starred/goproxy
1
0
Fork 0
mirror of https://github.com/snail007/goproxy.git synced 2026-04-27 00:15:51 +03:00
Code Issues 144 Projects Releases 3 Packages Wiki Activity

[GH-ISSUE #295] 内网穿透mysql端口有问题 #212

New issue
Closed
opened 2026-02-27 23:15:58 +03:00 by kerem · 6 comments
kerem commented 2026-02-27 23:15:58 +03:00
Owner
Copy link

Originally created by @breath-co2 on GitHub (Jul 5, 2019).
Original GitHub issue: https://github.com/snail007/goproxy/issues/295

按照文档里的做法配置启动后,使用 mysql 客户端连接后无反应,改配置为 http 端口可以,多链接和多路复用都试过不行。

经过分析,是因为当mysql有一个新连接后它会主动发送类似

5.5.5-10.3.9-MariaDB-log�V)VW4:gxH��!��=:G9'TU-!\.nmysql_native_password!��#08S01Got packets out of order[

这样的一串验证信息,但是使用 goproxy 的内网穿透,当连接到 proxy server 的端口后(没有发送数据)它不会去 client 创建连接,这样自然就不会收到 mysql 下发的信息,然后就有问题了。。

Originally created by @breath-co2 on GitHub (Jul 5, 2019). Original GitHub issue: https://github.com/snail007/goproxy/issues/295 按照文档里的做法配置启动后,使用 mysql 客户端连接后无反应,改配置为 http 端口可以,多链接和多路复用都试过不行。 经过分析,是因为当mysql有一个新连接后它会主动发送类似 ``` 5.5.5-10.3.9-MariaDB-log�V)VW4:gxH��!��=:G9'TU-!\.nmysql_native_password!��#08S01Got packets out of order[ ``` 这样的一串验证信息,但是使用 goproxy 的内网穿透,当连接到 proxy server 的端口后(没有发送数据)它不会去 client 创建连接,这样自然就不会收到 mysql 下发的信息,然后就有问题了。。
kerem closed this issue 2026-02-27 23:15:58 +03:00
kerem commented 2026-02-27 23:15:59 +03:00
Author
Owner
Copy link

@snail007 commented on GitHub (Jul 5, 2019):

你的网络问题,client没连接上bridge。“当连接到 proxy server 的端口后(没有发送数据)它不会去 client 创建连接”不存在这样的逻辑,只要有server连接,就会去连接client。

<!-- gh-comment-id:508626328 --> @snail007 commented on GitHub (Jul 5, 2019): 你的网络问题,client没连接上bridge。“当连接到 proxy server 的端口后(没有发送数据)它不会去 client 创建连接”不存在这样的逻辑,只要有server连接,就会去连接client。
kerem commented 2026-02-27 23:15:59 +03:00
Author
Owner
Copy link

@breath-co2 commented on GitHub (Jul 5, 2019):

可能我表述不正确,详细说下吧:

启动服务

有3台机器分别A,B,C表示:
A: bridge服务器,先启动

proxy bridge -p ':33080' -C server.crt -K server.key

B: 这机器上有 80、3306端口分别是http和mysql,需要穿透给 C 用,其中 172.17.2.1 是 bridge 的IP

proxy client -P "172.17.2.1:33080" -C server.crt -K server.key

启动后B输出:

proxy free version 7.8  by snail , email : arraykeys@gmail.com
2019/07/05 14:19:32 use tls parent 172.17.2.1:33080
2019/07/05 14:19:32 client started
2019/07/05 14:19:32 session worker[1] started
2019/07/05 14:19:32 session worker[2] started
2019/07/05 14:19:32 session worker[3] started
2019/07/05 14:19:32 session worker[4] started
2019/07/05 14:19:32 session worker[5] started
2019/07/05 14:19:32 session worker[6] started
2019/07/05 14:19:32 session worker[7] started
2019/07/05 14:19:32 session worker[8] started
2019/07/05 14:19:32 session worker[9] started
2019/07/05 14:19:32 session worker[10] started

A bridge log输出

2019/07/05 14:19:24 tls bridge on [::]:33080
2019/07/05 14:19:32 client connection default-7 connected
2019/07/05 14:19:32 client connection default-6 connected
2019/07/05 14:19:32 client connection default-5 connected
2019/07/05 14:19:32 client connection default-9 connected
2019/07/05 14:19:32 client connection default-8 connected
2019/07/05 14:19:32 client connection default-4 connected
2019/07/05 14:19:32 client connection default-10 connected
2019/07/05 14:19:32 client connection default-2 connected
2019/07/05 14:19:32 client connection default-3 connected
2019/07/05 14:19:32 client connection default-1 connected

C: 启动参数如下,其中***是bridge的外网IP

proxy server -r "127.0.0.1:306@:3306" -r "127.0.0.1:800@:80" -P "***:33080" -C server.crt -K server.key

启动后输出

proxy free version 7.8  by snail , email : arraykeys@gmail.com
2019/07/05 14:21:01 use tls parent ***:33080
2019/07/05 14:21:01 server id: dccc7713f5e2f66ecd4f7a8c08affcd819a12726
2019/07/05 14:21:01 server on 127.0.0.1:306
2019/07/05 14:21:01 server on 127.0.0.1:800

bridge 和 client 无任何log输出。

此时3服务器都已启动,C服务器上执行 netstat -nltp | grep proxy 输出:

tcp        0      0 127.0.0.1:306           0.0.0.0:*               LISTEN      123177/proxy
tcp        0      0 127.0.0.1:800           0.0.0.0:*               LISTEN      123177/proxy

测试服务,http测试正常

C上执行 curl -i http://127.0.0.1:800 可以输出 A 服务器的 html 内容。
A log 输出:

2019/07/05 14:24:05 server connection dccc7713f5e2f66ecd4f7a8c08affcd819a12726 default connected
2019/07/05 14:24:05 select client : default-5
2019/07/05 14:24:05 stream dccc7713f5e2f66ecd4f7a8c08affcd819a12726 -> default created
2019/07/05 14:24:06 default server dccc7713f5e2f66ecd4f7a8c08affcd819a12726 stream released

B log 输出:

2019/07/05 14:24:05 stream 8377203fd693d2e2f98b7d02780b00ee224af79d created
2019/07/05 14:24:05 stream 8377203fd693d2e2f98b7d02780b00ee224af79d released

C log 输出:

2019/07/05 14:24:05 session[8] created
2019/07/05 14:24:05 default stream 8377203fd693d2e2f98b7d02780b00ee224af79d created
2019/07/05 14:24:05 default stream 8377203fd693d2e2f98b7d02780b00ee224af79d released

以上表明配置已生效

测试mysql服务,异常

接下来用mysql 连接,执行 mysql -P306 -h127.0.0.1 -uroot -p 输入密码后无任何反应,异常。
ctrl + c 退出用 telnet 127.0.0.1 306 测试端口,输出:

Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.

A,B,C没任何log信息。而如果用 telnet 127.0.0.1 3306 (本机mysql端口) 正确的输出是:

Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
V
5.5.47-MariaDB-logTFATalx:!�V"Do$a<J?;JDmysql_native_password^]

因为mysql在连接后会输出这个认证数据包。

还是用 telnet 127.0.0.1 306 测试,输入一个1并按回车:

Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
1
\
5.5.5-10.3.9-MariaDB-log�WGkd4vxue��!��zUz)Xa]2{:NYmysql_native_password

发现可收到mysql的内容,并且:
A 输出:

2019/07/05 14:36:16 server connection dccc7713f5e2f66ecd4f7a8c08affcd819a12726 default connected
2019/07/05 14:36:16 select client : default-9
2019/07/05 14:36:16 stream dccc7713f5e2f66ecd4f7a8c08affcd819a12726 -> default created

B 输出:

2019/07/05 14:36:16 stream 8ae85ac01b0abe6f1549feb98291fc9c5ef3c538 created

C 输出:

2019/07/05 14:36:16 session[5] created
2019/07/05 14:36:16 default stream 8ae85ac01b0abe6f1549feb98291fc9c5ef3c538 created
<!-- gh-comment-id:508649067 --> @breath-co2 commented on GitHub (Jul 5, 2019): 可能我表述不正确,详细说下吧: ## 启动服务 有3台机器分别A,B,C表示: A: bridge服务器,先启动 ``` proxy bridge -p ':33080' -C server.crt -K server.key ``` B: 这机器上有 80、3306端口分别是http和mysql,需要穿透给 C 用,其中 172.17.2.1 是 bridge 的IP ``` proxy client -P "172.17.2.1:33080" -C server.crt -K server.key ``` 启动后B输出: ``` proxy free version 7.8 by snail , email : arraykeys@gmail.com 2019/07/05 14:19:32 use tls parent 172.17.2.1:33080 2019/07/05 14:19:32 client started 2019/07/05 14:19:32 session worker[1] started 2019/07/05 14:19:32 session worker[2] started 2019/07/05 14:19:32 session worker[3] started 2019/07/05 14:19:32 session worker[4] started 2019/07/05 14:19:32 session worker[5] started 2019/07/05 14:19:32 session worker[6] started 2019/07/05 14:19:32 session worker[7] started 2019/07/05 14:19:32 session worker[8] started 2019/07/05 14:19:32 session worker[9] started 2019/07/05 14:19:32 session worker[10] started ``` A bridge log输出 ``` 2019/07/05 14:19:24 tls bridge on [::]:33080 2019/07/05 14:19:32 client connection default-7 connected 2019/07/05 14:19:32 client connection default-6 connected 2019/07/05 14:19:32 client connection default-5 connected 2019/07/05 14:19:32 client connection default-9 connected 2019/07/05 14:19:32 client connection default-8 connected 2019/07/05 14:19:32 client connection default-4 connected 2019/07/05 14:19:32 client connection default-10 connected 2019/07/05 14:19:32 client connection default-2 connected 2019/07/05 14:19:32 client connection default-3 connected 2019/07/05 14:19:32 client connection default-1 connected ``` C: 启动参数如下,其中***是bridge的外网IP ``` proxy server -r "127.0.0.1:306@:3306" -r "127.0.0.1:800@:80" -P "***:33080" -C server.crt -K server.key ``` 启动后输出 ``` proxy free version 7.8 by snail , email : arraykeys@gmail.com 2019/07/05 14:21:01 use tls parent ***:33080 2019/07/05 14:21:01 server id: dccc7713f5e2f66ecd4f7a8c08affcd819a12726 2019/07/05 14:21:01 server on 127.0.0.1:306 2019/07/05 14:21:01 server on 127.0.0.1:800 ``` bridge 和 client 无任何log输出。 此时3服务器都已启动,C服务器上执行 `netstat -nltp | grep proxy` 输出: ``` tcp 0 0 127.0.0.1:306 0.0.0.0:* LISTEN 123177/proxy tcp 0 0 127.0.0.1:800 0.0.0.0:* LISTEN 123177/proxy ``` ## 测试服务,http测试正常 C上执行 `curl -i http://127.0.0.1:800` 可以输出 A 服务器的 html 内容。 A log 输出: ``` 2019/07/05 14:24:05 server connection dccc7713f5e2f66ecd4f7a8c08affcd819a12726 default connected 2019/07/05 14:24:05 select client : default-5 2019/07/05 14:24:05 stream dccc7713f5e2f66ecd4f7a8c08affcd819a12726 -> default created 2019/07/05 14:24:06 default server dccc7713f5e2f66ecd4f7a8c08affcd819a12726 stream released ``` B log 输出: ``` 2019/07/05 14:24:05 stream 8377203fd693d2e2f98b7d02780b00ee224af79d created 2019/07/05 14:24:05 stream 8377203fd693d2e2f98b7d02780b00ee224af79d released ``` C log 输出: ``` 2019/07/05 14:24:05 session[8] created 2019/07/05 14:24:05 default stream 8377203fd693d2e2f98b7d02780b00ee224af79d created 2019/07/05 14:24:05 default stream 8377203fd693d2e2f98b7d02780b00ee224af79d released ``` 以上表明配置已生效 ## 测试mysql服务,异常 接下来用mysql 连接,执行 `mysql -P306 -h127.0.0.1 -uroot -p` 输入密码后无任何反应,异常。 ctrl + c 退出用 `telnet 127.0.0.1 306` 测试端口,输出: ``` Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. ``` A,B,C没任何log信息。而如果用 `telnet 127.0.0.1 3306` (本机mysql端口) 正确的输出是: ``` Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. V 5.5.47-MariaDB-logTFATalx:!�V"Do$a<J?;JDmysql_native_password^] ``` 因为mysql在连接后会输出这个认证数据包。 ----------- 还是用 `telnet 127.0.0.1 306` 测试,输入一个1并按回车: ``` Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 1 \ 5.5.5-10.3.9-MariaDB-log�WGkd4vxue��!��zUz)Xa]2{:NYmysql_native_password ``` 发现可收到mysql的内容,并且: A 输出: ``` 2019/07/05 14:36:16 server connection dccc7713f5e2f66ecd4f7a8c08affcd819a12726 default connected 2019/07/05 14:36:16 select client : default-9 2019/07/05 14:36:16 stream dccc7713f5e2f66ecd4f7a8c08affcd819a12726 -> default created ``` B 输出: ``` 2019/07/05 14:36:16 stream 8ae85ac01b0abe6f1549feb98291fc9c5ef3c538 created ``` C 输出: ``` 2019/07/05 14:36:16 session[5] created 2019/07/05 14:36:16 default stream 8ae85ac01b0abe6f1549feb98291fc9c5ef3c538 created ```
kerem commented 2026-02-27 23:15:59 +03:00
Author
Owner
Copy link

@snail007 commented on GitHub (Jul 5, 2019):

bug已经确认,下个版本中已经修复。

<!-- gh-comment-id:508679027 --> @snail007 commented on GitHub (Jul 5, 2019): bug已经确认,下个版本中已经修复。
kerem commented 2026-02-27 23:15:59 +03:00
Author
Owner
Copy link

@snail007 commented on GitHub (Jul 9, 2019):

fixed in v7.9

<!-- gh-comment-id:509505895 --> @snail007 commented on GitHub (Jul 9, 2019): fixed in v7.9
kerem commented 2026-02-27 23:15:59 +03:00
Author
Owner
Copy link

@breath-co2 commented on GitHub (Jul 17, 2019):

@snail007 感谢你的修复,升级到 8.0 后使用 telnet 测试连接上可以收到mysql的包头数据了,但是实际用mysql客户端或任何别的语言连接这个穿透的端口,会出现 MySQL server has gone away 的错误。

仍旧无法使用

<!-- gh-comment-id:512157653 --> @breath-co2 commented on GitHub (Jul 17, 2019): @snail007 感谢你的修复,升级到 8.0 后使用 telnet 测试连接上可以收到mysql的包头数据了,但是实际用mysql客户端或任何别的语言连接这个穿透的端口,会出现 MySQL server has gone away 的错误。 仍旧无法使用
kerem commented 2026-02-27 23:15:59 +03:00
Author
Owner
Copy link

@breath-co2 commented on GitHub (Jul 17, 2019):

@snail007 抱歉,参数设置问题,已经测试可用了,非常感谢

<!-- gh-comment-id:512164223 --> @breath-co2 commented on GitHub (Jul 17, 2019): @snail007 抱歉,参数设置问题,已经测试可用了,非常感谢
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v15.2
v15.1
v15.0
Labels
Clear labels   
TODO

   
bug

   
duplicate

   
enhancement

   
good first issue

   
help wanted

   
helpful

   
invalid

   
need-confirm

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
wontfix
No labels
TODO
bug
duplicate
enhancement
good first issue
help wanted
helpful
invalid
need-confirm
pull-request
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/goproxy#212
No description provided.