Reverse SSH – Defeating NAT and firewalls not under your control
October 10, 2009
I have a good friend learning Linux, and I’m trying to help him along as best as I can. Normally, I’d ask him to open up port 22 and start SSH, giving me a user account to log in. However, his connection is via satellite internet, and there’s some funky routing and NAT going on from the provider’s side. He doesn’t have a true external IP, and hence, can’t forward that port.
Enter reverse SSH. With reverse SSH, I had my friend use SSH to forward one of my local machine’s ports back to his own machine’s port 22. Then, I connect to my own machine via that tunnel which allows me to connect to his. It sounds more complicated than it is.
From the firewalled machine, connect to another host. This can be any machine that both parties have access to with an SSH account.
$ ssh -f -N 2022:localhost:22 username@remote.example.com
Once the user has connected, from the remote.example.com machine, you can SSH back to the firewalled host, like this:
$ ssh username@localhost -p2022
You’re connecting to port 2022 on your localhost, which is a tunnel back to the firewalled client’s SSH server on port 22.
That’s all there is to it.
Posted in blog entries
content rss
March 23rd, 2010 at 4:53 am
Hello,
A VPN connection with a dedicated IP can provide an external IP with incoming port forward to the client.
Bassically you connect to the VPN server, and 2 addresses are assigned to you. An external one and a LAN one. They (the VPN company) forwards any requested ports to your IP. Provided of course that the client’s IPS supports VPN connections.
March 29th, 2010 at 5:58 pm
A VPN connection with a dedicated IP can provide an external IP with incoming port forward to the client.