Use reverse ssh tunnel to access remote machines behind NAT

If you have ever connected to your cooperate network using VPN you may understand the complexity of the tools and configurations IT engineers must deal with. In Windows world, it's true. To do anything that looks complicated there's always some software available, to make simple tasks over complicated.


Say if you want to access your home Linux machine from your office. Both are behind firewall and use NAT. You don't have permission to change firewall settings. We see this a very common scenario in today's world. We don't need VPN or any software to connect to home machine (A). What we need is a machine (B) at middle and through B we can connect to A with ssh connection from the machine (C) you are working on. This is the easiest solution I found so far. No need for VPN, expensive software, configuration, ... all you need is ssh.

ssh has a very useful parameter -R. This tells ssh server at remote (B) will forward the given port number to itself (A). For more details always $man ssh. The following diagram is basically everything you need to do.

Step 1.
Create a connection to server B from the server you would wish to connect to which is A in the diagram. By creating a connection to the middle server, you have made port 12345 to listen on the remote server. All connections from remote server which talks to port 12345 would redirect to A.
After the operation you'll be logged into B. Don't close the session otherwise the following work would be pointless.

Step 2.
Connect to the middle server B from your machine C which can be your office desktop machine. If you are using Windows at office, install cygwin or virtual machine in order to use ssh command. It's just a very basic ssh command.

Step 3.
Now you are actually logged on middle server B. Just ssh to localhost with the port that A is listening to, then you would see you have logged on to A!

Not complicated, is it? If not all of your machines are using NAT you don't need middle server. Just remove C and 2nd step in the diagram and you can connect to A from B.

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值