CN110611724A - Internet of things gateway intranet penetration method based on reverse proxy - Google Patents
Internet of things gateway intranet penetration method based on reverse proxy Download PDFInfo
- Publication number
- CN110611724A CN110611724A CN201810621562.6A CN201810621562A CN110611724A CN 110611724 A CN110611724 A CN 110611724A CN 201810621562 A CN201810621562 A CN 201810621562A CN 110611724 A CN110611724 A CN 110611724A
- Authority
- CN
- China
- Prior art keywords
- reverse proxy
- intranet
- reverse
- internet
- penetration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000035515 penetration Effects 0.000 title claims abstract description 46
- 238000000034 method Methods 0.000 title claims abstract description 19
- 238000013475 authorization Methods 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 5
- 230000006835 compression Effects 0.000 claims description 3
- 238000007906 compression Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 5
- 230000000149 penetrating effect Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000011378 penetrating method Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- RJKFOVLPORLFTN-LEKSSAKUSA-N Progesterone Chemical compound C1CC2=CC(=O)CC[C@]2(C)[C@@H]2[C@@H]1[C@@H]1CC[C@H](C(=O)C)[C@@]1(C)CC2 RJKFOVLPORLFTN-LEKSSAKUSA-N 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/59—Network arrangements, protocols or services for addressing or naming using proxies for addressing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to an Internet of things gateway intranet penetration method based on a reverse proxy, which is characterized in that access and control of an external network terminal to an Internet of things gateway in an intranet are realized, a reverse proxy server is deployed on an external network server, a reverse proxy client and an intranet application are deployed on the Internet of things gateway at the same time, the reverse proxy server and the reverse proxy client are connected through a router, a data request sent by the external network terminal is transmitted to the intranet application through the reverse proxy server, the router and the reverse proxy client in sequence, and feedback data of the intranet application is transmitted to the reverse proxy server through the reverse proxy client and the router in sequence, so that the intranet can serve the external network environment. Compared with the prior art, the method has the advantages of large service scope, reduction of the resource requirement of intranet penetration on equipment and the like.
Description
Technical Field
The invention relates to an intranet penetrating method, in particular to an internet of things gateway intranet penetrating method based on a reverse proxy.
Background
The IP protocol is always developed by the dominance of a few countries, which monopolizes the allocation right of IP addresses, and as a result, IP addresses cannot be reasonably allocated among various regions. With the rapid development of the internet, the 32-bit IP address number agreed by the early IP protocol is not enough, even though technologies for optimizing IP address allocation such as CIDR are proposed, the total number of IP addresses is still not increased, and in addition, the increase of the current mobile devices increases the demand for IP addresses, so that the shortage of IP addresses becomes a problem to be faced and solved. The next generation IP protocol that can completely solve this problem at the present stage is not yet fully widespread. The intranet penetration technology is proposed in 1994, and is used for a plurality of hosts to share one IP address to surf the internet, when an IP data packet is forwarded by an intranet penetration device, a destination address of the data packet sent to the intranet is penetrated by the intranet and is replaced by an intranet host address, a source address of the data packet sent to the extranet is replaced by an extranet address penetrated by the intranet, namely a plurality of hosts of an internal network can be represented by a small number of public network IP addresses, and therefore the current situation that the number of IP addresses is short is relieved. However, with the development of internet and internet of things technologies, the existing intranet penetration technology does not meet the existing requirements.
Disclosure of Invention
The invention aims to overcome the defects in the prior art and provide a reverse proxy-based internet of things gateway intranet penetration method.
The purpose of the invention can be realized by the following technical scheme:
a reverse proxy-based Internet of things gateway intranet penetration method is used for realizing access and control of an external network terminal to an Internet of things gateway in an intranet, and comprises the steps of deploying a reverse proxy server on an external network server, deploying a reverse proxy client and an intranet application on the Internet of things gateway at the same time, connecting the reverse proxy server and the reverse proxy client through a router, transmitting a data request sent by the external network terminal to the intranet application through the reverse proxy server, the router and the reverse proxy client in sequence, and transmitting feedback data of the intranet application to the reverse proxy server through the reverse proxy client and the router in sequence to realize service of the intranet to an external network environment.
Further, the services of the intranet to the extranet environment include SSH penetration, Web penetration, tcp penetration, udp penetration, http penetration, https penetration, DNS query request, forwarding Unix domain sockets, and secure intranet.
Further, one reverse proxy server is respectively connected with a plurality of external network terminals and a plurality of reverse proxy clients.
Furthermore, a first authorization code corresponding to each agent and used for authenticating the reverse proxy client is set in the reverse proxy server, and a second authorization code matched with the first authorization code is set in the reverse proxy client.
Further, the time difference between the external network server and the gateway of the internet of things is less than or equal to 15 minutes.
Further, the reverse proxy server side realizes communication with the reverse proxy client side in an encryption mode.
Further, the reverse proxy server side realizes communication with the reverse proxy client side in a compression mode.
Compared with the prior art, the invention has the following beneficial effects:
1) the invention provides services such as ssh, tcp, udp, http, https, DNS query request, forwarding Unix domain socket, secure intranet and the like for the extranet environment by using a machine behind an intranet or a firewall, and the breadth of the provided services exceeds the existing intranet penetration technology.
2) The invention innovatively realizes the function of intranet penetration on equipment with light weight and low cost, such as an Internet of things gateway. The resource demand of intranet penetration on equipment is greatly reduced, and the feasibility of intranet penetration is improved for a large number of low-cost lightweight terminals in future application of the Internet of things. The lightweight intranet penetration function can be operated on the portable Internet of things gateway.
Drawings
FIG. 1 is a diagram of an intranet penetrating system architecture according to the present invention;
FIG. 2 is a schematic diagram of a reverse proxy implementation of the present invention;
FIG. 3 is a schematic flow chart of the penetration method of the present invention.
Detailed Description
The invention is described in detail below with reference to the figures and specific embodiments. The present embodiment is implemented on the premise of the technical solution of the present invention, and a detailed implementation manner and a specific operation process are given, but the scope of the present invention is not limited to the following embodiments.
As shown in fig. 1, the invention provides an internet of things gateway intranet penetration method based on a reverse proxy, which realizes access and control of an external network terminal to an internet of things gateway in an intranet, the method deploys a reverse proxy server on an external network server, deploys a reverse proxy client and an intranet application on the internet of things gateway at the same time, the reverse proxy server and the reverse proxy client are connected through a router, a data request sent by the external network terminal is transmitted to the intranet application through the reverse proxy server, the router and the reverse proxy client in sequence, and feedback data of the intranet application is transmitted to the reverse proxy server through the reverse proxy client and the router in sequence, so that service of the intranet to an external network environment is realized. And the reverse proxy server is respectively connected with a plurality of external network terminals and a plurality of reverse proxy clients.
As shown in fig. 2-3, the method of the present invention mainly completes the intranet penetration function based on the reverse proxy through six steps:
1. the external network user sends a data request;
2. the router forwards the request to the reverse proxy client;
3. request is sent to the intranet application;
4. returning the data to the reverse proxy client;
5. returning the data to the router;
6. the router forwards the data to the external network server to complete the access.
Through the method, the services of the internal network to the external network environment comprise SSH penetration, Web penetration, tcp penetration, udp penetration, http penetration, https penetration, DNS query request, Unix domain socket forwarding and secure internal network.
The reverse proxy server is provided with a first authorization code corresponding to each proxy and used for authenticating the reverse proxy client, and the reverse proxy client is provided with a second authorization code matched with the first authorization code. For security, the server may set an auth _ token for each agent in the ini file of the reverse proxy server for authenticating the client connection, for example, 123 may be the auth _ token of both the [ ssh ] and [ web ] proxies. The client needs to configure own auth _ token in the ini of the reverse proxy client, and the client can normally operate only if the configuration is consistent with that in the server.
And the time difference between the external network server and the gateway of the Internet of things is less than or equal to 15 minutes. Because the time stamp can be used in encryption verification, the message is prevented from being used by other people after being hijacked. This timeout time may be modified in the authentication timeout parameter of the profile in seconds, with a default value of 900, i.e., 15 minutes. If the modification is 0, the server side does not perform overtime check on the timestamp of the identity verification message.
In some embodiments, the reverse proxy server communicates with the reverse proxy client by encryption. If the intranet firewall identifies and shields the flow of the access of the extranet, for example, the ssh protocol is prohibited, and the like, the communication content between the server and the client is encrypted and transmitted by setting the encryption enabling flag bit, so that the flow can be effectively prevented from being intercepted.
In some embodiments, the reverse proxy server communicates with the reverse proxy client in a compressed manner. If the length of the transmitted message is long, the transmission content is compressed by setting the compression enabling flag bit, so that the network flow between the server and the client can be effectively reduced, the flow forwarding speed is accelerated, but some CPU resources are additionally consumed.
In this embodiment, ssh penetration is taken as an example to introduce an intranet penetration implementation of an internet of things gateway based on a reverse proxy, which specifically includes:
step one, creating ssh access connection through xshell, setting a port and a login user name;
secondly, after establishing the reverse proxy connection, the user can see the corresponding log information at the reverse proxy server side and display that the connection is normal;
thirdly, checking a file directory penetrating through a target Internet of things gateway by executing the ls instruction, and checking whether the directory is consistent; and checking the IP penetrating through the gateway of the target Internet of things currently through an ifconfig instruction, wherein the IP is consistent with the IP required by the penetration of the user, and the success of the penetration is ensured.
The foregoing detailed description of the preferred embodiments of the invention has been presented. It should be understood that numerous modifications and variations could be devised by those skilled in the art in light of the present teachings without departing from the inventive concepts. Therefore, the technical solutions available to those skilled in the art through logic analysis, reasoning and limited experiments based on the prior art according to the concept of the present invention should be within the scope of protection defined by the claims.
Claims (7)
1. A gateway and intranet penetration method of an Internet of things based on reverse proxy is characterized in that access and control of an external network terminal to an Internet of things gateway in an intranet are achieved, a reverse proxy server is deployed on an external network server, a reverse proxy client and an intranet application are deployed on the Internet of things gateway at the same time, the reverse proxy server and the reverse proxy client are connected through a router, a data request sent by the external network terminal is transmitted to the intranet application through the reverse proxy server, the router and the reverse proxy client in sequence, feedback data of the intranet application is sent to the reverse proxy server through the reverse proxy client and the router in sequence, and service of the intranet to the external network environment is achieved.
2. The reverse-proxy-based gateway intranet penetration method for the internet of things of claim 1, wherein the services of the intranet to the extranet environment comprise SSH penetration, Web penetration, tcp penetration, udp penetration, http penetration, https penetration, DNS query request, Unix domain socket forwarding and secure intranet.
3. The reverse-proxy-based internet-of-things gateway intranet penetration method according to claim 1, wherein one reverse proxy server is connected with a plurality of extranet terminals and a plurality of reverse proxy clients respectively.
4. The reverse-proxy-based internet-of-things gateway intranet penetration method according to claim 1, wherein a first authorization code corresponding to each proxy and used for authenticating a reverse proxy client is arranged in the reverse proxy server, and a second authorization code matched with the first authorization code is arranged in the reverse proxy client.
5. The reverse-proxy-based internet-of-things gateway intranet penetration method according to claim 1, wherein the time difference between the extranet server and the internet-of-things gateway is less than or equal to 15 minutes.
6. The reverse-proxy-based internet-of-things gateway intranet penetration method as claimed in claim 1, wherein the reverse proxy server side realizes communication with the reverse proxy client side through an encryption mode.
7. The reverse-proxy-based internet-of-things gateway intranet penetration method as claimed in claim 1, wherein the reverse proxy server side realizes communication with the reverse proxy client side in a compression mode.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810621562.6A CN110611724A (en) | 2018-06-15 | 2018-06-15 | Internet of things gateway intranet penetration method based on reverse proxy |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810621562.6A CN110611724A (en) | 2018-06-15 | 2018-06-15 | Internet of things gateway intranet penetration method based on reverse proxy |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110611724A true CN110611724A (en) | 2019-12-24 |
Family
ID=68888397
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810621562.6A Pending CN110611724A (en) | 2018-06-15 | 2018-06-15 | Internet of things gateway intranet penetration method based on reverse proxy |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110611724A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113382084A (en) * | 2021-06-30 | 2021-09-10 | 北京小程科技有限公司 | Method and system for remotely debugging local area network equipment of parking lot through wide area network |
CN113835911A (en) * | 2021-11-23 | 2021-12-24 | 深圳市明源云科技有限公司 | Intranet penetration agent method, system, host and computer readable storage medium |
CN113872957A (en) * | 2021-09-24 | 2021-12-31 | 上海幻电信息科技有限公司 | Intranet equipment connection method and system based on SSH reverse tunnel |
CN114189370A (en) * | 2021-11-30 | 2022-03-15 | 新华三云计算技术有限公司 | Access method and device |
CN114244554A (en) * | 2021-11-03 | 2022-03-25 | 上海七牛信息技术有限公司 | SSh-based login method and system |
CN114553414A (en) * | 2022-03-03 | 2022-05-27 | 合肥浩瀚深度信息技术有限公司 | Intranet penetration method and system based on HTTPS service |
CN115037525A (en) * | 2022-05-18 | 2022-09-09 | 深圳奇迹智慧网络有限公司 | Multi-connection dynamic security shell protocol reverse proxy system and method |
CN115315926A (en) * | 2020-03-24 | 2022-11-08 | 微软技术许可有限责任公司 | Reverse proxy server for implementing application layer based and transport layer based security rules |
CN117439815A (en) * | 2023-12-08 | 2024-01-23 | 中国人民解放军31203部队 | Intranet penetration system and method based on reverse transparent bridging |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1700682A (en) * | 2004-05-21 | 2005-11-23 | 迈普(四川)通信技术有限公司 | Virtual domain name resolution proxy method and system |
CN103368809A (en) * | 2013-07-06 | 2013-10-23 | 马钢(集团)控股有限公司 | Internet reverse penetration tunnel implementation method |
CN106357732A (en) * | 2016-08-25 | 2017-01-25 | 珠海迈科智能科技股份有限公司 | Method for distributed reverse proxy server and client as well as device and system thereof |
WO2017185925A1 (en) * | 2016-04-28 | 2017-11-02 | 深圳市先河系统技术有限公司 | Method of accessing website, client, and local area network server |
CN107786536A (en) * | 2017-09-11 | 2018-03-09 | 成都阜特科技股份有限公司 | TCP reverse port penetration method and system thereof |
-
2018
- 2018-06-15 CN CN201810621562.6A patent/CN110611724A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1700682A (en) * | 2004-05-21 | 2005-11-23 | 迈普(四川)通信技术有限公司 | Virtual domain name resolution proxy method and system |
CN103368809A (en) * | 2013-07-06 | 2013-10-23 | 马钢(集团)控股有限公司 | Internet reverse penetration tunnel implementation method |
WO2017185925A1 (en) * | 2016-04-28 | 2017-11-02 | 深圳市先河系统技术有限公司 | Method of accessing website, client, and local area network server |
CN106357732A (en) * | 2016-08-25 | 2017-01-25 | 珠海迈科智能科技股份有限公司 | Method for distributed reverse proxy server and client as well as device and system thereof |
CN107786536A (en) * | 2017-09-11 | 2018-03-09 | 成都阜特科技股份有限公司 | TCP reverse port penetration method and system thereof |
Non-Patent Citations (1)
Title |
---|
车捷,邹毅编著: "《信息网络与高新技术法律前沿》" * |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115315926A (en) * | 2020-03-24 | 2022-11-08 | 微软技术许可有限责任公司 | Reverse proxy server for implementing application layer based and transport layer based security rules |
CN113382084A (en) * | 2021-06-30 | 2021-09-10 | 北京小程科技有限公司 | Method and system for remotely debugging local area network equipment of parking lot through wide area network |
CN113872957A (en) * | 2021-09-24 | 2021-12-31 | 上海幻电信息科技有限公司 | Intranet equipment connection method and system based on SSH reverse tunnel |
CN114244554A (en) * | 2021-11-03 | 2022-03-25 | 上海七牛信息技术有限公司 | SSh-based login method and system |
CN113835911A (en) * | 2021-11-23 | 2021-12-24 | 深圳市明源云科技有限公司 | Intranet penetration agent method, system, host and computer readable storage medium |
CN113835911B (en) * | 2021-11-23 | 2022-03-01 | 深圳市明源云科技有限公司 | Intranet penetration agent method, system, host and computer readable storage medium |
CN114189370A (en) * | 2021-11-30 | 2022-03-15 | 新华三云计算技术有限公司 | Access method and device |
CN114553414A (en) * | 2022-03-03 | 2022-05-27 | 合肥浩瀚深度信息技术有限公司 | Intranet penetration method and system based on HTTPS service |
CN114553414B (en) * | 2022-03-03 | 2024-04-05 | 合肥浩瀚深度信息技术有限公司 | Intranet penetration method and system based on HTTPS service |
CN115037525A (en) * | 2022-05-18 | 2022-09-09 | 深圳奇迹智慧网络有限公司 | Multi-connection dynamic security shell protocol reverse proxy system and method |
CN117439815A (en) * | 2023-12-08 | 2024-01-23 | 中国人民解放军31203部队 | Intranet penetration system and method based on reverse transparent bridging |
CN117439815B (en) * | 2023-12-08 | 2024-03-19 | 中国人民解放军31203部队 | Intranet penetration system and method based on reverse transparent bridging |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110611724A (en) | Internet of things gateway intranet penetration method based on reverse proxy | |
US8631139B2 (en) | System and method for automatically initiating and dynamically establishing secure internet connections between a fire-walled server and a fire-walled client | |
US6101543A (en) | Pseudo network adapter for frame capture, encapsulation and encryption | |
US7305546B1 (en) | Splicing of TCP/UDP sessions in a firewalled network environment | |
US8095786B1 (en) | Application-specific network-layer virtual private network connections | |
US7278157B2 (en) | Efficient transmission of IP data using multichannel SOCKS server proxy | |
JP2008547299A (en) | System, terminal, method and computer program product for establishing a transport level connection with a server located behind a network address translator and / or firewall | |
US10250581B2 (en) | Client, server, radius capability negotiation method and system between client and server | |
CN111614596B (en) | Remote equipment control method and system based on IPv6 tunnel technology | |
US20040024882A1 (en) | Enabling authorised-server initiated internet communication in the presence of network address translation (NAT) and firewalls | |
US11528326B2 (en) | Method of activating processes applied to a data session | |
US20170093984A1 (en) | System and method for improving efficiency of ssl/tls connections | |
Minoli et al. | Security in an IPv6 environment | |
US9413590B2 (en) | Method for management of a secured transfer session through an address translation device, corresponding server and computer program | |
CN105518693A (en) | Safety protection method and device | |
CN107547621B (en) | Message forwarding method and device | |
CN102202108A (en) | Method, device and system for realizing NAT (network address translation) traverse of IPSEC (Internet protocol security) in AH (authentication header) mode | |
KR20180099293A (en) | Method for communicating between trust domains and gateway therefor | |
US7237263B1 (en) | Remote management of properties, such as properties for establishing a virtual private network | |
KR101613747B1 (en) | Method for authenticating of message and ip-pbx system for the same | |
WO2004012413A1 (en) | Served initiated authorised communication in the presence of network address translator (nat) or firewalls | |
Vishwakarma | Virtual private networks | |
TW201808049A (en) | Method for controlling a client device to access a network device, and associated control apparatus | |
CN117544668A (en) | Method for reverse proxy through external network server | |
CN115834090A (en) | Communication method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191224 |
|
RJ01 | Rejection of invention patent application after publication |