Intranet penetration refers to exposing software services on the Intranet to WAN users through network proxies. There are many ways to implement Intranet penetration, such as firewall hardware and network penetration software. This paper mainly introduces the typical Intranet penetration through NPS software.

NPS is introduced

NPS is a lightweight, high-performance, and powerful Intranet penetrating proxy server. At present, it supports TCP and UDP traffic forwarding, and can support any TCP and UDP upper-layer protocols (access Intranet website, local payment interface debugging, SSH access, remote desktop, Intranet DNS resolution, etc.). In addition, it supports Intranet HTTP proxy, Intranet SOcks5 proxy, and P2P, and provides a powerful Web management end.

The official website is: ehang-io.github. IO/NPS. The official website documentation provides a complete description of the installation and use of the software.

The basic concept

To understand how to use this software, you first need to understand a basic Intranet penetration usage scenario.

The server is usually installed on a public network server and serves as a unified gateway for all Intranet resources.
The client is usually installed on the Intranet server and serves as the bridge between the Intranet server and the public network server.
Client connection port. The client uses the secret key to connect to the server connection port to set up a long connection. It is used to forward the request information from the Extranet server to the corresponding client, and the corresponding client returns related information through this port.
Client secret key: After the server is deployed, create a client secret key and use the secret key to connect to the client.

A server can correspond to multiple clients. Different ports on the server can be mapped to local ports on different clients.

A typical scenario

In this article, we design a most common scenario to illustrate the entire process of using the software. We set the basic requirements as follows.

We have a server with a public IP address. The server name is public-server and the operating system is Linux
We have two Intranet servers inner-server1 (Linux) and inner-server2 (Windows)
We map port 8081 of the public network server to inner-server1:80. Port 8082 is mapped to inner-Server2:80.
Both proxy protocols are TCP

steps

Internet server public-server(Linux) The NPS is installed on the server

First, you need to go to their Github project release page (github.com/ehang-io/np…) Download the NPS software of the server version. Gz version: linux_amd64_server.tar.gz
To log in to the public-server using SSH and upload the file to the corresponding installation directory, decompress the file first. (Assuming files are uploaded to /usr/nps)

tar -xzvf linux_amd64_server.tar.gz

Copy the code

After the decompression is complete, go to the decompressed directory and run the corresponding installation commands to ensure that the NPS related commands and files can be loaded to the bin resource

sudo ./nps install

Copy the code

Then we need to start the relevant server software and check whether it started successfully in the console.

sudo nps start

Copy the code

Configure the network proxy and enable the Publiic-server WEB server port

After the startup is successful, you need to enable port 8080 of the firewall to log in to the management console through a browser. In addition, port 8024 must be enabled so that the client can connect to the communication port of the server.

sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --permanent --add-port=8024/tcp
sudo firewall-cmd --reload 

Copy the code

Use a browser to log in to the port, and the user name and password are displayed. Use the default user name and password.

admin/123

Copy the code

After the successful login, you must change the related password and modify the nps.conf configuration file

sudo vim /etc/nps/conf/nps.conf

Copy the code

web_username
web_password

Copy the code

Restart the relevant service and try to log in again

sudo nps stop
sudo nps start

Copy the code

Configure client access information on the Web management console

Use a browser to log in to the port, and the user name and password are displayed. Use the following new user name and password to log in.
Click Client > Add, and enter Remarks (inner-server1), Allow clients to connect through the configuration file (yes), compress (yes), and encrypt (Yes) in sequence. Do not enter the Basic authentication user name, Basic authentication password, and unique authentication key
Click Client > Add, and enter Remarks (inner-server2), Allow clients to connect through the configuration file (yes), compress (yes), and encrypt (Yes) in sequence. Do not enter the Basic authentication user name, Basic authentication password, and unique authentication key
After the new client is created, check the client list and save the unique authentication key and client ID automatically generated by the two servers for backup. Here, we assume that they are “client-key” and “client-id” respectively.

Intranet server inner-server1 Install and connect the NPC client (Linux)

You need to go to their Github project release page (github.com/ehang-io/np…) Download the NPS client software of the corresponding version. Gz version: linux_amd64_client.tar.gz
To log in to inner-server1 over SSH and upload the file to the corresponding installation directory, decompress the file first. (Assuming files are uploaded to /usr/npc)

tar -xzvf linux_amd64_client.tar.gz

Copy the code

After the decompression is complete, go to the decompression directory, and run the corresponding installation commands to load the NPC-related commands to the bin resource. At the same time, set the SERVER IP address, port, and connection key (the information is automatically generated and used when creating a client in the previous step).

sudo ./npc install -server=public-server:8024 -vkey=client-key

Copy the code

Then we need to start the relevant server software and check whether it started successfully in the console.

sudo npc stop
sudo npc start

Copy the code

Intranet server inner-server2 Install and connect the NPC (Windows) client

You need to go to their Github project release page (github.com/ehang-io/np…) Download the NPS client software of the corresponding version. According to the public-server situation here we download, Windows_amd64_client.tar. gz version.
To log in to inner-server1 over SSH and upload the file to the corresponding installation directory, decompress the file first. (Assuming files are uploaded to directory D:\ NPC)

tar -xzvf windows_amd64_client.tar.gz 

Copy the code

After the decompression is complete, go to the decompressed directory, run the corresponding installation commands, and set the SERVER IP address, port, and connection key (the information is automatically generated and used when creating a client in the previous step).

Npc. exe install-server =public-server:8024 -vkey=inner-server2 Unique authentication keyCopy the code

Then we need to start the relevant server software and check whether it started successfully in the console.

npc.exe stop
npc.exe start

Copy the code

External server public-server(Linux) Configure port mapping on the server

Use a browser to log in to the port, and the user name and password are displayed. Use the following new user name and password to log in.
The client ID that is automatically generated after creating the client mentioned above is used for this purpose.
Select TCP Tunnel > Add and enter mode (TCP), client ID (client-ID), Remarks (inner-server1-80), server port (8081), target (127.0.0.1:80).
Select TCP Tunnel > Add and enter mode (TCP), client ID (client-ID), Remarks (inner-server2-80), server port (8082), target (127.0.0.1:80).
The firewall related to public-server is enabled

sudo firewall-cmd --permanent --add-port=8081/tcp
sudo firewall-cmd --permanent --add-port=8082/tcp
sudo firewall-cmd --reload 

Copy the code

Test Access the public-server:8081/8082 port and observe server and client logs to verify whether the forwarding is successful.

conclusion

So far, we have completed the most common Intranet penetration configuration based on NPS. In fact, NPS supports a lot of protocols and operating systems. You can learn and verify according to the official documents step by step. The overall availability of the system was excellent and I deployed it for a year without any problems.

Copyright notice, this article first published in the digital magic box www.dm2box.com/ welcome to reprint.

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Use of the Intranet penetration artifact NPS

NPS is introduced

The basic concept

A typical scenario

steps

Internet server public-server(Linux) The NPS is installed on the server

Configure the network proxy and enable the Publiic-server WEB server port

Configure client access information on the Web management console

Intranet server inner-server1 Install and connect the NPC client (Linux)

Intranet server inner-server2 Install and connect the NPC (Windows) client

External server public-server(Linux) Configure port mapping on the server

conclusion

Use of the Intranet penetration artifact NPS

NPS is introduced

The basic concept

A typical scenario

steps

Internet server public-server(Linux) The NPS is installed on the server

Configure the network proxy and enable the Publiic-server WEB server port

Configure client access information on the Web management console

Intranet server inner-server1 Install and connect the NPC client (Linux)

Intranet server inner-server2 Install and connect the NPC (Windows) client

External server public-server(Linux) Configure port mapping on the server

conclusion

Related Posts

Write a linear regression model in Python without a framework | Python theme month

Tomcat source code parsing – Startup process

Operation and maintenance boss summary! 425 pages ELK Chinese guide, illustrated and easy to understand, quick lead