[GH-ISSUE #1439] Can I enable a reverse proxy for LAN only on server side? #1133

New issue

Closed

opened 2026-05-05 12:43:39 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented 2026-05-05 12:43:39 -06:00

Owner

Copy link

Originally created by @Doc-Saintly on GitHub (Sep 16, 2019).
Original GitHub issue: https://github.com/fatedier/frp/issues/1439

Is it possible to open a reverse proxy connection from the client without automatically exposing it on the server? I want to use FRP to allow multiple clients to connect to my central patch management server from behind a firewall, but I do not want to have this port be opened to the WAN for the server.

I know that I could utilize a firewall to block all except specifically allowed ports, but then this would make the feature of automatically opening ports with FRP useless. I would have to pre-define which ports to allow to be opened in the firewall in order to block the others.

Originally created by @Doc-Saintly on GitHub (Sep 16, 2019). Original GitHub issue: https://github.com/fatedier/frp/issues/1439 Is it possible to open a reverse proxy connection from the client without automatically exposing it on the server? I want to use FRP to allow multiple clients to connect to my central patch management server from behind a firewall, but I do not want to have this port be opened to the WAN for the server. I know that I could utilize a firewall to block all except specifically allowed ports, but then this would make the feature of automatically opening ports with FRP useless. I would have to pre-define which ports to allow to be opened in the firewall in order to block the others.

gitea-mirror closed this issue 2026-05-05 12:43:40 -06:00

gitea-mirror commented 2026-05-05 12:43:42 -06:00

Author

Owner

Copy link

@fatedier commented on GitHub (Sep 28, 2019):

proxy_bind_addr = 127.0.0.1 in frps.ini will help you.

It will only let frps bind ports on localhost that only this server can connect.

<!-- gh-comment-id:536183432 --> @fatedier commented on GitHub (Sep 28, 2019): `proxy_bind_addr = 127.0.0.1` in frps.ini will help you. It will only let frps bind ports on localhost that only this server can connect.

gitea-mirror commented 2026-05-05 12:43:43 -06:00

Author

Owner

Copy link

@Doc-Saintly commented on GitHub (Sep 28, 2019):

Thanks for the reminder about that configuration option. But doesn't mean that all connections will be unavailable? I want to proxy ~10 ports to a server and have 8 available locally and 2 available externally. So it seems I either have to use a firewall to block the 8 I only want locally, or use two instances of frps (one binding to localhost, one binding externally) and then pick which one to have the client bind to.

Is it possible to add as a feature so the client can determine if the server should use the configured bind address, or local only for each port?

<!-- gh-comment-id:536197632 --> @Doc-Saintly commented on GitHub (Sep 28, 2019): Thanks for the reminder about that configuration option. But doesn't mean that all connections will be unavailable? I want to proxy ~10 ports to a server and have 8 available locally and 2 available externally. So it seems I either have to use a firewall to block the 8 I only want locally, or use two instances of frps (one binding to localhost, one binding externally) and then pick which one to have the client bind to. Is it possible to add as a feature so the client can determine if the server should use the configured bind address, or local only for each port?

gitea-mirror commented 2026-05-05 12:43:44 -06:00

Author

Owner

Copy link

@fatedier commented on GitHub (Sep 29, 2019):

Try stcp https://github.com/fatedier/frp#expose-your-service-in-security . But it requires you deploy frpc on each client who wants to connect.

<!-- gh-comment-id:536243167 --> @fatedier commented on GitHub (Sep 29, 2019): Try stcp https://github.com/fatedier/frp#expose-your-service-in-security . But it requires you deploy frpc on each client who wants to connect.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

dev

new

master

copilot/review-pull-request-5198

v0.68.1

v0.68.0

v0.67.0

v0.66.0

v0.65.0

v0.64.0

v0.63.0

v0.62.1

v0.62.0

v0.61.2

v0.61.1

v0.61.0

v0.60.0

v0.59.0

v0.58.1

v0.58.0

v0.57.0

v0.56.0

v0.55.1

v0.55.0

v0.54.0

v0.53.2

v0.53.1

v0.53.0

v0.52.3

v0.52.2

v0.52.1

v0.52.0

v0.51.3

v0.51.2

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.1

v0.46.0

v0.45.0

v0.44.0

v0.43.0

v0.42.0

v0.41.0

v0.40.0

v0.39.1

v0.39.0

v0.38.0

v0.37.1

v0.37.0

v0.36.2

v0.36.1

v0.36.0

v0.35.1

v0.35.0

v0.34.3

v0.34.2

v0.34.1

v0.34.0

v0.33.0

v0.32.1

v0.32.0

v0.31.2

v0.31.1

v0.31.0

v0.30.0

v0.29.1

v0.29.0

v0.28.2

v0.28.1

v0.28.0

v0.27.1

v0.27.0

v0.26.0

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.3

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.1

v0.19.0

v0.18.0

v0.17.0

v0.16.1

v0.16.0

v0.15.1

v0.15.0

v0.14.1

v0.14.0

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.1

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels   

In Progress

  

WIP

  

WaitingForInfo

  

bug

  

doc

  

duplicate

  

easy

  

enhancement

  

future

  

help wanted

  

invalid

  

lifecycle/stale

  

need-issue-template

  

need-usage-help

  

no plan

  

proposal

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

todo

No labels

In Progress

WIP

WaitingForInfo

bug

doc

duplicate

easy

enhancement

future

help wanted

invalid

lifecycle/stale

need-issue-template

need-usage-help

no plan

proposal

pull-request

question

todo

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#1133

No description provided.