This article mainly summarizes the knowledge collected by individuals for Intranet penetration, including the following contents:

  • NAT Principle Analysis
  • NAT traversal tool is recommended

Intranet penetration, also known as Network Address Translator (NAT) penetration, refers to a technology in which a computer uses a private IP Address on the Intranet and a global IP Address on the Internet. This technique is commonly used in private networks with multiple hosts that are accessed only through a single public IP address.

Here’s an example: For example, I configured A Server Server A in the lab. When I was in the lab, I could use SSH connection through my laptop (because I was in the same LOCAL area network with the Server). When I returned to the dormitory, I could not directly use SSH connection (because I was not in the same local area network with the Server). At this time, I need to perform NAT penetration, so that I can use SSH to connect to Server A in the dormitory.

1. NAT principle analysis

  • As information travels over the LAN to the Internet, the source address is converted from a private address to a public address. The router tracks the destination address and port on each connection.
  • When the data is returned to the router, the connection tracking data is recorded to determine which host the data is forwarded to in the Intranet. If multiple public addresses are available at this time, the client port number can be used to decompose the packet when it returns.
Legend:

The following figure shows the communication between host 10.0.0.10 and host 163.221.120.9.

  • The NAT router translates the source address from a private IP address (10.0.0.10) to a global IP address (202.244.174.37) before sending data
  • When data is sent from IP address 163.221.120.9, the NAT router translates the destination IP address from the original IP address (202.244.174.37) to private IP address 10.0.0.10 before forwarding the data

2. Recommended Intranet penetration tools

At present, there are many traditional tools on the market, including **Ngrok, FRP, FCN, And goProxy. There are also some commercial tools, such as peanut shell and commercial software based on secondary development of SUCH Ngrok and FRP.

Ngrok series:

  • Ngrok Ngrok is a reverse proxy that establishes a secure channel between the public endpoint and the local Web server so that the services of the Intranet host can be exposed to the Internet. Ngrok can capture and analyze traffic on all channels for later analysis and replay, so nGROk can easily assist server-side program testing. Reference tutorial: Ngrok Build Guide

  • Natapp Natapp is a high-speed Intranet penetration service based on Ngrok. The free version provides HTTP, HTTPS, and TCP tunnel penetration, random domain name /TCP port change, and customized local ports

  • Sunny-ngrok provides free Intranet penetration service. The free server supports binding self-defined domain names, Intranet server management, Intranet Web demonstration, local Web extranet access, local development of wechat, TCP port forwarding

  • The millet ball is designed for programmers to debug local Web projects without the need for deployment. It is available for free use by students who need it. Reference tutorials: Use tutorials

  • Echosite EchoSite is the same Intranet penetration tool developed by Ngrok, which supports a variety of protocols. Previously, it was all free, but now it is charged, but it is generally used for 1 yuan/month, you can choose according to your own needs. Take a minute to learn how to use EchoSite.

SSH

Work with the autoSSH tool, which is fault-tolerant

  • Project home page: www.harding.motd.ca/autossh/
  • Description: Automatically restarts SSH sessions and tunnels. The SSH tool is a very powerful tool. In addition to remote connections, it can also establish tunnels and forward ports. Using this feature, you can connect port requests from the Internet to Intranet ports. The SSH connection itself is unstable. The autoSSH tool can be used to establish a stable tunnel, because autoSSH automatically maintains and maintains the connection in case of failure or other network conditions.

Reference tutorial: SSH Intranet Penetration

Lanproxy

Lanproxy is an Intranet penetration tool for proxying PCS and servers to the public network. Currently, it only supports TCP traffic forwarding, and supports any TCP upper-layer protocol (access to Intranet websites, local payment interface debugging, SSH access, remote desktop…). . At present, there are peanut Shell, TeamView, GoToMyCloud and so on that provide similar services in the market. However, if you want to use the public network server of the third party, you have to pay for the third party, and these services have various restrictions. In addition, data packets will flow through the third party, so it is also a big risk to data security.

Refer to the tutorial: LanProxy documentation

frp

FRP is a high-performance reverse proxy application for Intranet penetration, supporting TCP, UDP, HTTP, and HTTPS protocols. Use the machine behind the Intranet or firewall to provide HTTP or HTTPS services for the external network. For HTTP, THE HTTPS service supports domain-based virtual hosts and custom domain name binding, enabling multiple domain names to share port 80. The devices behind the Intranet or firewall can provide TCP and UDP services on the external network. For example, you can access the hosts on the Intranet through SSH at home.

Reference tutorial: 10 minutes to teach you how to configure FRP for Intranet penetration

fcn

Free Connect (FCN) is a simpleton one-click access tool for private networks. FCN uses public servers and data encryption technology to transparently access the local area network (LAN) segment where the server resides from any networked machine without public IP addresses. Support for multiple systems.

Reference tutorial: Introduction to Intranet penetration tool FCN

Peanut shells

Peanut Shell is a dynamic domain name resolution software. When you install and register peanut Shell dynamic domain name resolution software, you can use this service to establish a fixed domain name and maximum autonomy of the Internet host, no matter where you are, at any time and on any line. DSL supports regular phone lines, ISDN, ADSL, cable networks, twisted-to-home broadband networks, and any other service line that can provide the real IP of the Internet, whether the IP is dynamic or static.

Reference tutorial: Port mapping method: peanut shell Intranet penetration

Refer to the link

  1. Intranet penetration in one minute (Ngrok server setup)
  2. Wikipedia: Internet address translation
  3. 【 Skills 】 Intranet penetration tool principle and development of actual combat
  4. Diagram to TCP/IP
  5. Several tools that can achieve Intranet penetration
  6. Intranet penetration tool principle and development of actual combat
  7. Basic theory of NAT Penetration (1)