systemctl stop firewalld && systemctl disable firewalld
 
[root@node1 ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config
 
[root@node1 ~]# setenforce 0
 
 
 
2、时间同步
 
[root@node1 ~]# vim /etc/chrony.conf
 
#server 0.centos.pool.ntp.org iburst
 
#server 1.centos.pool.ntp.org iburst
 
#server 2.centos.pool.ntp.org iburst
 
#server 3.centos.pool.ntp.org iburst
 
server ntp.aliyun.com iburst
 
 
 
[root@node1 ~]# systemctl restart chronyd && systemctl enable chronyd
 
[root@node1 ~]# chronyc sources
 
 
 
3、配置IP
 
[root@node1 ~]# cd /etc/sysconfig/network-scripts/
 
# 配置外网IP
 
[root@node1 network-scripts]# vim ifcfg-ens33
 
TYPE="Ethernet"
 
BOOTPROTO="none"
 
NAME="ens33"
 
DEVICE="ens33"
 
ONBOOT="yes"
 
IPADDR="172.16.186.11" ===> 外网IP
 
PREFIX="24"
 
GATEWAY="172.16.186.2"
 
DNS1="172.16.186.2"
 
 
 
# 配置内网IP
 
[root@node1 network-scripts]# cp ifcfg-ens33 ifcfg-ens36
 
[root@node1 network-scripts]# vim ifcfg-ens36
 
TYPE="Ethernet"
 
BOOTPROTO="static"
 
NAME="ens36"
 
DEVICE="ens36"
 
ONBOOT="yes"
 
IPADDR="172.16.1.11" ===> 内网地址
 
PREFIX="24"
 
 
 
[root@node1 network-scripts]# systemctl stop NetworkManager && systemctl disable NetworkManager
 
[root@node1 network-scripts]# systemctl restart network
 
 
 
[root@node1 network-scripts]# ip a
 
 
 

服务端搭建

如下载时出现访问异常,可在有互联网的机器上打开https://www.ipaddress.com、然后输入github.com,找到对应的IP,将其写到hosts文件中

 
 
[root@node1 ~]# mkdir nps && cd nps
 
[root@node1 nps]# wget https://github.com/ehang-io/nps/releases/download/v0.26.10/linux_amd64_server.tar.gz
 
[root@node1 np]# tar -zxvf linux_amd64_server.tar.gz
 
[root@node1 np]# vim conf/nps.conf
 
appname = nps
 
#Boot mode(dev|pro)
 
runmode = dev
 
 
 
#HTTP(S) proxy port, no startup if empty
 
http_proxy_ip=0.0.0.0
 
http_proxy_port=80 ===> 80、443用于主机模式默认端口
 
https_proxy_port=443
 
https_just_proxy=true
 
#default https certificate setting
 
https_default_cert_file=conf/server.pem
 
https_default_key_file=conf/server.key
 
 
 
##bridge
 
bridge_type=tcp ===> 服务端类型
 
bridge_port=8024 ===> 8024为网桥端口,用于服务端和客户端之间的通信链接端口
 
bridge_ip=0.0.0.0
 
 
 
public_vkey=8rehr93fwurfj04j ===> 客户端连接服务端认证使用,是客户端连接服务端的密钥
 
log_level=7
 
 
 
web_host=a.o.com ===> 服务端web的地址/域名
 
web_username=admin ===> 服务端web的登陆名
 
web_password=aa77&88bb ===> 服务端web的登陆密码
 
web_port = 8080 ===> 8080是web管理访问端口
 
web_ip=0.0.0.0
 
web_base_url= ===> 可设置web路径,eg:web_base_url=/nps
 
web_open_ssl=false ===> 服务端是否开启https
 
web_cert_file=conf/server.pem
 
web_key_file=conf/server.key
 
 
 
auth_crypt_key =1234567812345678 ===> web api认证ip密钥,可改但必须16位
 
 
 
#allow_ports=9001-9009,10001,11000-12000 ===> 字面意思
 
 
 
#Web management multi-user login
 
allow_user_login=false
 
allow_user_register=false
 
allow_user_change_username=false
 
 
 
#extension
 
allow_flow_limit=false
 
allow_rate_limit=false
 
allow_tunnel_num_limit=false
 
allow_local_proxy=false
 
allow_connection_num_limit=false
 
allow_multi_ip=false
 
system_info_display=false
 
 
 
#cache
 
http_cache=false
 
http_cache_length=100
 
 
 
#get origin ip
 
http_add_origin_header=true ===> 默认为false
 
 
 
#pprof debug options
 
#pprof_ip=0.0.0.0
 
#pprof_port=9999
 
 
 
#client disconnect timeout(客户端断开超时时间)
 
disconnect_timeout=60
 
 
 
 
 
 
 
 
 
安装并启动
 
执行完下述命令后会把当前的配置文件和web静态文件拷贝到/etc/nps下,以后修改配置文件直接修改 /etc/nps/conf/nps.conf
 
[root@node1 nps]# ./nps install
 
2021/08/03 21:41:13 copy file ::/root/nps/conf/clients.json to /etc/nps/conf/clients.json
 
2021/08/03 21:41:13 copy file ::/root/nps/conf/hosts.json to /etc/nps/conf/hosts.json
 
2021/08/03 21:41:13 copy file ::/root/nps/conf/nps.conf to /etc/nps/conf/nps.conf
 
2021/08/03 21:41:13 copy file ::/root/nps/conf/server.key to /etc/nps/conf/server.key
 
2021/08/03 21:41:13 copy file ::/root/nps/conf/server.pem to /etc/nps/conf/server.pem
 
2021/08/03 21:41:13 copy file ::/root/nps/conf/tasks.json to /etc/nps/conf/tasks.json
 
2021/08/03 21:41:13 copy file ::/root/nps/web/views/client/add.html to /etc/nps/web/views/client/add.html
 
2021/08/03 21:41:13 mkdir:/etc/nps/web/views/client/
 
2021/08/03 21:41:13 copy file ::/root/nps/web/views/client/edit.html to /etc/nps/web/views/client/edit.html
 
2021/08/03 21:41:13 copy file ::/root/nps/web/views/client/list.html to /etc/nps/web/views/client/list.html
 
2021/08/03 21:41:13 copy file ::/root/nps/web/views/index/add.html to /etc/nps/web/views/index/add.html
 
2021/08/03 21:41:13 mkdir:/etc/nps/web/views/index/
 
2021/08/03 21:41:13 copy file ::/root/nps/web/views/index/edit.html to /etc/nps/web/views/index/edit.html
 
2021/08/03 21:41:13 copy file ::/root/nps/web/views/index/hadd.html to /etc/nps/web/views/index/hadd.html
 
2021/08/03 21:41:13 copy file ::/root/nps/web/views/index/hedit.html to /etc/nps/web/views/index/hedit.html
 
2021/08/03 21:41:13 copy file ::/root/nps/web/views/index/help.html to /etc/nps/web/views/index/help.html
 
2021/08/03 21:41:13 copy file ::/root/nps/web/views/index/hlist.html to /etc/nps/web/views/index/hlist.html
 
2021/08/03 21:41:13 copy file ::/root/nps/web/views/index/index.html to /etc/nps/web/views/index/index.html
 
2021/08/03 21:41:13 copy file ::/root/nps/web/views/index/list.html to /etc/nps/web/views/index/list.html
 
2021/08/03 21:41:13 copy file ::/root/nps/web/views/login/index.html to /etc/nps/web/views/login/index.html
 
2021/08/03 21:41:13 mkdir:/etc/nps/web/views/login/
 
2021/08/03 21:41:13 copy file ::/root/nps/web/views/login/register.html to /etc/nps/web/views/login/register.html
 
2021/08/03 21:41:13 copy file ::/root/nps/web/views/public/error.html to /etc/nps/web/views/public/error.html
 
2021/08/03 21:41:13 mkdir:/etc/nps/web/views/public/
 
2021/08/03 21:41:13 copy file ::/root/nps/web/views/public/layout.html to /etc/nps/web/views/public/layout.html
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/css/bootstrap-table.min.css to /etc/nps/web/static/css/bootstrap-table.min.css
 
2021/08/03 21:41:13 mkdir:/etc/nps/web/static/css/
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/css/bootstrap.min.css to /etc/nps/web/static/css/bootstrap.min.css
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/css/datatables.css to /etc/nps/web/static/css/datatables.css
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/css/fontawesome.min.css to /etc/nps/web/static/css/fontawesome.min.css
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/css/regular.min.css to /etc/nps/web/static/css/regular.min.css
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/css/solid.min.css to /etc/nps/web/static/css/solid.min.css
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/css/style.css to /etc/nps/web/static/css/style.css
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/img/flag/en-US.png to /etc/nps/web/static/img/flag/en-US.png
 
2021/08/03 21:41:13 mkdir:/etc/nps/web/static/img/
 
2021/08/03 21:41:13 mkdir:/etc/nps/web/static/img/flag/
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/img/flag/zh-CN.png to /etc/nps/web/static/img/flag/zh-CN.png
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/js/bootstrap-table-locale-all.min.js to /etc/nps/web/static/js/bootstrap-table-locale-all.min.js
 
2021/08/03 21:41:13 mkdir:/etc/nps/web/static/js/
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/js/bootstrap-table.min.js to /etc/nps/web/static/js/bootstrap-table.min.js
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/js/bootstrap.min.js to /etc/nps/web/static/js/bootstrap.min.js
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/js/echarts.min.js to /etc/nps/web/static/js/echarts.min.js
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/js/fontawesome.min.js to /etc/nps/web/static/js/fontawesome.min.js
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/js/inspinia.js to /etc/nps/web/static/js/inspinia.js
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/js/jquery-3.4.1.min.js to /etc/nps/web/static/js/jquery-3.4.1.min.js
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/js/language.js to /etc/nps/web/static/js/language.js
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/js/popper.min.js to /etc/nps/web/static/js/popper.min.js
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/page/error.html to /etc/nps/web/static/page/error.html
 
2021/08/03 21:41:13 mkdir:/etc/nps/web/static/page/
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/page/languages.xml to /etc/nps/web/static/page/languages.xml
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/webfonts/fa-solid-900.eot to /etc/nps/web/static/webfonts/fa-solid-900.eot
 
2021/08/03 21:41:13 mkdir:/etc/nps/web/static/webfonts/
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/webfonts/fa-solid-900.svg to /etc/nps/web/static/webfonts/fa-solid-900.svg
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/webfonts/fa-solid-900.ttf to /etc/nps/web/static/webfonts/fa-solid-900.ttf
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/webfonts/fa-solid-900.woff to /etc/nps/web/static/webfonts/fa-solid-900.woff
 
2021/08/03 21:41:13 copy file ::/root/nps/web/static/webfonts/fa-solid-900.woff2 to /etc/nps/web/static/webfonts/fa-solid-900.woff2
 
2021/08/03 21:41:13 install ok!
 
2021/08/03 21:41:13 Static files and configuration files in the current directory will be useless
 
2021/08/03 21:41:13 The new configuration file is located in /etc/nps you can edit them
 
2021/08/03 21:41:13 You can start with:
 
nps start|stop|restart|uninstall|update or nps-update update
 
anywhere!
 
 
 
 
 
启动nps服务端服务
 
[root@node1 nps]# ./nps start
 
[root@node1 nps]# netstat -anpt | egrep '(8080|8024)'
 
tcp6 0 0 :::8080 :::* LISTEN 11369/nps
 
tcp6 0 0 :::8024 :::* LISTEN 11369/nps
 

浏览器登陆

http://YOU-IP:8080

客户端(Linux)配置并启动

这里在服务端上把Linux端的安装包下载下来,然后发送到Linux客户端

 
 
# 服务端下载客户端安装包
 
[root@node1 nps]# wget https://github.com/ehang-io/nps/releases/download/v0.26.10/linux_amd64_client.tar.gz
 
win:https://github.com/ehang-io/nps/releases/download/v0.26.10/windows_amd64_client.tar.gz
 
[root@node1 nps]# scp linux_amd64_client.tar.gz root@172.16.1.12:~
 
 
 
 
 
# 来到客户端进行安装
 
[root@node2 ~]# tar -zxvf linux_amd64_client.tar.gz
 
[root@node2 ~]# cp conf/npc.conf{,.bak}
 
[root@node2 ~]# vim conf/npc.conf
 
[common]
 
server_addr=172.16.1.11:8024 ===> 8024为网桥端口(供服务器和客户端间通信)
 
conn_type=tcp ===> 服务器和客户端间通信使用的协议
 
vkey=8rehr93fwurfj04j ===> 和服务端nps.conf中public_vkey项对应
 
auto_reconnection=true ===> 断开后是否重新连接
 
max_conn=1000 ===> 最大连接数
 
flow_limit=1000 ===> 流量限制
 
rate_limit=1000 ===> 速率限制
 
basic_username=11 ===> server配置的basic用户名和web_username,用于http、socks5代理认证
 
basic_password=3
 
web_username=admin ===> 关于web的这两项要和服务端中nps.conf中对应
 
web_password=aa77&88bb
 
crypt=true ===> 是否加密传输
 
compress=true ===> 是否压缩传输
 
disconnect_timeout=120 ===> 断开连接超时时间
 
 
 
# 注:其他的都删除,只留 [common] 段里面的项
 
 
 
 
 
客户端启动nps
 
[root@node2 ~]# ./npc 或者 nohup ./npc >> nps.log &
 
2021/08/03 22:29:55.352 [I] [npc.go:231] the version of client is 0.26.10, the core version of client is 0.26.0
 
2021/08/03 22:29:55.352 [I] [control.go:97] Loading configuration file conf/npc.conf successfully
 
2021/08/03 22:29:55.358 [N] [control.go:176] web access login username:admin password:aa77&88bb
 
2021/08/03 22:29:55.360 [I] [client.go:72] Successful connection with server 172.16.1.11:8024
 
 
 
 
 
[root@node2 ~]# netstat -anpt | egrep '(sshd | *npc)'
 
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 964/sshd
 
tcp 0 0 172.16.1.12:42590 172.16.1.11:8024 ESTABLISHED 2341/./npc
 
tcp 0 0 172.16.1.12:58046 172.16.1.12:22 ESTABLISHED 2341/./npc
 
tcp 0 0 172.16.1.12:42588 172.16.1.11:8024 ESTABLISHED 2341/./npc
 
tcp 0 0 172.16.1.12:58044 172.16.1.12:22 ESTABLISHED 2341/./npc
 
tcp6 0 0 :::22 :::* LISTEN 964/sshd
 
 
 
 
 
[root@node2 ~]# ll /proc/2341/exe
 
lrwxrwxrwx. 1 root root 0 Aug 3 22:31 /proc/2341/exe -> /root/npc
 
 
 
在web页面上能看到node2连接的情况,但是现在仅限于在客户端和服务端建立了一个连接,但是你想通过服务端的哪个端口连接客户端的哪个端口等这些都未定义,下面进行定义
 




客户端(Windows)配置并启动

在web页面上创建第二台主机的配置,如下图

下图为上图中test win这台机的编辑 (垃圾桶右边的选项) 项打开后的画面

接下来在服务端上把Win端的安装包下载下来,然后使用http来供Win端下载

 
 
[root@node1 ~]# wget https://github.com/ehang-io/nps/releases/download/v0.26.10/windows_amd64_client.tar.gz
 
 
 
安装httpd
 
[root@node1 ~]# yum -y install httpd
 
注:因为npc占用了80端口,所以需要改下httpd的端口后才能进行启动httpd
 
[root@node1 ~]# systemctl status httpd
 
....
 
....
 
Aug 04 00:16:20 node1 httpd[12726]: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
 
Aug 04 00:16:20 node1 httpd[12726]: (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
 
Aug 04 00:16:20 node1 httpd[12726]: no listening sockets available, shutting down
 
 
 
 
 
[root@node1 ~]# netstat -anpt|grep -w :80
 
tcp6 0 0 :::80 :::* LISTEN 2549/nps
 
 
 
 
 
修改httpd端口
 
[root@node1 ~]# sed -i "s/Listen 80/Listen 808/" /etc/httpd/conf/httpd.conf
 
启动httpd
 
[root@node1 ~]# systemctl restart httpd
 
[root@node1 ~]# mv windows_amd64_client.tar.gz /var/www/html/
 
 
 
 
 
在win客户端上从服务端上下载安装包
 
http://172.16.1.11/windows_amd64_client.tar.gz
 

在win端打开cmd输入下列命令

 
 
C:\Users\rambo>cd /d d:\test
 
使用Sublime Text打开npr.conf文件并进行修改,修改如下
 
[common]
 
server_addr=172.16.1.11:8024 ===> 8024为网桥端口(供服务器和客户端间通信)
 
conn_type=tcp ===> 服务器和客户端间通信使用的协议
 
vkey=xwv01ar8isb04wpn ===> 和web页面上创建主机时的"唯一验证秘钥"对应
 
auto_reconnection=true ===> 断开后是否重新连接
 
max_conn=1000 ===> 最大连接数
 
flow_limit=1000 ===> 流量限制
 
rate_limit=1000 ===> 速率限制
 
basic_username=11 ===> server配置的basic用户名和web_username,用于http、socks5代理认证
 
basic_password=3
 
web_username=admin ===> 关于web的这两项要和服务端中nps.conf中对应
 
web_password=aa77&88bb
 
crypt=true ===> 是否加密传输
 
compress=true ===> 是否压缩传输
 
disconnect_timeout=120 ===> 断开连接超时时间
 
 
 
# 注:其他的都删除,只留 [common] 段里面的项
 
 
 
 
 
启动nps(方法1)
 
使用管理员运行cmd
 
# cmd下进入d盘的test目录中
 
cd /d d:\test
 
# 安装nps
 
npc.exe install
 
npc.exe start
 
 
 
 
 
方法2见下图
 

 
 
启动npc(方法3)
 
d:\test>npc.exe -server=172.16.1.11:8024 -vkey=8rehr93fwurfj04j -type=tcp
 
注:
 
上面命令中的IP是服务端 IP
 
端口是服务端 nps.conf 中#bridge设置的桥接端口
 
-vkey有两种,一种是自动生成,一种是在服务端 nps.conf 中 public_vkey项自定义
 
该方法不使用文件进行启动
 

测试和服务端和win客户端间的连接



如不知道怎么在客户端启动可看下图

退出移动版