[GH-ISSUE #2643] [Feature Request] Dynamic stcp address/port allocation

gitea-mirror commented

2026-05-05 13:21:14 -06:00

Owner

Originally created by @v20z on GitHub (Oct 31, 2021).
Original GitHub issue: https://github.com/fatedier/frp/issues/2643

Describe the feature request

The idea is not to create predefined fixed static configurations for each node.

First time stcp/hidden forwarder connects to server and do not open any ports but just silently waiting for incoming requests. Displayed in the dashboard as pending by user name for example.

When connector/redirector initiate connection to it and supply to him specific/desired service_name / redirect_port / redirect_addr which forwader redirect back to this connector.

;
; frpc.ini - Forwarder client config 
;
[common]
; allow_addrs = *				# allow any addr upon request
; allow_ports = *				# allow any port upon request
; allow_ports = 2000-3000,3001,3003,4000-50000
....
; Dynamic service
; Allocate service name from connector frpc request
; and then show in dashboard with this name
[*]
type = stcp
; local_ip = *			# Allow/bind to address/port
; local_port = *		# received from connector frpc request
use_encryption = true
use_compression = true
sk = abcdefg

Opposite:

;
; frpc.ini - Connector client config
;
[common]
server_addr ...
server_port ...
...
[ssh]
type = stcp
role = visitor
server_name = ssh		# dynamically send to forwarder
bind_port = 22222
bind_addr = 127.0.0.1
redir_port = 22		# if 'role = visitor' instruct forwader
redir_addr = 127.0.0.1		# to open/listen/bind on his side
use_encryption = true
use_compression = true
sk = abcdefg

Or at command line:

# frpc stcp --server_addr ... --server_port ... ... --role visitor --server_name ssh ... --redir_port 22 redir_addr 127.0.0.1 ...

Describe alternatives you've considered

Here is similar project:
https://gitlab.com/hev/hev-fsh/blob/master/README.md
Accept all TCP ports
fsh -f -p 10.0.0.1

Affected area

Docs
Installation
Performance and Scalability
Security
User Experience
Test and Release
Developer Infrastructure
Client Plugin
Server Plugin
Extensions
Others

Originally created by @v20z on GitHub (Oct 31, 2021). Original GitHub issue: https://github.com/fatedier/frp/issues/2643 ### Describe the feature request The idea is not to create predefined fixed static configurations for each node. First time stcp/hidden forwarder connects to server and do not open any ports but just silently waiting for incoming requests. Displayed in the dashboard as pending by user name for example. When connector/redirector initiate connection to it and supply to him specific/desired service_name / redirect_port / redirect_addr which forwader redirect back to this connector. ``` ; ; frpc.ini - Forwarder client config ; [common] ; allow_addrs = * # allow any addr upon request ; allow_ports = * # allow any port upon request ; allow_ports = 2000-3000,3001,3003,4000-50000 .... ; Dynamic service ; Allocate service name from connector frpc request ; and then show in dashboard with this name [*] type = stcp ; local_ip = * # Allow/bind to address/port ; local_port = * # received from connector frpc request use_encryption = true use_compression = true sk = abcdefg ``` Opposite: ``` ; ; frpc.ini - Connector client config ; [common] server_addr ... server_port ... ... [ssh] type = stcp role = visitor server_name = ssh # dynamically send to forwarder bind_port = 22222 bind_addr = 127.0.0.1 redir_port = 22 # if 'role = visitor' instruct forwader redir_addr = 127.0.0.1 # to open/listen/bind on his side use_encryption = true use_compression = true sk = abcdefg ``` Or at command line: ``` # frpc stcp --server_addr ... --server_port ... ... --role visitor --server_name ssh ... --redir_port 22 redir_addr 127.0.0.1 ... ``` ### Describe alternatives you've considered Here is similar project: https://gitlab.com/hev/hev-fsh/blob/master/README.md Accept all TCP ports fsh -f -p 10.0.0.1 ### Affected area - [ ] Docs - [ ] Installation - [X] Performance and Scalability - [ ] Security - [X] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [X] Extensions - [ ] Others

gitea-mirror

2026-05-05 13:21:14 -06:00

closed this issue
added the
lifecycle/stale
label

gitea-mirror commented

2026-05-05 13:21:17 -06:00

Author

Owner

@fatedier commented on GitHub (Nov 1, 2021):

It will bring more risk to common users. I prefer not to allow visitors bind any port on a internal machine.

@fatedier commented on GitHub (Nov 1, 2021): It will bring more risk to common users. I prefer not to allow visitors bind any port on a internal machine.

gitea-mirror commented

2026-05-05 13:21:18 -06:00

Author

Owner

@v20z commented on GitHub (Nov 1, 2021):

Thanks for your reply, fatedier.

It was just an idea to make the configuration lighter and easier to automate and generalize it.

However, you could apply allow_ports directive at [common] section to assign which ports possible to redirect.

But of course this is your decision and we accept it because you are the author and you have a vision of the situation.

Anyway please continue developing, your program is interesting and useful.

Thank You.

@v20z commented on GitHub (Nov 1, 2021): Thanks for your reply, **_fatedier_**. It was just an idea to make the configuration lighter and easier to automate and generalize it. However, you could apply `allow_ports` directive at `[common]` section to assign which ports possible to redirect. But of course this is your decision and we accept it because you are the author and you have a vision of the situation. Anyway please continue developing, your program is interesting and useful. Thank You.

gitea-mirror commented

2026-05-05 13:21:19 -06:00

Author

Owner

@github-actions[bot] commented on GitHub (Dec 2, 2021):

Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

@github-actions[bot] commented on GitHub (Dec 2, 2021): Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.