Trace: reverse_tunnel

Creating a reverse tunnel – Use for creating your own VPN to a network behind firewall with no incoming ports open

Setup for the SSH server that is connected to the internet (this is the server in the Home Network)

  1. Establish a SSH server that is always ON.
  2. This server can be a UNIX or Linux server (can be windows too) that allows SSH connections from the internet. Do this by enabling port forwarding on your internet router to forward SSH connection to this server
  3. Setup a userid and password to connect to this server
  4. Note down the internet address (ssh-server-internet-ip-address) and the internal intranet address (ssh-server-intranet-ip-address) of this server.

Setup in the workstation to be accessed from outside the firewall

  1. Install VNC or configure remote desktop on the workstation that is inside the network be accessed. Let them use their default ports of 5900 and 3389.
  2. Create a putty session as follows:
    1. Connection to the SSH server via ssh-server-internet-ip-address.
    2. Under SSH  Tunnels have the following entries:
      1. R5900 localhost:5900
      2. R3389 localhost:3389
  3. Open putty session and log onto the ssh server (using credentials created before)
  4. Minimize session
  5. Lock computer
  6. Power off monitor (if you are using VNC your actions will be visible to people around your monitor)

Connecting to the workstation inside the firewall

  1. Start another windows workstation (the ssh server can serve dual purpose)
  2. Run VNC client or Windows remote desktop client
  3. Enter the <ssh-server-intranet-ip-address> as connection
  4. Complete credentials input
  5. You should be connected to your workstation behind the firewall

Between two Linux servers (Ubuntu used)

  • Let's name them ub1 and ub2
  • ub1 is on the Internet (example.org)
  • ub2 inside firewall
exampleuser@ub2:~$ plink -C -N example.org -l exampleuser -pw p<ENTER PASSWORD> -R 15099:localhost:22

Once connected (above)

exampleuser@ub1:~$ ssh -l exampleuser -p 15099 localhost

Notes:

-C to Enable SSH compression
-N to Not start a remote command or shell at all (SSH-2 only)

Notes

C:\programs\plink.exe -C -N exampleuser@example.org -pw <password> -R 5900:localhost:5900

On SSH Server telnet localhost 5900 should connect

http://www.vnc.com/pipermail/vnc-list/2004-January/042920.html

The syntax is “ssh -R port:host:hostport [EMAIL PROTECTED]” which will forward “port” listening on “hostname” to “host:hostport” via your local ssh-running machine.

I've just noticed that OpenSSH ~4.0 added an extra feature to -R, and it now binds to localhost by default (rather than 0.0.0.0 and letting the remote side restrict it further).

-R [bind_address:]port:host:hostport
So I think you'll want to use “ssh -R :3000:localhost:2000 [EMAIL PROTECTED]“


QR Code
QR Code tech:linux:reverse_tunnel (generated for current page)