SSH connection between two behind-nat computers through third public-ip computer

8

10

I have a computer at home (home-server) that runs irssi, rtorrent etc. My ISP is blocking every traffic from outside (dumb, I know, but it's the only ISP I can have).

I want to be able to log in into home-server's shell from any remote-computer (behind NAT).

I've got shell account somewhere (without root access), that may be some use to that.

Here's diagram describing situation: enter image description here

Is this possible to gain access to shell on my home-server? I heard something about ssh tunneling, but I couldn't find any tutorial matching this case.

seler

Posted 2011-07-26T22:30:38.737

Reputation: 303

Answers

16

on Home server (tunnel from third party to home):
ssh -R 20000:127.0.0.1:22 thirdparty.org

This connects your home box to the third party shell, and then starts to forward any connections to port 20000 on the third party shell to port 22 on your home box (the SSH port).

On remote computer (tunnel from remote to third party):
ssh -L 20000:127.0.0.1:20000 thirdparty.org

This connections your remote box to the third party shell, and then starts to foward port 20000 on the remote box to port 20000 on the third party shell.

and then on remote computer (connect over tunnels):
ssh 127.0.0.1:20000 and enter in credentials for your home server

This will attempt to ssh to port 20000 on the remote box. Since we set up a tunnel to the third party, the #2 command effectively forwards this connection attempt to 127.0.0.1:20000 on the third party shell. Then, the first command fowards the connection again to port 22 on your home box, at which point the ssh server picks up the connection.

Darth Android

Posted 2011-07-26T22:30:38.737

Reputation: 35 133

Could you explain what's going on there? – seler – 2011-07-26T22:40:55.067

1after ssh 127.0.0.1 -p 20000 it worked. Still, if you could please explain this... – seler – 2011-07-26T22:53:07.027

1He is setting up two really basic VPNs to the relay box. You might want to look at using something like autossh on your home box to make sure the tunnel stays up, and is automatically started. – Zoredache – 2011-07-26T22:54:17.277

1@seler I added some detail, please let me know if you need more explanation :) – Darth Android – 2011-07-27T13:57:30.393

6

I have tried to better explain the accepted solution below. Let us assume "machine A" and "machine B" are both behind NAT firewall. While both have ssh access to a remote "machine R" (say a VPS).

R -> A

ssh -R 20000:127.0.0.1:22 user@RemoteHost

  1. Above command executed on machine A.

  2. Create a tunnel from R (port 20000 of R) to A (port 22 of A) (reverse tunneling)

B -> R

ssh -L 8000:127.0.0.1:20000 user@RemoteHost

  1. Above command executed on B.

  2. Creates a tunnel from B (port 8000 of B) to R (port 20000 of R)

B -> A

ssh 127.0.0.1 -p 8000

actual connection is going though R , that is B (port 8000) -> R (port 20000) -> A(port 22)

Same using PuTTY and windows:

R -> A

putty.exe -R 20000:127.0.0.1:22 -ssh RemoteHost -P port -l user -pw password

B -> R

putty.exe -L 8000:127.0.0.1:20000  -ssh RemoteHost -P port -l user -pw password

B -> A

putty.exe -ssh 127.0.0.1 -P 8000 -l user -pw password

Ryu_hayabusa

Posted 2011-07-26T22:30:38.737

Reputation: 251

1

Or you might as well setup some IPv6 tunnels with HE.net and just connect directly... (Many VPN solutions will work as well.)

billc.cn

Posted 2011-07-26T22:30:38.737

Reputation: 6 821

Asked: 2011-07-26T22:30:38.737

Viewed: 6 877 times

Active: 2018-01-10T13:31:16.267