Fasttunnel open source intranet penetration framework

FastTunnel

FastTunnel Yes, it is .net core Developed a cross platform intranet penetration tool , It can expose intranet services to the public network for access by itself or anyone .

Unlike other penetration tools ：FastTunnel The project is dedicated to creating an easy to scale 、 Easy to maintain intranet penetration framework , Anyone can redevelop based on this framework , You can go straight through nuget Installation depends on development , Of course, it's also a tool out of the box .

Won the GVP Open source project

FastTunnel Won open source China 2020 Most valuable open source projects

Open source warehouse address

github: https://github.com/SpringHgui/FastTunnel

gitee: https://gitee.com/Hgui/FastTunnel 

Official website ：https://suidao.io

What is intranet penetration ？

Generally speaking , If you deploy a website or application on the intranet , Only other network devices in the Intranet can access ; But if you want anyone on the public network to have access to your intranet applications , We have to take some measures , Intranet penetration is applied in this context .

FastTunnel What can be done ？

• Home station

• WeChat development

• Remote desktop

• erp Interworking

• svn Code warehouse

• Port forwarding

• iot The Internet of things

• Scenes, etc. , Not limited to the above

Build your own intranet penetration platform

    1. In the warehouse  releases  Page download the corresponding program

    2. Modify the client and server configuration files according to your own needs appsettings.json

    3. Server operation FastTunnel.Server

    4. Client running FastTunnel.Cient （ The client can run on any device in the intranet ）

Configuration example

1. Access intranet with custom domain name web service

For example, you have a cloud server , Public network ip The address is 110.110.110.110 , And you have a domain name suidao.io, You want to visit test.suidao.io You can visit a website deployed on your own computer .

You need to add a new domain address DNS analysis , The type is A, The name is * , ipv4 The address is 110.110.110.110 , such *.abc.com All of the domain names will point to 110.110.110.110 Server for , because FastTunnel Default monitor http Port is 1270, So visit http://test.abc.com:1270.

Server profile ：config/appsettings.json

"ServerSettings": {
       //  Mandatory   The default value is     "BindAddr": "0.0.0.0",    //  Mandatory   The default value is     "BindPort": 1271,    //  Custom domain name web Penetration must     "WebDomain": "suidao.io",    //  Port number of the service listening ,  When visiting a custom domain name site url by  http://{SubDomain}.{Domain}:{ProxyPort_HTTP}/    // web Penetration must     "WebProxyPort": 1270,    //  Optional ,ngixn After the reverse proxy, the port number after the domain name can be omitted for access     "WebHasNginxProxy": false,    //  Optional , Visit the white list , Not on the white list ip Refuse     "WebAllowAccessIps": [],    //  Optional , Open or not SSH, It will not be processed after being disabled SSH Type port forwarding . Default false.    "SSHEnabled": true  }

Client configuration file ：

"ClientSettings": {
       "Common": {
         //  Server public network ip,  Corresponding to the server configuration file  BindAddr, Support domain name       "ServerAddr": "test.cc",      //  Server communication port , Corresponding to the server configuration file  BindPort      "ServerPort": 1271    },    "Webs": [      {
           //  The local site is located in the intranet ip        "LocalIp": "127.0.0.1",        //  The port number of the site listening         "LocalPort": 8080,        //  subdomain ,  When visiting this site url by  http://{SubDomain}.{Domain}:{ProxyPort_HTTP}/        "SubDomain": "test", // test.test.cc      }    ]  }

2. How to remove the port number after the domain name

Deploy on the server side nginx, adopt nginx The reverse agent will 80 Port traffic is forwarded to 1270 port ,nginx The configuration example of is as follows ：

http {
       #  add to resolver     resolver 8.8.8.8;
    #  Set up  *.abc.com  Forward to 1270 port     server {
         server_name  *.abc.com;      location / {
            proxy_pass http://$host:1270;         proxy_set_header   Host             $host;         proxy_set_header   X-Real-IP        $remote_addr;         proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;      }
      #  Optional       error_log /var/log/nginx/error_ft.log error;    }}

3. Configure port forwarding

Suppose the Intranet has a mysql The service port is 3306, On the intranet ip The address is 192.168.1.100, You want to visit suidao.io:33306 The request of the port is forwarded to mysql On , The following configuration is required ：

1. The server configuration file does not change

2. The client configuration is as follows

"ClientSettings": {
       "Common": {
         //  Server public network ip,  Corresponding to the server configuration file  BindAddr, Support domain name       "ServerAddr": "test.cc",
      //  Server communication port , Corresponding to the server configuration file  BindPort      "ServerPort": 1271    },    "Webs": [    ],
    /**     * ssh through ,ssh Access intranet host      *  access  #ssh -oPort=12701 {root}@{ServerAddr}     * ServerAddr  Fill in the server ip,root Corresponding intranet user name      */    "SSH": [      {
           "LocalIp": "192.168.1.100",        "LocalPort": 3306,        "RemotePort": 33306      }    ]  }

3. Remote intranet computers

windows： Just put the 3306 Port replacement 3389

linux： Just put the 3306 Port replacement 22

Conclusion

I believe smart you have understood how to configure , And what each parameter represents , If there's something you don't understand , It can be mentioned issue To the author . Interested friends can go to clone Come down and play , Demand for Authors 、bug, If you can submit code to participate in development and improvement, it will be more perfect .