github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 16:15:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #1843] Feature request: limit ports in clients for connecting to server or other clients for xtcp #1453

New issue
Closed
opened 2026-05-05 12:55:19 -06:00 by gitea-mirror · 2 comments
gitea-mirror commented 2026-05-05 12:55:19 -06:00
Owner
Copy link

Originally created by @yuliu on GitHub (Jun 5, 2020).
Original GitHub issue: https://github.com/fatedier/frp/issues/1843

It'd be great to see UPnP is implemented as suggested in #1823 for xtcp.

Besides UPnP, there are two other features that are usually left behind in soho routers: port forwarding and port triggering. They're used for exposing certain ports of private hosts to another network separated by a NAT, eg. for FTP, IRC, etc.

If a frp client can use only allowed ports to connect to frp server or other frp clients, then at least these ports can be configured to be exposed to outer networks if we have permissions to set port forwarding or port triggering in our own router.

An example for IRC authentication using port triggering is here https://en.wikipedia.org/wiki/Port_triggering#Example

Originally created by @yuliu on GitHub (Jun 5, 2020). Original GitHub issue: https://github.com/fatedier/frp/issues/1843 It'd be great to see UPnP is implemented as suggested in #1823 for xtcp. Besides UPnP, there are two other features that are usually left behind in soho routers: _port forwarding_ and _port triggering_. They're used for exposing certain ports of private hosts to another network separated by a NAT, eg. for FTP, IRC, etc. If a frp client can use only allowed ports to connect to frp server or other frp clients, then at least these ports can be configured to be exposed to outer networks if we have permissions to set _port forwarding_ or _port triggering_ in our own router. An example for IRC authentication using port triggering is here https://en.wikipedia.org/wiki/Port_triggering#Example
gitea-mirror commented 2026-05-05 12:55:21 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Jun 5, 2020):

Can you write a more detailed design?

<!-- gh-comment-id:639459428 --> @fatedier commented on GitHub (Jun 5, 2020): Can you write a more detailed design?
gitea-mirror commented 2026-05-05 12:55:22 -06:00
Author
Owner
Copy link

@yuliu commented on GitHub (Jun 5, 2020):

Well, I haven't read frp's code and don't know how frp clients communicate with frp servers or other frp clients. So, my idea would base on my imaginary understanding about xtcp and an understanding about port forwarding & port triggering that might be wrong.

port forwarding

Alright, here comes the idea. If we can configure the router with port forwarding for our frp clients, we may set it as follows:

router port frp client port frp client
Port A 52201 52201 1
Port B 52301-52310 52301-52310 1
Port C 52202 52200 2
Port D 52311-52320 52301-52310 2

Then, if the router's WAN IP is x.x.x.x, then:

  • frp client 1's port 52201 and 52301-52310 can be accessed via x.x.x.x:52201 and x.x.x.x:52301-x.x.x.x:52310.
  • frp client 1's port 52201 and 52301-52310 can be accessed via x.x.x.x:52202 and x.x.x.x:52311-x.x.x.x:52320.

Here's an example of port forwarding configuration from my router:
port-forwarding-frp-client-2

port triggering

If we can configure the router with port triggering for our frp clients, we may set it as follows (settings may differ):

router port frp client port frp client
Port A 52201 52201 1 triggering port
Port B 52301-52310 52301-52310 1 triggered by A
Port C 52202 52202 2 triggering port
Port D 52311-52320 52311-52320 2 triggered by C

Then, if the router's WAN IP is x.x.x.x, then:

  • When frp client 1 opens an outbound port 52201, it'll trigger the router to open 52301-52310 to this client so that the client's relevant ports can be accessed via x.x.x.x:52301-x.x.x.x:52310 from outer network.
  • When frp client 1 opens an outbound port 52202, it'll trigger the router to open 52311-52320 to this client so that the client's relevant ports can be accessed via x.x.x.x:52311-x.x.x.x:52320 from outer network.

Here's an example of port triggering configuration from my router:
port-triggering-frp-client-1

Hope I make it right. As long as frp client's opened ports can be restricted and port forwarding/triggering of the router a frp client is behind can be configured to open these ports, this client will hopefully be accessible via the forwarded / triggered port from outside network. Then if at least one client, either the one running a service or the visitor, can be accessed from out of NAT, a P2P link between a service client and a visitor would probably be set up.

<!-- gh-comment-id:639641999 --> @yuliu commented on GitHub (Jun 5, 2020): Well, I haven't read frp's code and don't know how frp clients communicate with frp servers or other frp clients. So, my idea would base on my imaginary understanding about xtcp and an understanding about port forwarding & port triggering that might be wrong. port forwarding --- Alright, here comes the idea. If we can configure the router with port forwarding for our frp clients, we may set it as follows: | | router port | frp client port | frp client | |--------|:----------------:|:------------------:|:------------:| | Port A | 52201 | 52201 | 1 | | Port B | 52301-52310 | 52301-52310 | 1 | | Port C | 52202 | 52200 | 2 | | Port D | 52311-52320 | 52301-52310 | 2 | Then, if the router's WAN IP is x.x.x.x, then: - frp client 1's port `52201` and `52301-52310` can be accessed via `x.x.x.x:52201` and `x.x.x.x:52301`-`x.x.x.x:52310`. - frp client 1's port `52201` and `52301-52310` can be accessed via `x.x.x.x:52202` and `x.x.x.x:52311`-`x.x.x.x:52320`. Here's an example of port forwarding configuration from my router: ![port-forwarding-frp-client-2](https://user-images.githubusercontent.com/1382113/83903864-75ff8d00-a791-11ea-8492-1651a67b8ddf.png) port triggering --- If we can configure the router with port triggering for our frp clients, we may set it as follows (settings may differ): | | router port | frp client port | frp client | | |--------|:----------------:|:------------------:|:------------:|:-----------------:| | Port A | 52201 | 52201 | 1 | triggering port | | Port B | 52301-52310 | 52301-52310 | 1 | triggered by A | | Port C | 52202 | 52202 | 2 | triggering port | | Port D | 52311-52320 | 52311-52320 | 2 | triggered by C | Then, if the router's WAN IP is x.x.x.x, then: - When frp client 1 opens an outbound port `52201`, it'll trigger the router to open `52301-52310` to this client so that the client's relevant ports can be accessed via `x.x.x.x:52301`-`x.x.x.x:52310` from outer network. - When frp client 1 opens an outbound port `52202`, it'll trigger the router to open `52311-52320` to this client so that the client's relevant ports can be accessed via `x.x.x.x:52311`-`x.x.x.x:52320` from outer network. Here's an example of port triggering configuration from my router: ![port-triggering-frp-client-1](https://user-images.githubusercontent.com/1382113/83903881-8152b880-a791-11ea-86f1-4b8621ef212a.png) Hope I make it right. As long as frp client's opened ports can be restricted and port forwarding/triggering of the router a frp client is behind can be configured to open these ports, this client will hopefully be accessible via the forwarded / triggered port from outside network. Then if at least one client, either the one running a service or the visitor, can be accessed from out of NAT, a P2P link between a service client and a visitor would probably be set up.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#1453
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?