github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 16:15:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #1997] stcp with frpc run by docker fail 容器中运行frpc的stcp功能无法访问 #1588

New issue
Closed
opened 2026-05-05 13:00:38 -06:00 by gitea-mirror · 10 comments
gitea-mirror commented 2026-05-05 13:00:38 -06:00
Owner
Copy link

Originally created by @fanlix on GitHub (Sep 21, 2020).
Original GitHub issue: https://github.com/fatedier/frp/issues/1997

使用stcp, 在A机透过frps访问B机的端口.
如果A机中的frpc运行在docker中, 则A机无法访问到B机

难道stcp对docker的端口映射有什么特殊要求?

环境:

  • frp version: 0.33.0
  • os: ubuntu16.04 and centos8
  • docker: Docker version 19.03.13, build 4484c46d9d

相同环境下的参考:

  • 在OS中直接运行的frpc进行stcp代理, 可正常访问到B机
  • docker exec 进入frpc的docker容器内部, 可正常访问到B机
  • 使用docker运行的frps正常

frpc-B.ini

[common]
server_addr = xxxx
server_port = 7100
authentication_method = token
token = tttt

[gitea_stcp]
type = stcp
sk = ssss
local_ip = 127.0.0.1
local_port = 30022

frpc-A.ini

[common]
server_addr = xxxx
server_port = 7100
authentication_method = token
token = tttt

# access B.30022 by frps
[gitea_stcp_visitor]
type = stcp
role = visitor
server_name = gitea_stcp
sk = sssss
bind_addr = 127.0.0.1
bind_port = 7122

A机的docker-compose.yml

version: "3"

services:
  frpc:
    image: "xxxxx/frp"
    container_name: "frpc"
    ports:
      - 127.0.0.1:7122:7122
      - 7123:7122
    volumes:
      - ./cfg:/cfg
    command: ./frpc -c /cfg/frpc.ini

A机docker启动logs

frpc    | 2020/09/21 08:18:06 [I] [service.go:282] [b5db0188f06e3227] login to server success, get run id [b5db0188f06e3227], server udp port [0]
frpc    | 2020/09/21 08:18:06 [I] [visitor_manager.go:86] [b5db0188f06e3227] start visitor success
frpc    | 2020/09/21 08:18:06 [I] [visitor_manager.go:130] [b5db0188f06e3227] visitor added: [gitea_stcp_visitor]
  • ssh connect fail
$ ssh -p 7122 abc@127.0.0.1
kex_exchange_identification: read: Connection reset by peer
$ nc 127.0.0.1  7122
可连接,无返回值
Originally created by @fanlix on GitHub (Sep 21, 2020). Original GitHub issue: https://github.com/fatedier/frp/issues/1997 使用stcp, 在A机透过frps访问B机的端口. 如果A机中的frpc运行在docker中, 则A机**无法访问到B机** **难道stcp对docker的端口映射有什么特殊要求?** ### 环境: * frp version: 0.33.0 * os: ubuntu16.04 and centos8 * docker: Docker version 19.03.13, build 4484c46d9d 相同环境下的参考: * 在OS中直接运行的frpc进行stcp代理, 可正常访问到B机 * docker exec 进入frpc的docker容器内部, 可正常访问到B机 * 使用docker运行的frps正常 ### frpc-B.ini ``` [common] server_addr = xxxx server_port = 7100 authentication_method = token token = tttt [gitea_stcp] type = stcp sk = ssss local_ip = 127.0.0.1 local_port = 30022 ``` ### frpc-A.ini ``` [common] server_addr = xxxx server_port = 7100 authentication_method = token token = tttt # access B.30022 by frps [gitea_stcp_visitor] type = stcp role = visitor server_name = gitea_stcp sk = sssss bind_addr = 127.0.0.1 bind_port = 7122 ``` ### A机的docker-compose.yml ``` version: "3" services: frpc: image: "xxxxx/frp" container_name: "frpc" ports: - 127.0.0.1:7122:7122 - 7123:7122 volumes: - ./cfg:/cfg command: ./frpc -c /cfg/frpc.ini ``` ### A机docker启动logs ``` frpc | 2020/09/21 08:18:06 [I] [service.go:282] [b5db0188f06e3227] login to server success, get run id [b5db0188f06e3227], server udp port [0] frpc | 2020/09/21 08:18:06 [I] [visitor_manager.go:86] [b5db0188f06e3227] start visitor success frpc | 2020/09/21 08:18:06 [I] [visitor_manager.go:130] [b5db0188f06e3227] visitor added: [gitea_stcp_visitor] ``` * ssh connect fail ``` $ ssh -p 7122 abc@127.0.0.1 kex_exchange_identification: read: Connection reset by peer $ nc 127.0.0.1 7122 可连接,无返回值 ```
gitea-mirror 2026-05-05 13:00:38 -06:00
gitea-mirror commented 2026-05-05 13:00:41 -06:00
Author
Owner
Copy link

@blizard863 commented on GitHub (Sep 21, 2020):

ssh -p 7122 abc@127.0.0.1 -vvv 看下详情

<!-- gh-comment-id:696058039 --> @blizard863 commented on GitHub (Sep 21, 2020): ssh -p 7122 abc@127.0.0.1 -vvv 看下详情
gitea-mirror commented 2026-05-05 13:00:42 -06:00
Author
Owner
Copy link

@blizard863 commented on GitHub (Sep 21, 2020):

可以在本机访问的时候, 抓个包看下为什么 reset by peer。

<!-- gh-comment-id:696063978 --> @blizard863 commented on GitHub (Sep 21, 2020): 可以在本机访问的时候, 抓个包看下为什么 reset by peer。
gitea-mirror commented 2026-05-05 13:00:43 -06:00
Author
Owner
Copy link

@fanlix commented on GitHub (Sep 22, 2020):

在docker内运行frpc时无法连接, ssh -vvv完整日志

...
OpenSSH_8.0p1, OpenSSL 1.1.1c FIPS  28 May 2019
debug1: Reading configuration data /home/xxx/.ssh/config
debug1: /home/xxx/.ssh/config line 8: Applying options for g4
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 51: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host 127.0.0.1 originally g4
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched 'final'
debug2: match not found
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-]
debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]
debug1: configuration requests final Match pass
debug2: resolve_canonicalize: hostname 127.0.0.1 is address
debug1: re-parsing configuration
debug1: Reading configuration data /home/xxx/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 51: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host 127.0.0.1 originally g4
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: matched 'final'
debug2: match found
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-]
debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]
debug2: ssh_connect_direct
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 17122.
debug1: Connection established.
debug1: identity file /home/xxx/.ssh/id_rsa_any4 type -1
debug1: identity file /home/xxx/.ssh/id_rsa_any4-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.0              <--------------------------------------------
kex_exchange_identification: read: Connection reset by peer

tcpdump 完整过程

$ sudo tcpdump -i lo port 17122  -vv 
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
11:27:12.709648 IP (tos 0x0, ttl 64, id 36835, offset 0, flags [DF], proto TCP (6), length 60)
    rcdb.rc.38524 > rcdb.rc.17122: Flags [S], cksum 0xfe30 (incorrect -> 0x8225), seq 4006191327, win 43690, options [mss 65495,sackOK,TS val 3501713737 ecr 0,nop,wscale 7], length 0
11:27:12.709659 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    rcdb.rc.17122 > rcdb.rc.38524: Flags [S.], cksum 0xfe30 (incorrect -> 0xde6d), seq 2233033867, ack 4006191328, win 43690, options [mss 65495,sackOK,TS val 3501713737 ecr 3501713737,nop,wscale 7], length 0
11:27:12.709669 IP (tos 0x0, ttl 64, id 36836, offset 0, flags [DF], proto TCP (6), length 52)
    rcdb.rc.38524 > rcdb.rc.17122: Flags [.], cksum 0xfe28 (incorrect -> 0xb0b2), seq 1, ack 1, win 342, options [nop,nop,TS val 3501713737 ecr 3501713737], length 0
11:27:12.709744 IP (tos 0x0, ttl 64, id 36837, offset 0, flags [DF], proto TCP (6), length 73)
    rcdb.rc.38524 > rcdb.rc.17122: Flags [P.], cksum 0xfe3d (incorrect -> 0xefec), seq 1:22, ack 1, win 342, options [nop,nop,TS val 3501713737 ecr 3501713737], length 21
11:27:12.709749 IP (tos 0x0, ttl 64, id 22609, offset 0, flags [DF], proto TCP (6), length 52)
    rcdb.rc.17122 > rcdb.rc.38524: Flags [.], cksum 0xfe28 (incorrect -> 0xb09d), seq 1, ack 22, win 342, options [nop,nop,TS val 3501713737 ecr 3501713737], length 0
11:27:12.709902 IP (tos 0x0, ttl 64, id 22610, offset 0, flags [DF], proto TCP (6), length 52)
    rcdb.rc.17122 > rcdb.rc.38524: Flags [R.], cksum 0xfe28 (incorrect -> 0xb099), seq 1, ack 22, win 342, options [nop,nop,TS val 3501713737 ecr 3501713737], length 0

最后一条, 连接被17122端口直接Reset了. 其他看不懂.
此时, docker层和frpc层无任何日志.

对比: 直接在OS运行frpc时, ssh可以连接, -vvv部分日志

...
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-]
debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]
debug2: ssh_connect_direct
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 7122.
debug1: Connection established.
debug1: identity file /home/xxx/.ssh/id_rsa_any4 type -1
debug1: identity file /home/xxx/.ssh/id_rsa_any4-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.0        <--------------------------------------- 
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.1
debug1: match: OpenSSH_8.1 pat OpenSSH* compat 0x04000000
debug2: fd 5 setting O_NONBLOCK
debug1: Authenticating to 127.0.0.1:7122 as 'git'
debug3: put_host_port: [127.0.0.1]:7122
...

tcpdump

$ sudo tcpdump -i lo port 7122  -vv
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
11:28:49.163802 IP (tos 0x0, ttl 64, id 3391, offset 0, flags [DF], proto TCP (6), length 60)
    rcdb.rc.45142 > rcdb.rc.7122: Flags [S], cksum 0xfe30 (incorrect -> 0x9fc7), seq 1555868088, win 43690, options [mss 65495,sackOK,TS val 3501810192 ecr 0,nop,wscale 7], length 0
11:28:49.163812 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    rcdb.rc.7122 > rcdb.rc.45142: Flags [S.], cksum 0xfe30 (incorrect -> 0x9153), seq 3811899491, ack 1555868089, win 43690, options [mss 65495,sackOK,TS val 3501810192 ecr 3501810192,nop,wscale 7], length 0
11:28:49.163834 IP (tos 0x0, ttl 64, id 3392, offset 0, flags [DF], proto TCP (6), length 52)
    rcdb.rc.45142 > rcdb.rc.7122: Flags [.], cksum 0xfe28 (incorrect -> 0x6398), seq 1, ack 1, win 342, options [nop,nop,TS val 3501810192 ecr 3501810192], length 0
11:28:49.163892 IP (tos 0x0, ttl 64, id 3393, offset 0, flags [DF], proto TCP (6), length 73)
    rcdb.rc.45142 > rcdb.rc.7122: Flags [P.], cksum 0xfe3d (incorrect -> 0xa2d2), seq 1:22, ack 1, win 342, options [nop,nop,TS val 3501810192 ecr 3501810192], length 21
11:28:49.163896 IP (tos 0x0, ttl 64, id 13690, offset 0, flags [DF], proto TCP (6), length 52)
    rcdb.rc.7122 > rcdb.rc.45142: Flags [.], cksum 0xfe28 (incorrect -> 0x6383), seq 1, ack 22, win 342, options [nop,nop,TS val 3501810192 ecr 3501810192], length 0
11:28:49.236170 IP (tos 0x0, ttl 64, id 13691, offset 0, flags [DF], proto TCP (6), length 73)
    rcdb.rc.7122 > rcdb.rc.45142: Flags [P.], cksum 0xfe3d (incorrect -> 0xa175), seq 1:22, ack 22, win 342, options [nop,nop,TS val 3501810264 ecr 3501810192], length 21
11:28:49.236176 IP (tos 0x0, ttl 64, id 3394, offset 0, flags [DF], proto TCP (6), length 52)
    rcdb.rc.45142 > rcdb.rc.7122: Flags [.], cksum 0xfe28 (incorrect -> 0x62de), seq 22, ack 22, win 342, options [nop,nop,TS val 3501810264 ecr 3501810264], length 0
11:28:49.236496 IP (tos 0x0, ttl 64, id 3395, offset 0, flags [DF], proto TCP (6), length 1420)
    rcdb.rc.45142 > rcdb.rc.7122: Flags [P.], cksum 0x0381 (incorrect -> 0x236d), seq 22:1390, ack 22, win 342, options [nop,nop,TS val 3501810264 ecr 3501810264], length 1368
11:28:49.236502 IP (tos 0x0, ttl 64, id 13692, offset 0, flags [DF], proto TCP (6), length 52)
    rcdb.rc.7122 > rcdb.rc.45142: Flags [.], cksum 0xfe28 (incorrect -> 0x5987), seq 22, ack 1390, win 1365, options [nop,nop,TS val 3501810264 ecr 3501810264], length 0
11:28:49.255531 IP (tos 0x0, ttl 64, id 13693, offset 0, flags [DF], proto TCP (6), length 1132)
    rcdb.rc.7122 > rcdb.rc.45142: Flags [P.], cksum 0x0261 (incorrect -> 0xc38f), seq 22:1102, ack 1390, win 1365, options [nop,nop,TS val 3501810283 ecr 3501810264], length 1080
11:28:49.257209 IP (tos 0x0, ttl 64, id 3396, offset 0, flags [DF], proto TCP (6), length 100)
    rcdb.rc.45142 > rcdb.rc.7122: Flags [P.], cksum 0xfe58 (incorrect -> 0x3225), seq 1390:1438, ack 1102, win 359, options [nop,nop,TS val 3501810285 ecr 3501810283], length 48
11:28:49.280797 IP (tos 0x0, ttl 64, id 13694, offset 0, flags [DF], proto TCP (6), length 512)
    rcdb.rc.7122 > rcdb.rc.45142: Flags [P.], cksum 0xfff4 (incorrect -> 0x1d03), seq 1102:1562, ack 1438, win 1365, options [nop,nop,TS val 3501810309 ecr 3501810285], length 460

相同环境,创建了个简单的sshd容器, 能通过docker端口转发连进容器里的sshd的22端口.

tcpdump

$ sudo tcpdump -i lo port 18122 -vv
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
12:15:53.192252 IP (tos 0x0, ttl 64, id 9916, offset 0, flags [DF], proto TCP (6), length 60)
    rcdb.rc.58122 > rcdb.rc.18122: Flags [S], cksum 0xfe30 (incorrect -> 0xcea1), seq 3649800398, win 43690, options [mss 65495,sackOK,TS val 3504634233 ecr 0,nop,wscale 7], length 0
12:15:53.192265 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    rcdb.rc.18122 > rcdb.rc.58122: Flags [S.], cksum 0xfe30 (incorrect -> 0x4526), seq 1798886355, ack 3649800399, win 43690, options [mss 65495,sackOK,TS val 3504634233 ecr 3504634233,nop,wscale 7], length 0
12:15:53.192276 IP (tos 0x0, ttl 64, id 9917, offset 0, flags [DF], proto TCP (6), length 52)
    rcdb.rc.58122 > rcdb.rc.18122: Flags [.], cksum 0xfe28 (incorrect -> 0x176b), seq 1, ack 1, win 342, options [nop,nop,TS val 3504634233 ecr 3504634233], length 0
12:15:53.192366 IP (tos 0x0, ttl 64, id 9918, offset 0, flags [DF], proto TCP (6), length 73)
    rcdb.rc.58122 > rcdb.rc.18122: Flags [P.], cksum 0xfe3d (incorrect -> 0x56a5), seq 1:22, ack 1, win 342, options [nop,nop,TS val 3504634233 ecr 3504634233], length 21
12:15:53.192372 IP (tos 0x0, ttl 64, id 32293, offset 0, flags [DF], proto TCP (6), length 52)
    rcdb.rc.18122 > rcdb.rc.58122: Flags [.], cksum 0xfe28 (incorrect -> 0x1756), seq 1, ack 22, win 342, options [nop,nop,TS val 3504634233 ecr 3504634233], length 0
12:15:53.197609 IP (tos 0x0, ttl 64, id 32294, offset 0, flags [DF], proto TCP (6), length 73)
    rcdb.rc.18122 > rcdb.rc.58122: Flags [P.], cksum 0xfe3d (incorrect -> 0x538b), seq 1:22, ack 22, win 342, options [nop,nop,TS val 3504634238 ecr 3504634233], length 21
12:15:53.197615 IP (tos 0x0, ttl 64, id 9919, offset 0, flags [DF], proto TCP (6), length 52)
    rcdb.rc.58122 > rcdb.rc.18122: Flags [.], cksum 0xfe28 (incorrect -> 0x1737), seq 22, ack 22, win 342, options [nop,nop,TS val 3504634238 ecr 3504634238], length 0

any more idea?

<!-- gh-comment-id:696500178 --> @fanlix commented on GitHub (Sep 22, 2020): ## 在docker内运行frpc时无法连接, ssh -vvv完整日志 ``` ... OpenSSH_8.0p1, OpenSSL 1.1.1c FIPS 28 May 2019 debug1: Reading configuration data /home/xxx/.ssh/config debug1: /home/xxx/.ssh/config line 8: Applying options for g4 debug1: Reading configuration data /etc/ssh/ssh_config debug3: /etc/ssh/ssh_config line 51: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0 debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug2: checking match for 'final all' host 127.0.0.1 originally g4 debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched 'final' debug2: match not found debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only) debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-] debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1] debug1: configuration requests final Match pass debug2: resolve_canonicalize: hostname 127.0.0.1 is address debug1: re-parsing configuration debug1: Reading configuration data /home/xxx/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug3: /etc/ssh/ssh_config line 51: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0 debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug2: checking match for 'final all' host 127.0.0.1 originally g4 debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: matched 'final' debug2: match found debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-] debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1] debug2: ssh_connect_direct debug1: Connecting to 127.0.0.1 [127.0.0.1] port 17122. debug1: Connection established. debug1: identity file /home/xxx/.ssh/id_rsa_any4 type -1 debug1: identity file /home/xxx/.ssh/id_rsa_any4-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.0 <-------------------------------------------- kex_exchange_identification: read: Connection reset by peer ``` tcpdump 完整过程 ``` $ sudo tcpdump -i lo port 17122 -vv tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes 11:27:12.709648 IP (tos 0x0, ttl 64, id 36835, offset 0, flags [DF], proto TCP (6), length 60) rcdb.rc.38524 > rcdb.rc.17122: Flags [S], cksum 0xfe30 (incorrect -> 0x8225), seq 4006191327, win 43690, options [mss 65495,sackOK,TS val 3501713737 ecr 0,nop,wscale 7], length 0 11:27:12.709659 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) rcdb.rc.17122 > rcdb.rc.38524: Flags [S.], cksum 0xfe30 (incorrect -> 0xde6d), seq 2233033867, ack 4006191328, win 43690, options [mss 65495,sackOK,TS val 3501713737 ecr 3501713737,nop,wscale 7], length 0 11:27:12.709669 IP (tos 0x0, ttl 64, id 36836, offset 0, flags [DF], proto TCP (6), length 52) rcdb.rc.38524 > rcdb.rc.17122: Flags [.], cksum 0xfe28 (incorrect -> 0xb0b2), seq 1, ack 1, win 342, options [nop,nop,TS val 3501713737 ecr 3501713737], length 0 11:27:12.709744 IP (tos 0x0, ttl 64, id 36837, offset 0, flags [DF], proto TCP (6), length 73) rcdb.rc.38524 > rcdb.rc.17122: Flags [P.], cksum 0xfe3d (incorrect -> 0xefec), seq 1:22, ack 1, win 342, options [nop,nop,TS val 3501713737 ecr 3501713737], length 21 11:27:12.709749 IP (tos 0x0, ttl 64, id 22609, offset 0, flags [DF], proto TCP (6), length 52) rcdb.rc.17122 > rcdb.rc.38524: Flags [.], cksum 0xfe28 (incorrect -> 0xb09d), seq 1, ack 22, win 342, options [nop,nop,TS val 3501713737 ecr 3501713737], length 0 11:27:12.709902 IP (tos 0x0, ttl 64, id 22610, offset 0, flags [DF], proto TCP (6), length 52) rcdb.rc.17122 > rcdb.rc.38524: Flags [R.], cksum 0xfe28 (incorrect -> 0xb099), seq 1, ack 22, win 342, options [nop,nop,TS val 3501713737 ecr 3501713737], length 0 ``` 最后一条, 连接被17122端口直接Reset了. 其他看不懂. 此时, docker层和frpc层无任何日志. ## **对比**: 直接在OS运行frpc时, ssh可以连接, -vvv部分日志 ``` ... debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-] debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1] debug2: ssh_connect_direct debug1: Connecting to 127.0.0.1 [127.0.0.1] port 7122. debug1: Connection established. debug1: identity file /home/xxx/.ssh/id_rsa_any4 type -1 debug1: identity file /home/xxx/.ssh/id_rsa_any4-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.0 <--------------------------------------- debug1: Remote protocol version 2.0, remote software version OpenSSH_8.1 debug1: match: OpenSSH_8.1 pat OpenSSH* compat 0x04000000 debug2: fd 5 setting O_NONBLOCK debug1: Authenticating to 127.0.0.1:7122 as 'git' debug3: put_host_port: [127.0.0.1]:7122 ... ``` tcpdump ``` $ sudo tcpdump -i lo port 7122 -vv tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes 11:28:49.163802 IP (tos 0x0, ttl 64, id 3391, offset 0, flags [DF], proto TCP (6), length 60) rcdb.rc.45142 > rcdb.rc.7122: Flags [S], cksum 0xfe30 (incorrect -> 0x9fc7), seq 1555868088, win 43690, options [mss 65495,sackOK,TS val 3501810192 ecr 0,nop,wscale 7], length 0 11:28:49.163812 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) rcdb.rc.7122 > rcdb.rc.45142: Flags [S.], cksum 0xfe30 (incorrect -> 0x9153), seq 3811899491, ack 1555868089, win 43690, options [mss 65495,sackOK,TS val 3501810192 ecr 3501810192,nop,wscale 7], length 0 11:28:49.163834 IP (tos 0x0, ttl 64, id 3392, offset 0, flags [DF], proto TCP (6), length 52) rcdb.rc.45142 > rcdb.rc.7122: Flags [.], cksum 0xfe28 (incorrect -> 0x6398), seq 1, ack 1, win 342, options [nop,nop,TS val 3501810192 ecr 3501810192], length 0 11:28:49.163892 IP (tos 0x0, ttl 64, id 3393, offset 0, flags [DF], proto TCP (6), length 73) rcdb.rc.45142 > rcdb.rc.7122: Flags [P.], cksum 0xfe3d (incorrect -> 0xa2d2), seq 1:22, ack 1, win 342, options [nop,nop,TS val 3501810192 ecr 3501810192], length 21 11:28:49.163896 IP (tos 0x0, ttl 64, id 13690, offset 0, flags [DF], proto TCP (6), length 52) rcdb.rc.7122 > rcdb.rc.45142: Flags [.], cksum 0xfe28 (incorrect -> 0x6383), seq 1, ack 22, win 342, options [nop,nop,TS val 3501810192 ecr 3501810192], length 0 11:28:49.236170 IP (tos 0x0, ttl 64, id 13691, offset 0, flags [DF], proto TCP (6), length 73) rcdb.rc.7122 > rcdb.rc.45142: Flags [P.], cksum 0xfe3d (incorrect -> 0xa175), seq 1:22, ack 22, win 342, options [nop,nop,TS val 3501810264 ecr 3501810192], length 21 11:28:49.236176 IP (tos 0x0, ttl 64, id 3394, offset 0, flags [DF], proto TCP (6), length 52) rcdb.rc.45142 > rcdb.rc.7122: Flags [.], cksum 0xfe28 (incorrect -> 0x62de), seq 22, ack 22, win 342, options [nop,nop,TS val 3501810264 ecr 3501810264], length 0 11:28:49.236496 IP (tos 0x0, ttl 64, id 3395, offset 0, flags [DF], proto TCP (6), length 1420) rcdb.rc.45142 > rcdb.rc.7122: Flags [P.], cksum 0x0381 (incorrect -> 0x236d), seq 22:1390, ack 22, win 342, options [nop,nop,TS val 3501810264 ecr 3501810264], length 1368 11:28:49.236502 IP (tos 0x0, ttl 64, id 13692, offset 0, flags [DF], proto TCP (6), length 52) rcdb.rc.7122 > rcdb.rc.45142: Flags [.], cksum 0xfe28 (incorrect -> 0x5987), seq 22, ack 1390, win 1365, options [nop,nop,TS val 3501810264 ecr 3501810264], length 0 11:28:49.255531 IP (tos 0x0, ttl 64, id 13693, offset 0, flags [DF], proto TCP (6), length 1132) rcdb.rc.7122 > rcdb.rc.45142: Flags [P.], cksum 0x0261 (incorrect -> 0xc38f), seq 22:1102, ack 1390, win 1365, options [nop,nop,TS val 3501810283 ecr 3501810264], length 1080 11:28:49.257209 IP (tos 0x0, ttl 64, id 3396, offset 0, flags [DF], proto TCP (6), length 100) rcdb.rc.45142 > rcdb.rc.7122: Flags [P.], cksum 0xfe58 (incorrect -> 0x3225), seq 1390:1438, ack 1102, win 359, options [nop,nop,TS val 3501810285 ecr 3501810283], length 48 11:28:49.280797 IP (tos 0x0, ttl 64, id 13694, offset 0, flags [DF], proto TCP (6), length 512) rcdb.rc.7122 > rcdb.rc.45142: Flags [P.], cksum 0xfff4 (incorrect -> 0x1d03), seq 1102:1562, ack 1438, win 1365, options [nop,nop,TS val 3501810309 ecr 3501810285], length 460 ``` ## 相同环境,创建了个简单的sshd容器, 能通过docker端口转发连进容器里的sshd的22端口. tcpdump ``` $ sudo tcpdump -i lo port 18122 -vv tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes 12:15:53.192252 IP (tos 0x0, ttl 64, id 9916, offset 0, flags [DF], proto TCP (6), length 60) rcdb.rc.58122 > rcdb.rc.18122: Flags [S], cksum 0xfe30 (incorrect -> 0xcea1), seq 3649800398, win 43690, options [mss 65495,sackOK,TS val 3504634233 ecr 0,nop,wscale 7], length 0 12:15:53.192265 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) rcdb.rc.18122 > rcdb.rc.58122: Flags [S.], cksum 0xfe30 (incorrect -> 0x4526), seq 1798886355, ack 3649800399, win 43690, options [mss 65495,sackOK,TS val 3504634233 ecr 3504634233,nop,wscale 7], length 0 12:15:53.192276 IP (tos 0x0, ttl 64, id 9917, offset 0, flags [DF], proto TCP (6), length 52) rcdb.rc.58122 > rcdb.rc.18122: Flags [.], cksum 0xfe28 (incorrect -> 0x176b), seq 1, ack 1, win 342, options [nop,nop,TS val 3504634233 ecr 3504634233], length 0 12:15:53.192366 IP (tos 0x0, ttl 64, id 9918, offset 0, flags [DF], proto TCP (6), length 73) rcdb.rc.58122 > rcdb.rc.18122: Flags [P.], cksum 0xfe3d (incorrect -> 0x56a5), seq 1:22, ack 1, win 342, options [nop,nop,TS val 3504634233 ecr 3504634233], length 21 12:15:53.192372 IP (tos 0x0, ttl 64, id 32293, offset 0, flags [DF], proto TCP (6), length 52) rcdb.rc.18122 > rcdb.rc.58122: Flags [.], cksum 0xfe28 (incorrect -> 0x1756), seq 1, ack 22, win 342, options [nop,nop,TS val 3504634233 ecr 3504634233], length 0 12:15:53.197609 IP (tos 0x0, ttl 64, id 32294, offset 0, flags [DF], proto TCP (6), length 73) rcdb.rc.18122 > rcdb.rc.58122: Flags [P.], cksum 0xfe3d (incorrect -> 0x538b), seq 1:22, ack 22, win 342, options [nop,nop,TS val 3504634238 ecr 3504634233], length 21 12:15:53.197615 IP (tos 0x0, ttl 64, id 9919, offset 0, flags [DF], proto TCP (6), length 52) rcdb.rc.58122 > rcdb.rc.18122: Flags [.], cksum 0xfe28 (incorrect -> 0x1737), seq 22, ack 22, win 342, options [nop,nop,TS val 3504634238 ecr 3504634238], length 0 ``` any more idea?
gitea-mirror commented 2026-05-05 13:00:44 -06:00
Author
Owner
Copy link

@ReeFish commented on GitHub (Oct 7, 2020):

@fanlix 遇到相同的问题,有解决么?

<!-- gh-comment-id:704845901 --> @ReeFish commented on GitHub (Oct 7, 2020): @fanlix 遇到相同的问题,有解决么?
gitea-mirror commented 2026-05-05 13:00:45 -06:00
Author
Owner
Copy link

@ReeFish commented on GitHub (Oct 8, 2020):

大致知道了原因,mac电脑下,如果docker以host模式运行容器,是不会生效的,因为host模式只有支持linux。可以参考:https://yuanmomo.net/2019/06/13/docker-network/
如果在linux下没有问题

<!-- gh-comment-id:705338380 --> @ReeFish commented on GitHub (Oct 8, 2020): 大致知道了原因,mac电脑下,如果docker以host模式运行容器,是不会生效的,因为host模式只有支持linux。可以参考:https://yuanmomo.net/2019/06/13/docker-network/ 如果在linux下没有问题
gitea-mirror commented 2026-05-05 13:00:46 -06:00
Author
Owner
Copy link

@fanlix commented on GitHub (Oct 13, 2020):

我用的就是linux.

<!-- gh-comment-id:707581917 --> @fanlix commented on GitHub (Oct 13, 2020): 我用的就是linux.
gitea-mirror commented 2026-05-05 13:00:47 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Oct 13, 2020):

@fanlix 注意上面提到的以 host 模式运行容器。

<!-- gh-comment-id:707589515 --> @fatedier commented on GitHub (Oct 13, 2020): @fanlix 注意上面提到的以 host 模式运行容器。
gitea-mirror commented 2026-05-05 13:00:48 -06:00
Author
Owner
Copy link

@ReeFish commented on GitHub (Oct 17, 2020):

我用的就是linux.

@fanlix docker-compose.yml里增加配置:

network_mode: "host"
<!-- gh-comment-id:710729721 --> @ReeFish commented on GitHub (Oct 17, 2020): > 我用的就是linux. @fanlix docker-compose.yml里增加配置: ``` network_mode: "host" ```
gitea-mirror commented 2026-05-05 13:00:48 -06:00
Author
Owner
Copy link

@ReeFish commented on GitHub (Oct 17, 2020):

hi @fatedier ,顺便问下,针对mac电脑通过docker部署frp的visitor,
有没有可能开发支持 bind_addr 绑定mac电脑本地局域网的IP,比如

bind_addr = 192.168.1.2

而不是

bind_addr = 127.0.0.1

来解决容器和宿主网络不通的问题呢?

<!-- gh-comment-id:710731398 --> @ReeFish commented on GitHub (Oct 17, 2020): hi @fatedier ,顺便问下,针对mac电脑通过docker部署frp的visitor, 有没有可能开发支持 bind_addr 绑定mac电脑本地局域网的IP,比如 ``` bind_addr = 192.168.1.2 ``` 而不是 ```` bind_addr = 127.0.0.1 ```` 来解决容器和宿主网络不通的问题呢?
gitea-mirror commented 2026-05-05 13:00:48 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Oct 25, 2020):

@ReeFish 这个参数已经支持,但是不使用 host 模式,是无法绑定在 mac 上网卡的 IP 的。

<!-- gh-comment-id:716088620 --> @fatedier commented on GitHub (Oct 25, 2020): @ReeFish 这个参数已经支持,但是不使用 host 模式,是无法绑定在 mac 上网卡的 IP 的。
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#1588
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?