腾讯云frp连接失败。login to server failed: dial tcp x:7000: connectex: A connection attempt failed because
地址:https://github.com/fatedier/frp
简介:一个高效的反向代理:A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
最全面的官方教程文档:https://gofrp.org
自我记录:
a、使用TCP代理,开启本地服务器的访问。
Linux服务器启动 frps
命令:nohup ./frps -c frps.ini(无挂起启动命令。可以自定义个shell脚本,避免每次切换目录,再启动)
配置:frps.init
[common]
bind_port = 7000
token = 123456
Windows启动 frpc
CMD命令:frpc -c testzyh.ini
配置:testzyh.ini
C:\Users\Administrator\Desktop\frpjk>frpc -c testzyh.ini
2022/01/25 14:18:15 [W] [service.go:86] login to server failed: dial tcp 124.223.72.221:7000: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
dial tcp 124.223.72.221:7000: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.失败案例:腾讯云的Linux的frps启动成功,Windows的客户端启动失败。连接超时,无响应等。应为腾讯云服务器的,防火墙规则,对于进入服务器的是有限制。需要开启。(腾讯云服务器的服务器防火墙入站及出站规则限制)(路径:腾讯云网页控制台—》轻量服务器—》服务器—》防火墙—》添加规则)
自身问题:不知道Linux服务器的防火墙规则,导致不知道怎么做。
wireshark抓包(过滤规则:ip.addr == 124.223.72.221) 130 8.568352 192.168.1.155 124.223.72.221 TCP 66 63289 → 7000 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1 131 8.599347 124.223.72.221 192.168.1.155 ICMP 94 Destination unreachable (Host administratively prohibited) 142 9.571653 192.168.1.155 124.223.72.221 TCP 66 [TCP Retransmission] [TCP Port numbers reused] 63289 → 7000 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1 143 9.590816 124.223.72.221 192.168.1.155 ICMP 94 Destination unreachable (Host administratively prohibited) 219 11.584799 192.168.1.155 124.223.72.221 TCP 66 [TCP Retransmission] [TCP Port numbers reused] 63289 → 7000 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1 220 11.614667 124.223.72.221 192.168.1.155 ICMP 94 Destination unreachable (Host administratively prohibited)二.通过防火墙,开启端口
1.安装防火墙
安装iptables-services :
2.防火墙基本操作
查看版本: firewall-cmd --version
显示状态: firewall-cmd --state
查看所有打开的端口: netstat -anp开启防火墙 systemctl start firewalld
关闭防火墙 systemctl stop firewalld开启防火墙 service firewalld start
若遇到无法开启
先用:systemctl unmask firewalld.service
然后:systemctl start firewalld.service3.端口查询
查询指定端口是否已开 firewall-cmd --query-port=666/tcp
提示yes or no
查询所有开启的端口 netstat -anp
4.开启端口
如果上面端口查询没有开启的话,需要重新开启一下
开启端口命令
添加 firewall-cmd --zone=public --add-port=80/tcp --permanent (–permanent永久生效,没有此参数重启后失效)
重新载入 firewall-cmd --reload
查看 firewall-cmd --zone= public --query-port=80/tcp
删除 firewall-cmd --zone= public --remove-port=80/tcp --permanent
最终结果:终于结束痛苦的失败
Linux服务器启动:
[lighthouse@VM-16-13-centos ~]$ ./frp a 2022/01/25 15:15:40 [I] [root.go:200] frps uses config file: frps.ini 2022/01/25 15:15:40 [I] [service.go:192] frps tcp listen on 0.0.0.0:7000 2022/01/25 15:15:40 [I] [root.go:209] frps started successfullywindow客户端启动成功:
C:\Users\Administrator\Desktop\frpjk>frpc -c testzyh.ini 2022/01/25 15:15:49 [I] [service.go:234] login to server success, get run id [fc18ba4b6640781d], server udp port [0] 2022/01/25 15:15:49 [I] [proxy_manager.go:144] [fc18ba4b6640781d] proxy added: [test_web_1 test_web_2] 2022/01/25 15:15:49 [I] [control.go:153] [test_web_1] start proxy success 2022/01/25 15:15:49 [I] [control.go:153] [test_web_2] start proxy successLinux服务器响应成功:
[lighthouse@VM-16-13-centos ~]$ ./frp a 2022/01/25 15:15:40 [I] [root.go:200] frps uses config file: frps.ini 2022/01/25 15:15:40 [I] [service.go:192] frps tcp listen on 0.0.0.0:7000 2022/01/25 15:15:40 [I] [root.go:209] frps started successfully 2022/01/25 15:15:48 [I] [service.go:447] [fc18ba4b6640781d] client login info: ip [115.219.252.237:59640] version [0.29.0] hostname [] os [windows] arch [amd64] 2022/01/25 15:15:48 [I] [tcp.go:63] [fc18ba4b6640781d] [test_web_1] tcp proxy listen port [15556] 2022/01/25 15:15:48 [I] [control.go:444] [fc18ba4b6640781d] new proxy [test_web_1] success 2022/01/25 15:15:48 [I] [tcp.go:63] [fc18ba4b6640781d] [test_web_2] tcp proxy listen port [15557] 2022/01/25 15:15:48 [I] [control.go:444] [fc18ba4b6640781d] new proxy [test_web_2] success其他的验证方法,使用telnet进行验证:
- 前置步骤,安装:
sudo yum install telnet#成功连接 [lighthouse@VM-16-13-centos ~]$ telnet 124.223.72.221 7000 Trying 124.223.72.221... Connected to 124.223.72.221. Escape character is '^]'. Connection closed by foreign host. #失败连接 [lighthouse@VM-16-13-centos ~]$ telnet 124.223.72.221 7000 Trying 124.223.72.221... telnet: connect to address 124.223.72.221: No route to host要检查一下这几个方面:
- 服务器端口是否可用,客户端是去连接服务器的相应端口的,所以要保证端口是能被客户端访问的
(1)先看看服务器是否开启了任务监听对应端口,我这里端口是7000
sudo netstat -tunlp | grep 7000(2)如果任务已开始监听,然后看看防火墙是否开放了这个端口,很重要
sudo iptables -L -n --line-numbers | grep 7000(3)如果防火墙没有开启这个端口,需要自己添加规则开启
sudo iptables -I INPUT -ptcp --dport 7000 -j ACCEPT(4)补充iptables相关命令
查找所有规则
sudo iptables -L INPUT --line-numbers
[common]
token = 123456
# Linux服务器的公网IP地址
server_addr = 124.223.72.221
server_port = 7000
[test_web_1]
type = tcp
local_ip = 127.0.0.1
local_port = 8080
remote_port = 15556
[test_web_2]
type = tcp
local_ip = 127.0.0.1
local_port = 8180
remote_port = 15557
b、使用HTTP代理
略