[lug] Tunneling TCP

Daniel Webb lists at danielwebb.us
Fri Jan 21 22:54:33 MST 2005

Did you realize you can run servers on a machine behind a firewall with
a single SSH command, changing nothing on the firewall?  Suppose host
pib is behind a firewall and host fuzzy is a host you have an account

pib$ ssh -n -N -R2222:localhost:22 some_fuzzy_user at fuzzy &

will allow you to ssh in to pib by doing:

$ ssh -p2222 -oStrictHostKeyChecking=no some_pib_user at fuzzy

from any machine with internet access.

The assumptions here are:
  - all incoming ports on pib's firewall are blocked
  - fuzzy doesn't firewall incoming port 2222
  - pib's firewall doesn't block outgoing port 22

This is important for me because I'm helping my sister (who's out of
state) with her computer, and she's getting internet access by plugging
in her wireless card and associating with an unknown access point in her
apartment building.  I want to ssh in to her machine, but obviously all
incoming ports are blocked and we don't have access to the firewall.
She understands the potential ethical and privacy risks of doing this,
by the way.  

SSH is a wicked tool.  If you need full IP forwarding, not just TCP
forwarding, you can set up a PPP tunnel over a single SSH session that
will do that too, but it's way more complicated.  If you're interested
in that, check out the vpn-pppssh mini-howto.

Sorry if all of you knew this already, but I thought it was too good to
not share.  I have written a small script to keep a tunnel up all the
time as well if anyone has a use for it.


More information about the LUG mailing list