CN115834230A - Internal network penetration configuration method, system, equipment and medium - Google Patents
Internal network penetration configuration method, system, equipment and medium Download PDFInfo
- Publication number
- CN115834230A CN115834230A CN202211641009.1A CN202211641009A CN115834230A CN 115834230 A CN115834230 A CN 115834230A CN 202211641009 A CN202211641009 A CN 202211641009A CN 115834230 A CN115834230 A CN 115834230A
- Authority
- CN
- China
- Prior art keywords
- configuration
- server
- protocol configuration
- communication equipment
- intranet server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 230000035515 penetration Effects 0.000 title claims abstract description 23
- 238000004891 communication Methods 0.000 claims abstract description 94
- 238000012546 transfer Methods 0.000 claims abstract description 44
- 238000012545 processing Methods 0.000 claims abstract description 34
- 230000006870 function Effects 0.000 claims description 24
- 238000004590 computer program Methods 0.000 claims description 7
- 230000008569 process Effects 0.000 claims description 4
- 238000005538 encapsulation Methods 0.000 claims description 3
- 238000009517 secondary packaging Methods 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 108090000623 proteins and genes Proteins 0.000 description 3
- 235000010627 Phaseolus vulgaris Nutrition 0.000 description 2
- 244000046052 Phaseolus vulgaris Species 0.000 description 2
- 238000013475 authorization Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000000149 penetrating effect Effects 0.000 description 1
- 238000011076 safety test Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method, a system, equipment and a medium for internal network penetration configuration, wherein the method comprises the following steps: acquiring an intranet server, communication equipment and a transfer server; respectively performing parameter generation processing on the intranet server and the communication equipment to obtain an authentication parameter set; respectively acquiring configuration objects of the intranet server and the communication equipment according to the authentication parameter set to obtain a first outbound protocol configuration and a second outbound protocol configuration; adding the first outbound protocol configuration and the second outbound protocol configuration into the inbound protocol configuration of the transit server to obtain a transit configuration object; and carrying out hot start processing on the transfer server according to the transfer configuration object to obtain a service configuration result. The embodiment of the invention reduces the complexity of configuration and improves the configuration efficiency by automatically configuring the intranet server and the communication equipment, and can be widely applied to the technical field of network configuration.
Description
Technical Field
The present invention relates to the field of network configuration technologies, and in particular, to a method, a system, a device, and a medium for internal network penetration configuration.
Background
With the rapid development of internet technology, the frequency of major loss caused by neglect of personal privacy and other big data values of enterprises is higher and higher, and internet users pay more and more attention to data protection, encryption transmission and safe storage. In daily information and network security services, a high-performance network encryption traffic protocol is required to perform network scanning on a multi-place multi-network environment, and due to the complex object configuration concept understanding, the complexity of network outflow, deeply nested configuration parameters and various technical characteristics which cannot be intuitively felt, the former configuration is easy to blur and has no subordinate, the former configuration has a higher use threshold, and the problems of complex configuration, high difficulty and low efficiency exist. In view of the above, there is a need to solve the technical problems in the related art.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method, a system, a device, and a medium for configuring an internal network penetration, so as to improve the configuration efficiency of the internal network penetration.
In one aspect, the present invention provides an internal network penetration configuration method, including:
acquiring an intranet server, communication equipment and a transfer server, wherein the intranet server is a server without a public network address, the communication equipment is equipment which is communicated with the intranet server, and the transfer server is a forwarding server with a public network address;
respectively performing parameter generation processing on the intranet server and the communication equipment to obtain an authentication parameter set;
respectively obtaining configuration objects of the intranet server and the communication equipment according to the authentication parameter set to obtain a first outbound protocol configuration and a second outbound protocol configuration, wherein the first outbound protocol configuration is an outbound protocol configuration object of the intranet server, and the second outbound protocol configuration is an outbound protocol configuration object of the communication equipment;
adding the first outbound protocol configuration and the second outbound protocol configuration to the inbound protocol configuration of the transit server to obtain a transit configuration object;
and carrying out hot start processing on the transfer server according to the transfer configuration object to obtain a service configuration result.
Optionally, the obtaining an intranet server, a communication device, and a relay server includes:
carrying out host protocol configuration processing on a network environment where a server needing to access a public network is located to obtain an intranet server;
acquiring equipment which needs to communicate with the intranet server to obtain communication equipment;
and carrying out host protocol configuration processing on the server capable of accessing the public network to obtain the transit server.
Optionally, the performing parameter generation processing on the intranet server and the communication device respectively to obtain an authentication parameter set includes:
and respectively carrying out random number generation processing on the intranet server and the communication equipment according to a safety random function to obtain an authentication parameter set.
Optionally, the intranet server, the communication device, and the transit server all use an encrypted communication protocol for communication.
Optionally, the respectively obtaining the configuration objects of the intranet server and the communication device according to the authentication parameter set to obtain a first outbound protocol configuration and a second outbound protocol configuration includes:
respectively carrying out security check on the intranet server and the communication equipment according to the authentication parameter set to obtain a check result;
and after the check result passes, carrying out secondary packaging processing on the configuration objects of the intranet server and the communication equipment to obtain a first outbound protocol configuration and a second outbound protocol configuration.
Optionally, after the check result passes, performing secondary encapsulation processing on the configuration objects of the intranet server and the communication device to obtain a first outbound protocol configuration and a second outbound protocol configuration, including:
and after the check result passes, storing the configuration objects of the intranet server and the communication equipment into a database, and generating and obtaining a first outbound protocol configuration and a second outbound protocol configuration according to a configuration function.
Optionally, the method further comprises:
configuring the intranet server, the communication equipment and the transfer server according to the service configuration result;
and connecting and combining the intranet server and the communication equipment through the transfer server to complete the penetration of the internal network.
On the other hand, an embodiment of the present invention further provides an internal network penetration configuration system, where the system includes:
the system comprises a first module, a second module and a third module, wherein the first module is used for acquiring an intranet server, communication equipment and a transit server, the intranet server is a server without a public network address, the communication equipment is equipment which is communicated with the intranet server, and the transit server is a forwarding server with a public network address;
the second module is used for respectively performing parameter generation processing on the intranet server and the communication equipment to obtain an authentication parameter set;
a third module, configured to respectively perform configuration object acquisition on the intranet server and the communication device according to the authentication parameter set to obtain a first outbound protocol configuration and a second outbound protocol configuration, where the first outbound protocol configuration is an outbound protocol configuration object of the intranet server, and the second outbound protocol configuration is an outbound protocol configuration object of the communication device;
a fourth module, configured to add the first outbound protocol configuration and the second outbound protocol configuration to an inbound protocol configuration of the transit server, so as to obtain a transit configuration object;
and the fifth module is used for carrying out hot start processing on the transfer server according to the transfer configuration object to obtain a service configuration result.
On the other hand, the embodiment of the invention also discloses an electronic device, which comprises a processor and a memory;
the memory is used for storing programs;
the processor executes the program to implement the method as described above.
On the other hand, the embodiment of the invention also discloses a computer readable storage medium, wherein the storage medium stores a program, and the program is executed by a processor to realize the method.
In another aspect, an embodiment of the present invention further discloses a computer program product or a computer program, where the computer program product or the computer program includes computer instructions, and the computer instructions are stored in a computer-readable storage medium. The computer instructions may be read by a processor of a computer device from a computer-readable storage medium, and the computer instructions executed by the processor cause the computer device to perform the foregoing method.
Compared with the prior art, the invention adopting the technical scheme has the following technical effects: in the embodiment of the invention, the first outbound protocol configuration and the second outbound protocol configuration are added into the inbound protocol configuration of the transfer server to obtain a transfer configuration object; carrying out hot start processing on the transfer server according to the transfer configuration object to obtain a service configuration result; the method can automatically configure the intranet server and the communication equipment, thereby meeting the requirements of complex intranet penetration safety authority configuration of multiple users and multiple machines and high-performance large-flow network transmission, greatly reducing the configuration complexity and improving the configuration efficiency.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of an internal network penetration configuration method according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
First, several terms referred to in the present application are resolved:
intranet penetration (I ntran penetration I on): that is, NAT traversal is performed in order to correctly route a packet having a certain source ip address and source port number to an intranet host without being shielded by the NAT device. NAT is a translation technology for translating private (reserved) addresses into legitimate ip addresses, and is widely used in various types of network access methods and in various types of networks.
In the related art, methods for configuring the internal network in a penetrating manner generally use methods of establishing a plurality of remote physical machine rooms, increasing the authorization number of purchased scanners, performing authorization switching through online verification, and the like, but these methods have low working efficiency, or the methods cannot be smoothly performed due to the fact that physical equipment of a scanning machine needs to be carried to enter the physical machine room for field scanning, the scanning waiting time is long, or the scanning fails, and the like. The embodiment of the invention aims to solve the problems and pay attention to the safety short board effect in network and information safety, and perform safety test on the aspects of network flow encryption, safety verification, performance influence and the like of an implementation mode. After practical inspection and theoretical data support, the method disclosed by the invention can greatly reduce the labor cost and the practical expenditure cost of staff in network and information security scanning in a security service range in practical work, and has unusual performance in the aspects of improving efficiency, saving time and practical experience.
Referring to fig. 1, an embodiment of the present invention provides an internal network penetration configuration method, including:
s101, an intranet server, communication equipment and a transfer server are obtained, wherein the intranet server is a server without a public network address, the communication equipment is equipment which is communicated with the intranet server, and the transfer server is a transfer server with a public network address;
s102, parameter generation processing is respectively carried out on the intranet server and the communication equipment to obtain an authentication parameter set;
s103, respectively obtaining configuration objects of the intranet server and the communication equipment according to the authentication parameter set to obtain a first outbound protocol configuration and a second outbound protocol configuration, wherein the first outbound protocol configuration is an outbound protocol configuration object of the intranet server, and the second outbound protocol configuration is an outbound protocol configuration object of the communication equipment;
s104, adding the first outbound protocol configuration and the second outbound protocol configuration into the inbound protocol configuration of the transfer server to obtain a transfer configuration object;
and S105, performing hot start processing on the transfer server according to the transfer configuration object to obtain a service configuration result.
In the embodiment of the present invention, an intranet server without a public network ip that needs to be deployed is simply referred to as an intranet server, a device that wants to communicate with the intranet server is simply referred to as a communication device, and a relay terminal of a forwarding server with the public network ip is simply referred to as a relay server. And then, parameter generation processing is respectively carried out on the intranet server and the communication equipment to obtain an authentication parameter set, and the communication safety is verified through the authentication parameters. And respectively obtaining configuration objects of the intranet server and the communication equipment after verification is carried out according to the authentication parameter set to obtain a first outbound protocol configuration and a second outbound protocol configuration, wherein the first outbound protocol configuration is an outbound protocol configuration object of the intranet server, and the second outbound protocol configuration is an outbound protocol configuration object of the communication equipment. The embodiment of the invention adds the outbound protocol configuration OutboundConf I restriction I onObject of the intranet server and the communication equipment as a configuration object into a configuration object I nboundConf I restriction I onObject of the transit server. It should be noted that, in the embodiment of the present invention, for the configuration that needs to be performed on multiple clients and an intranet server, the configuration is performed in a DetourObject object. The embodiment of the invention can generate the configuration object of the OutboundConf I regulation I onObject containing authentication and encryption information and the configuration file of the I nboundConf I regulation I onObject and the OutboundConf I regulation I onObject item of the communication equipment in the respective intranet server under the specified directory. And finally, after all the operations are finished, performing hot start processing on the transfer server, and restarting the VMess service of the transfer server. The VMess service is an encrypted communication protocol, and due to the stateless connection characteristic of the VMess protocol, the existing network link cannot be disconnected. The internal network penetration configuration method can add the required internal network penetration machine, namely the internal network server and the user terminal, namely the communication equipment through simple commands, and can meet the complex internal network penetration safety authority requirement configuration and high-performance large-flow network transmission of multiple users and multiple machines, thereby greatly reducing the configuration complexity and improving the configuration efficiency.
Further as a preferred embodiment, the acquiring intranet server, the communication device and the relay server include:
carrying out host protocol configuration processing on a network environment where a server needing to access a public network is located to obtain an intranet server;
acquiring equipment which needs to communicate with the intranet server to obtain communication equipment;
and carrying out host protocol configuration processing on the server capable of accessing the public network to obtain the transit server.
In the embodiment of the invention, the intranet server is a server without a public network IP, the communication equipment is equipment which needs to communicate with the intranet server, and the server transfer end is a forwarding server with the public network IP. In one embodiment, there is a target scanning web server in the client physical machine room host a, which is an intranet server and cannot be directly accessed on the public network because the public network ip is not allocated in the security test. There is another transit server B, which is purchased by the company and accessible by the public network. And B is taken as an inlet of the scanner flow, and the large flow of the scanner is forwarded from B to A. And the communication equipment, namely the client C, is communicated with the intranet server.
Further preferably, the performing parameter generation processing on the intranet server and the communication device respectively to obtain an authentication parameter set includes:
and respectively carrying out random number generation processing on the intranet server and the communication equipment according to a safety random function to obtain an authentication parameter set.
In the embodiment of the invention, the authentication parameters can be generated through the secure random function, the secure random function is proposed to be used in the security scene, an encrypted strong random number generator can be provided, the unpredictability of the seed value is enhanced, and the embodiment of the invention respectively carries out random number generation processing on the intranet server and the communication equipment through the secure random function, carries out security verification on the intranet server and the communication equipment, thereby improving the security of communication.
Further preferably, the intranet server, the communication device and the relay server all communicate by using an encrypted communication protocol.
In the embodiment of the invention, the VMess protocol is adopted as an encryption communication protocol, the VMess protocol is used as a TCP-based connectionless high-performance network encryption traffic protocol, the TCP-based high-performance network encryption traffic protocol has excellent capabilities in the aspects of security confusion, performance speed, multi-platform compatibility and the like, and the embodiment of the invention deeply excavates the application of the TCP-based high-performance network encryption traffic protocol in the aspect of intranet penetration besides being widely used in the field of encryption transmission.
As a further preferred embodiment, the obtaining configuration objects of the intranet server and the communication device according to the authentication parameter set to obtain a first outbound protocol configuration and a second outbound protocol configuration respectively includes:
respectively carrying out security check on the intranet server and the communication equipment according to the authentication parameter set to obtain a check result;
and after the check result passes, performing secondary packaging processing on the configuration objects of the intranet server and the communication equipment to obtain a first outbound protocol configuration and a second outbound protocol configuration.
In the embodiment of the invention, the intranet server and the communication equipment are respectively subjected to security check according to the authentication parameter set, and basic simple information input by an interface is subjected to security, availability and accuracy check through a checkMach i ne () function and a checkUser () function, so that a check result is obtained. And after the result of the check is passed, secondarily encapsulating the configuration objects of the internal network server and the communication equipment, namely the I nboundConf I regulation I onObject, the Outboundconf I regulation I onObject and the Rout I ngObject of the json object of the configuration file. And then generating corresponding configuration files by configuring code function objects such as the generic functions gene _ a _ conf i g, gene _ b _ conf i g, gene _ c _ conf i g and the like, automatically completing access control of any number of VMess nodes, avoiding the situation that a user configures the VMess protocol in a manual mode to enable the link construction process of the VMess nodes to be rapid and intuitive, reducing the technical threshold of VMess protocol configuration, improving the configuration efficiency of the VMess protocol, avoiding the situation that the user mistakenly configures the configuration files to a certain extent, improving the experience of the user using the VMess protocol, and improving the stability and the safety of the VMess protocol.
Further as a preferred embodiment, the method further comprises:
configuring the intranet server, the communication equipment and the transfer server according to the service configuration result;
and connecting and combining the intranet server and the communication equipment through the transfer server to complete the penetration of the internal network.
In the embodiment of the invention, a target scanning webpage server is arranged in a host A of a client physical machine room, the host is an intranet server, and a public network IP is not distributed in security test, so that the target scanning webpage server cannot be directly accessed on the public network. There is another transit server B, which is purchased by the company and accessible by the public network. And B is taken as an inlet of the scanner flow, and the large flow of the scanner is forwarded from B to A. A Project V host, called br i dge, is configured in host A or the network environment that can access host A, and a Project V, called portal, is also configured in B service. br edge actively establishes connection to portal, and the target address of accessing the traffic connection of the A end can designate a fixed network segment, a fixed IP (Internet protocol) or a fixed port in a way of configuring rout I ng objects, so that the security is guaranteed. porta l receives two connections, one sent by br edge and the other sent by C user, i ent. portal will automatically merge the two types of connections. Then br idge may receive the public network traffic. After receiving the public network traffic, br widget sends the public network traffic to the intranet server in the host a through the cooperation of the route, and meanwhile, br widget performs dynamic load balancing according to the size of the traffic. Project V is a set of tools having the basic communication network function, and the core tool of Project V is referred to as V2Ray, which is mainly responsible for implementing network protocols and functions and communicating with other Project V. The reverse proxy is an additional function of Project V, and the VMess protocol as an encryption communication protocol in Project V can forward the traffic of the server side to the client side, namely reverse traffic forwarding.
On the other hand, an embodiment of the present invention further provides an internal network penetration configuration system, where the system includes:
the system comprises a first module, a second module and a third module, wherein the first module is used for acquiring an intranet server, communication equipment and a transfer server, the intranet server is a server without a public network address, the communication equipment is equipment which is communicated with the intranet server, and the transfer server is a transfer server with a public network address;
the second module is used for respectively performing parameter generation processing on the intranet server and the communication equipment to obtain an authentication parameter set;
a third module, configured to respectively perform configuration object acquisition on the intranet server and the communication device according to the authentication parameter set to obtain a first outbound protocol configuration and a second outbound protocol configuration, where the first outbound protocol configuration is an outbound protocol configuration object of the intranet server, and the second outbound protocol configuration is an outbound protocol configuration object of the communication device;
a fourth module, configured to add the first outbound protocol configuration and the second outbound protocol configuration to an inbound protocol configuration of the transit server, so as to obtain a transit configuration object;
and the fifth module is used for carrying out hot start processing on the transfer server according to the transfer configuration object to obtain a service configuration result.
The embodiment of the invention is mainly based on the secondary encapsulation of a protocol configuration object of a configuration file object, basic simple information input into an intranet server and communication equipment through an interface is checked for safety, usability and accuracy and then is stored in a database, the embodiment of the invention can adopt an sq i te3 database, and a corresponding configuration file can be generated by generating a code function object through a configuration class function and the like, so that the access control of any number of VMess node ends can be automatically completed, the condition that a user configures the VMess protocol in a manual mode is avoided, the link construction process of the VMess node is rapid and intuitive, the technical threshold of VMess protocol configuration is reduced, the configuration efficiency of the VMess protocol is improved, the configuration file can be prevented from being wrongly configured by the user to a certain extent, the experience of the user using the VMess protocol is improved, and the stability and the safety of the VMess protocol are improved. The configuration method can automatically generate and configure the configuration under an output folder after the transfer server operates and adds the corresponding communication equipment and the intranet server into the database, and meanwhile, the service can be hot started without causing the loss of the existing network connection. It can be understood that the embodiment of the present invention performs operations of adding, deleting, changing and searching on the existing machine or user through a simple interactive bean l mode. The method greatly simplifies the memory of excessively lengthy configuration parameters in the configuration process, and humanized, efficient and simplified service configuration is carried out through a guided bean share l command. Meanwhile, the method cannot access any machine resource when default configuration is carried out, the machine resource needs to be assigned to a corresponding owner group when being created, a file attribute (owner and owner group permission) similar to Li nux is used for setting, the Li nux system is a typical multi-user system, and different users are in different positions and have different permissions. To protect the security of the system, the Li nux system makes different provisions for different users' rights to access the same file (including directory files). Similarly, when creating machine resources, it is also necessary to attribute the machine resources to the corresponding affiliate group, associate the accessible resource permissions of the machine resources, perform individual configuration or affiliate group configuration or simultaneous configuration, and automatically trigger tr i gger hook to automatically restart and take effect the service after the configuration is completed.
Corresponding to the method of fig. 1, an embodiment of the present invention further provides an electronic device, including a processor and a memory; the memory is used for storing programs; the processor executes the program to implement the method as described above.
Corresponding to the method of fig. 1, the embodiment of the present invention also provides a computer-readable storage medium, which stores a program, and the program is executed by a processor to implement the method as described above.
The embodiment of the invention also discloses a computer program product or a computer program, which comprises computer instructions, and the computer instructions are stored in a computer readable storage medium. The computer instructions may be read by a processor of a computer device from a computer-readable storage medium, and executed by the processor to cause the computer device to perform the method illustrated in fig. 1.
In alternative embodiments, the functions/acts noted in the block diagrams may occur out of the order noted in the operational illustrations. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved. Furthermore, the embodiments presented and described in the flow charts of the present invention are provided by way of example in order to provide a more thorough understanding of the technology. The disclosed methods are not limited to the operations and logic flows presented herein. Alternative embodiments are contemplated in which the order of various operations is changed, and in which sub-operations described as part of larger operations are performed independently.
Furthermore, although the present invention is described in the context of functional modules, it should be understood that, unless otherwise stated to the contrary, one or more of the described functions and/or features may be integrated in a single physical device and/or software module, or one or more functions and/or features may be implemented in a separate physical device or software module. It will also be appreciated that a detailed discussion of the actual implementation of each module is not necessary for an understanding of the present invention. Rather, the actual implementation of the various functional modules in the apparatus disclosed herein will be understood within the ordinary skill of an engineer, given the nature, function, and internal relationship of the modules. Accordingly, those skilled in the art can, using ordinary skill, practice the invention as set forth in the claims without undue experimentation. It is also to be understood that the specific concepts disclosed are merely illustrative of and not intended to limit the scope of the invention, which is defined by the appended claims and their full scope of equivalents.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the invention have been shown and described, it will be understood by those of ordinary skill in the art that: various changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the claims and their equivalents.
While the preferred embodiments of the present invention have been illustrated and described, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (10)
1. An internal network penetration configuration method, the method comprising:
acquiring an intranet server, communication equipment and a transfer server, wherein the intranet server is a server without a public network address, the communication equipment is equipment which is communicated with the intranet server, and the transfer server is a forwarding server with a public network address;
respectively performing parameter generation processing on the intranet server and the communication equipment to obtain an authentication parameter set;
respectively obtaining configuration objects of the intranet server and the communication equipment according to the authentication parameter set to obtain a first outbound protocol configuration and a second outbound protocol configuration, wherein the first outbound protocol configuration is an outbound protocol configuration object of the intranet server, and the second outbound protocol configuration is an outbound protocol configuration object of the communication equipment;
adding the first outbound protocol configuration and the second outbound protocol configuration to the inbound protocol configuration of the transit server to obtain a transit configuration object;
and carrying out hot start processing on the transfer server according to the transfer configuration object to obtain a service configuration result.
2. The method according to claim 1, wherein the acquiring the intranet server, the communication device and the relay server comprises:
carrying out host protocol configuration processing on a network environment where a server needing to access a public network is located to obtain an intranet server;
acquiring equipment which needs to communicate with the intranet server to obtain communication equipment;
and carrying out host protocol configuration processing on the server capable of accessing the public network to obtain the transit server.
3. The method according to claim 1, wherein the performing parameter generation processing on the intranet server and the communication device respectively to obtain an authentication parameter set comprises:
and respectively carrying out random number generation processing on the intranet server and the communication equipment according to a safety random function to obtain an authentication parameter set.
4. The method according to claim 1, wherein the intranet server, the communication equipment and the transit server all communicate by using an encrypted communication protocol.
5. The method according to claim 1, wherein the obtaining of the configuration objects of the intranet server and the communication device according to the authentication parameter set to obtain a first outbound protocol configuration and a second outbound protocol configuration comprises:
respectively carrying out security check on the intranet server and the communication equipment according to the authentication parameter set to obtain a check result;
and after the check result passes, performing secondary packaging processing on the configuration objects of the intranet server and the communication equipment to obtain a first outbound protocol configuration and a second outbound protocol configuration.
6. The method according to claim 5, wherein said performing a second encapsulation process on the configuration objects of the intranet server and the communication device after the check result passes, to obtain a first outbound protocol configuration and a second outbound protocol configuration, comprises:
and after the check result passes, storing the configuration objects of the intranet server and the communication equipment into a database, and generating and obtaining a first outbound protocol configuration and a second outbound protocol configuration according to a configuration function.
7. The method of claim 1, further comprising:
configuring the intranet server, the communication equipment and the transfer server according to the service configuration result;
and connecting and combining the intranet server and the communication equipment through the transfer server to complete the penetration of the internal network.
8. An intranet penetration configuration system, the system comprising:
the system comprises a first module, a second module and a third module, wherein the first module is used for acquiring an intranet server, communication equipment and a transfer server, the intranet server is a server without a public network address, the communication equipment is equipment which is communicated with the intranet server, and the transfer server is a transfer server with a public network address;
the second module is used for respectively performing parameter generation processing on the intranet server and the communication equipment to obtain an authentication parameter set;
a third module, configured to respectively perform configuration object acquisition on the intranet server and the communication device according to the authentication parameter set to obtain a first outbound protocol configuration and a second outbound protocol configuration, where the first outbound protocol configuration is an outbound protocol configuration object of the intranet server, and the second outbound protocol configuration is an outbound protocol configuration object of the communication device;
a fourth module, configured to add the first outbound protocol configuration and the second outbound protocol configuration to an inbound protocol configuration of the transit server, so as to obtain a transit configuration object;
and the fifth module is used for carrying out hot start processing on the transfer server according to the transfer configuration object to obtain a service configuration result.
9. An electronic device, comprising a memory and a processor;
the memory is used for storing programs;
the processor executing the program realizes the method of any one of claims 1 to 7.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211641009.1A CN115834230B (en) | 2022-12-20 | 2022-12-20 | Internal network penetration configuration method, system, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211641009.1A CN115834230B (en) | 2022-12-20 | 2022-12-20 | Internal network penetration configuration method, system, equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115834230A true CN115834230A (en) | 2023-03-21 |
| CN115834230B CN115834230B (en) | 2024-05-28 |
Family
ID=85517010
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211641009.1A Active CN115834230B (en) | 2022-12-20 | 2022-12-20 | Internal network penetration configuration method, system, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115834230B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103118147A (en) * | 2013-01-24 | 2013-05-22 | 中国联合网络通信集团有限公司 | Method, equipment and system for accessing intranet server |
| US20160142914A1 (en) * | 2013-06-14 | 2016-05-19 | Orange | Method of authenticating a terminal by a gateway of an internal network protected by an access security entity providing secure access |
| CN111200655A (en) * | 2019-12-31 | 2020-05-26 | 北京奇才天下科技有限公司 | Intranet access method, system and electronic equipment based on proxy server |
| CN111756861A (en) * | 2020-07-07 | 2020-10-09 | 成都运达科技股份有限公司 | System for realizing internal and external network data exchange based on configuration file |
| CN112437168A (en) * | 2020-11-13 | 2021-03-02 | 广州朗国电子科技有限公司 | Intranet penetrating system |
| CN113259372A (en) * | 2021-06-03 | 2021-08-13 | 武汉火神信息科技有限公司 | Method for dynamic allocation channel to penetrate intranet to access local system |
| CN113472579A (en) * | 2021-07-01 | 2021-10-01 | 山东浪潮通软信息科技有限公司 | Configuration method, equipment and medium for accessing external network application program interface |
| CN113905030A (en) * | 2021-09-30 | 2022-01-07 | 北京百度网讯科技有限公司 | Intranet and extranet communication method and device, intranet terminal and proxy server |
-
2022
- 2022-12-20 CN CN202211641009.1A patent/CN115834230B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103118147A (en) * | 2013-01-24 | 2013-05-22 | 中国联合网络通信集团有限公司 | Method, equipment and system for accessing intranet server |
| US20160142914A1 (en) * | 2013-06-14 | 2016-05-19 | Orange | Method of authenticating a terminal by a gateway of an internal network protected by an access security entity providing secure access |
| CN111200655A (en) * | 2019-12-31 | 2020-05-26 | 北京奇才天下科技有限公司 | Intranet access method, system and electronic equipment based on proxy server |
| CN111756861A (en) * | 2020-07-07 | 2020-10-09 | 成都运达科技股份有限公司 | System for realizing internal and external network data exchange based on configuration file |
| CN112437168A (en) * | 2020-11-13 | 2021-03-02 | 广州朗国电子科技有限公司 | Intranet penetrating system |
| CN113259372A (en) * | 2021-06-03 | 2021-08-13 | 武汉火神信息科技有限公司 | Method for dynamic allocation channel to penetrate intranet to access local system |
| CN113472579A (en) * | 2021-07-01 | 2021-10-01 | 山东浪潮通软信息科技有限公司 | Configuration method, equipment and medium for accessing external network application program interface |
| CN113905030A (en) * | 2021-09-30 | 2022-01-07 | 北京百度网讯科技有限公司 | Intranet and extranet communication method and device, intranet terminal and proxy server |
Non-Patent Citations (1)
| Title |
|---|
| 段峰, 张鑫: "利用代理服务器实现对内网服务器的安全访问", 青岛大学学报(工程技术版), vol. 17, no. 02, 25 June 2002 (2002-06-25), pages 93 - 94 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115834230B (en) | 2024-05-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11362986B2 (en) | Resolution of domain name requests in heterogeneous network environments | |
| CN106953795B (en) | Method and device for configuring multiple network cards | |
| CN109474936B (en) | Internet of things communication method and system applied among multiple lora gateways | |
| US11075821B2 (en) | Method and apparatus for managing field device based on cloud server | |
| US20160226815A1 (en) | System and method for communicating in an ssl vpn | |
| CN110601902B (en) | Interactive data processing method and device based on block chain network | |
| CN109474508B (en) | VPN networking method, VPN networking system, VPN master node equipment and VPN master node medium | |
| WO2015096737A1 (en) | Method, apparatus and system for controlling auto-provisioning of network device | |
| JPH0870300A (en) | Network system and file sharing method | |
| CN107800603B (en) | Intranet user accesses the method and storage medium of headend equipment based on VPN | |
| CN105979022A (en) | UPnP (universal plug and play) protocol-based NAT (network address translation) traversal method and system | |
| CN113364660B (en) | Data packet processing method and device in LVS load balancing | |
| CN106921716A (en) | The method and device of the network service process of debugging embedded equipment | |
| JP5172799B2 (en) | VPN setting system, VPN setting method and VPN setting program | |
| CN105516397A (en) | Method for accessing multiple operating system terminals into network and multiple operating system terminals | |
| CN107360089A (en) | A kind of method for routing foundation, business datum conversion method and device | |
| CN107734046A (en) | Method, service end, client and the system of remote operation database | |
| CN115150327A (en) | Interface setting method, device, equipment and medium | |
| CN114157532A (en) | Remote control method, system, electronic device and storage medium | |
| CN104468306A (en) | Message transmission method and device in VXLAN network | |
| CN115834230A (en) | Internal network penetration configuration method, system, equipment and medium | |
| EP3836487A1 (en) | Internet access behavior management system, device and method | |
| CN113765765B (en) | Data transmission system | |
| US9288233B2 (en) | Communication control apparatus, communication control method, and program | |
| CN114567616A (en) | Method, system and equipment for VxLAN NAT traversal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |