Intranet penetration refers to the exposure of software services in the Intranet to WAN users through network agents. Intranet penetration can be achieved in many ways, such as firewall hardware, network penetration software to achieve. This paper mainly introduces typical Intranet penetration through NPS software.

NPS is introduced

NPS is a lightweight, high performance and powerful Intranet penetrating proxy server. Currently support TCP, UDP traffic forwarding, can support any TCP, UDP upper protocol (access to Intranet website, local payment interface debugging, SSH access, remote desktop, Intranet DNS parsing and so on……) In addition, it also supports Intranet HTTP proxy, Intranet SOCKS5 proxy, P2P and so on, and has a powerful Web management end.

Its official website is: https://ehang-io.github.io/nps. Its official website provides a very complete description of the installation and use of the software. It can be installed and used smoothly according to the official documents.

The basic concept

To understand the use of this software, you first need to understand a basic Intranet penetration usage scenario.

The server side, generally installed on the public network server, is the unified entrance of all internal network resources.
The client, usually installed on the Intranet server, is the bridge between the Intranet server and the public server.
The client uses the secret key to connect the server connection port to establish a long connection, which is used to forward the request information from the external network server to the corresponding client, and the corresponding client also returns relevant information through the port.
Client secret key. After server deployment, the client secret key needs to be established and used to connect when the client connects.

A server side, can correspond to multiple clients. The different ports on the server side can be mapped to the corresponding local ports on the different clients.

A typical scenario

In this article, we design a most common scenario to illustrate the entire software use process. We set the basic requirements as follows.

We have a server with a public IP, the server name is public-server, and the operating system is Linux
We have two Intranet servers inner-server1 (Linux) and inner-server2 (Windows)
We map port 8081 of public network server to inner-server1:80; Port 8082 maps to inner-server2:80.
Both of the proxy protocols are TCP

steps

External server public-server(Linux) server NPS installation

First, you need to log into the GitHub project release page (https://github.com/ehang-io/nps/releases) to download the corresponding version of the server NPS software. Linux \_amd64\_server.tar.gz: Linux \_amd64\_server.tar.gz
Log in to public-server via SSH and upload the files to the corresponding installation directory, which needs to be decompressed first. (Assuming the file is uploaded to /usr/nps)

tar -xzvf linux_amd64_server.tar.gz

After the decompression is completed, enter the decompression directory, and corresponding installation commands need to be executed to ensure that we can load NPS related commands into the bin resource

sudo ./nps install

Then we need to start the relevant server software and check in the console to see if it started successfully.

sudo nps start

Configure the network agent and open the publiic-server Web server port

After successful startup, we need to open the firewall port 8080 so that the admin desk can be logged in through a browser. You also need to open port 8024 so that the client can connect to the server communication port.

sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --permanent --add-port=8024/tcp
sudo firewall-cmd --reload

Use your browser to log in to the relevant port and prompt for the user name and password. Log in with the following default username and password.

admin/123

After successful login, be sure to change the relevant password and modify the configuration file nps.conf

sudo vim /etc/nps/conf/nps.conf

``````
web_username
web_password

Restart the related service and try to login again

sudo nps stop
sudo nps start

Configure client access information through the Web Admin Desk

Use your browser to log in to the relevant port and prompt for the user name and password. Log in with the following modified username and password.
Click client-> add, fill in the notes (inner-server1), allow the client to connect through the configuration file (yes), compress (yes), encrypt (yes), do not fill in BASIC authentication user name, BASIC authentication password, unique authentication key
Click client-> add, fill in the notes (inner-server2), allow the client to connect through the configuration file (yes), compress (yes), encrypt (yes), do not fill in BASIC authentication user name, BASIC authentication password, unique authentication key
After the creation is completed, check the client list, and save the unique verification key and client ID automatically generated by the two servers for use. Here, we assume that they are “client-key” and “client-ID” respectively.

Inner-server1 installs the NPC (Linux) client and connects

You need to log on to their GitHub project release page (https://github.com/ehang-io/nps/releases) to download the corresponding version of the client NPS software. Here we download the Linux \_amd64\_client.tar.gz version for the public-server.
Log in to inner-server1 via SSH and upload the file to the corresponding installation directory, which needs to be extracted first. (Assuming the file is uploaded to /usr/npc)

tar -xzvf linux_amd64_client.tar.gz

After the decompression is completed, enter the decompression directory, and corresponding installation commands need to be executed to ensure that we can load NPC related commands into the bin resource, and at the same time set the server IP address port and the connection secret key (the information automatically generated and reserved when the client is created in the previous step).

sudo ./npc install -server=public-server:8024 -vkey=client-key

Then we need to start the relevant server software and check in the console to see if it started successfully.

sudo npc stop
sudo npc start

Inner-server2 installs the NPC (Windows) client and connects

You need to log on to their GitHub project release page (https://github.com/ehang-io/nps/releases) to download the corresponding version of the client NPS software. Windows \_amd64\_client.tar.gz is a version of Windows \_amd64\_client.tar.gz.
Log in to inner-server1 via SSH and upload the file to the corresponding installation directory, which needs to be extracted first. (Assuming the file is uploaded to the directory D:\ NPC)

tar -xzvf windows_amd64_client.tar.gz

After the decompression is completed, enter the decompression directory, execute the corresponding installation command, and set the server IP address port and the connection secret key (the information automatically generated and reserved when the client is created in the previous step).

Npc. exe install -server=public-server: 8024-vkey =inner-server2 Unique Verify Key

Then we need to start the relevant server software and check in the console to see if it started successfully.

npc.exe stop
npc.exe start

External server public-server(Linux) server port mapping configuration

Use your browser to log in to the relevant port and prompt for the user name and password. Log in with the following modified username and password.
Here you need to use the client ID that is automatically generated after the creation of the client described above.
Select TCP tunnel-> add, enter mode (TCP), client-id (Client-id), note (inner-server1-80), ** server port (8081), target (127.0.0.1:80) in order.
Select TCP tunnel-> add, enter mode (TCP), client-id (Client-id), note (inner-server2-80), ** server port (8082), target (127.0.0.1:80) in order.
Open the public-server related firewall

sudo firewall-cmd --permanent --add-port=8081/tcp
sudo firewall-cmd --permanent --add-port=8082/tcp
sudo firewall-cmd --reload

Test access to public-server:8081/8082 port and observe the server and client logs to verify whether the forwarding is successful.

conclusion

So far, we have completed the most common Intranet penetration configuration based on NPS. In fact, there are many protocols and operating systems supported by NPS. You can learn and verify it step by step according to the official documents. The overall usability of the system is very good and I have deployed it for a year without any problems.

Copyright notice, this article was first published in Digital Magic Box
https://www.dm2box.com/Welcome to reprint.

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Use of Intranet Penetrator NPS

NPS is introduced

The basic concept

A typical scenario

steps

External server public-server(Linux) server NPS installation

Configure the network agent and open the publiic-server Web server port

Configure client access information through the Web Admin Desk

Inner-server1 installs the NPC (Linux) client and connects

Inner-server2 installs the NPC (Windows) client and connects

External server public-server(Linux) server port mapping configuration

conclusion

Use of Intranet Penetrator NPS

NPS is introduced

The basic concept

A typical scenario

steps

External server public-server(Linux) server NPS installation

Configure the network agent and open the publiic-server Web server port

Configure client access information through the Web Admin Desk

Inner-server1 installs the NPC (Linux) client and connects

Inner-server2 installs the NPC (Windows) client and connects

External server public-server(Linux) server port mapping configuration

conclusion

Related Posts

Use the Systemctl command to manage system services

How to install OpenLiteSpeed Web Server in CentOS 8

Website domain name resolution text tutorial details