Master Internal Network Tunneling: NPS, FRP, EW, and NGROK Explained

NPS/NPC Overview

NPS is a lightweight, high‑performance internal network penetration proxy written in Go, supporting TCP/UDP forwarding, HTTP/SOCKS5 proxy, P2P, and a web management interface.

Features

Go language implementation

Cross‑platform support

Multiple protocol proxy

Web management console

Installation & Configuration

cd ~
wget https://github.com/cnlh/nps/releases/download/v0.23.2/linux_amd64_server.tar.gz
tar xzvf linux_amd64_server.tar.gz
cd ~/nps

Edit conf/nps.conf to set the web host, username, password, and port:

web_host=YOUR_SERVER_IP_OR_DOMAIN
web_username=admin
web_password=YOUR_PASSWORD
web_port=8080

Adjust the #bridge section if you need to change the NPC connection port (e.g., when only ports 80/443 are open).

#bridge
bridge_type=tcp
bridge_port=443  # modify as needed
bridge_ip=0.0.0.0

Running NPS

# Mac/Linux
./nps test|start|stop|restart|status
# Windows
nps.exe test|start|stop|restart|status

NPC Usage

./npc -server=YOUR_IP:8024 -vkey=UNIQUE_PASSWORD -type=tcp

Clients appear in the web UI where you can add new connections, each identified by a unique vkey.

FRP Overview

FRP is a high‑performance reverse proxy focused on internal network penetration, supporting TCP, UDP, HTTP, HTTPS, and more. It forwards internal services to the public internet via a server with a public IP.

Features

Supports TCP, KCP, WebSocket protocols

Port multiplexing

Cross‑platform (slightly fewer protocols than NPS)

Rich plugin system

Installation & Basic Usage

Download the appropriate release:

wget https://github.com/fatedier/frp/releases/download/v0.53.0/frp_0.53.0_linux_amd64.tar.gz
tar xzvf frp_0.53.0_linux_amd64.tar.gz

RDP Example

Edit frps.ini on the server to set a token for authentication:

[common]
bind_port=7000
token=abcdefgh

Start the server: ./frps -c ./frps.ini On the client, create frpc.ini:

[common]
server_addr=x.x.x.x
server_port=7000
token=abcdefgh

[rdp]
type=tcp
local_ip=127.0.0.1
local_port=3389
remote_port=6000

Run the client: ./frpc -c ./frpc.ini Connect via x.x.x.x:6000 using an RDP client.

SSH Example

[ssh]
type=tcp
local_ip=127.0.0.1
local_port=22
remote_port=6000

Connect with:

ssh -p 6000 [email protected]

Web Service via Custom Domain

# frps.ini
[common]
bind_port=7000
vhost_http_port=8080
token=abcdefgh

# frpc.ini
[web]
type=http
local_port=80
custom_domains=www.yourdomain.com

Point the domain’s A record to the server IP and access http://www.yourdomain.com:8080.

File Service Plugin

[test_static_file]
type=tcp
remote_port=6000
plugin=static_file
plugin_local_path=/tmp/file
plugin_strip_prefix=static
plugin_http_user=abc
plugin_http_passwd=abc

Browse http://x.x.x.x:6000/static/ to download files.

Dashboard

[common]
dashboard_port=7500
dashboard_user=admin
dashboard_pwd=admin

Visit http://SERVER_IP:7500 to view proxy statistics.

Encryption & Compression

[ssh]
type=tcp
local_port=22
remote_port=6000
use_encryption=true
use_compression=true

TLS Support (v0.25.0+)

# In frpc.ini [common]
tls_enable=true

When TLS is enabled, use_encryption is no longer required (except for xtcp).

Bandwidth Limiting

[ssh]
type=tcp
local_port=22
remote_port=6000
bandwidth_limit=1MB

Range Port Mapping

[range:test_tcp]
type=tcp
local_ip=127.0.0.1
local_port=6000-6006,6007
remote_port=6000-6006,6007

This creates proxies test_tcp_0 … test_tcp_7.

EW Overview

EW is a portable network penetration tool written in C, providing SOCKS5 proxy and port forwarding capabilities. It is no longer actively maintained.

Features

Lightweight C implementation

Supports multi‑level proxy chaining

Cross‑platform

Only SOCKS5 proxy support

Common Commands

# Forward SOCKS5 server
./ew -s ssocksd -l 1080

# Reverse SOCKS5 server (two‑step)
# On public host A:
./ew -s rcsocks -l 1080 -e 8888
# On target host B:
./ew -s rssocks -d 1.1.1.1 -e 8888

# Multi‑level chaining examples
./ew -s lcx_tran -l 1080 -f 127.0.0.1 -g 9999
./ew -s lcx_listen -l 1080 -e 8888
./ew -s lcx_slave -d 127.0.0.1 -e 8888 -f 127.0.0.1 -g 9999

NGROK Overview

NGROK is a reverse proxy that creates a secure tunnel between a public endpoint and a locally running web server, exposing internal services to the internet. It provides traffic inspection, replay, and optional authentication.

Features

Officially maintained, stable

Cross‑platform, closed source

Traffic logging and replay

Usage Steps

Register on ngrok.com and download the binary.

Authorize your client with the token provided by the website: ./ngrok authtoken YOUR_AUTH_TOKEN Expose a local service, e.g., HTTP on port 80: ./ngrok http 80 NGROK will output a public URL that forwards to your local service.

Additional Examples

# Authenticated file sharing
ngrok http -auth="user:password" file:///Users/alan/share

# Unauthenticated file sharing
ngrok http "file:///C:\Users\alan\Public Folder"

# Expose RDP (TCP 3389)
ngrok tcp 3389

For more commands, refer to the official documentation at https://ngrok.com/docs .