wiki.nth.ro

Say we are working on a server product which we want to expose to the internet but our current networking set-up does not grant us an external IP address.

A reification of the above is the following: benishor went to Cluj and decided to work from the hotel. He started up the server application that he was working on in a virtual machine and then wanted to access it from his 3G-enabled mobile phone. Clearly this was not going to work. What to do? What to do?

You need an external VPS and SSH access to it.

We can make use of ssh's ability to act as a reverse proxy tunneling product.

ssh -R *:<vps_listening_port>:<host_that_will_process_request>:<port_on_processing_host> user@vps

As a concrete example, this is what worked for benishor

ssh -N -T -R *:8080:192.168.50.4:8081 benny@demoscene.ro

The above command roughly translates to: I want sshd on demoscene.ro to listen on all interfaces on port 8080 and route all traffic that it receives to 192.168.50.4:8081 as seen from my local machine.

The extra flags have the following meaning:

-T disables pseudo-tty allocation, which is appropriate because you're not trying to create an interactive shell

-N says that you want an SSH connection, but you don't actually want to run any remote commands. If all you're creating is a tunnel, then including this option saves resources.

Here's a lovely image as drawn by shd, depicting the command syntax:

sshd_config must be edited to contain GatewayPorts yes in order for sshd to be able to listen on interfaces other than loopback. Depending on your distribution, this entry may or may be not enabled by default.

Sometimes the connection might stall or drop. This is a great opportunity to try autossh