Showing posts with label port forwarding. Show all posts
Showing posts with label port forwarding. Show all posts

15 July 2013

476: Rehash: using a browser proxy via tunnel, through a router and with reverse ssh

I may have covered this at some point, but if so, I can't find the post.

Here's the situation:
You have a linux computer at work, which is behind a corporate firewall.
You have a router at home which runs an ssh server (e.g. running tomato).
You have a computer at home, which sits behind the router above.
You want to browse from home using the corporate network

In my case it's a little bit different -- I want to make a change to the router my office network (I have my own office) sits behind, and the easiest way to do that is by logging onto that router via http (it's a stock netgear router).

How to:
First, at work, connect to your home router using reverse ssh, so that all traffic on port 19999 on the router gets sent to port 22 on your work computer:
ssh -R 19999:localhost:22 root@myhomerouter

Later, at home, forward all traffic to port 8989 on your home computer to localhost:19999 on your router (which then gets sent to port 22 on your work computer):
ssh -L 8989:localhost:19999 root@

We've assumed that the router sits on from inside the LAN. Localhost here refers to your home computer, while localhost in the command before that refers to the router.

Then, in a different terminal, open a proxy through port 8989:
 ssh -D 8888 me@localhost -p 8989

Finally, you can now edit your browser/network settings to use a SOCKS proxy on port 8888 like you would with any other proxy.

28 October 2012

267. ECCE client connecting to remote site via reverse port/local port forwarding

The situation I'm about describe is quite specific, yet I don't think it's that unusual.

A. I've got a computer at work which is behind a firewall so that I can't connect directly to it from the outside. This will be referred to as Work.

B. I've got a laptop at home which is connected to a wireless  router. This will be referred to as Home.

C. The router is a Linksys/tomato router, which is accessible from the outside ( This will be referred to as Router.

I'd like to connect from home to my ecce server at work so that I can monitor and submit jobs.

At Work:
ssh -R 19997:localhost:8096

At Home:
ssh -L 5555:localhost:19997

We're basically tying together port 5555 at Home with port 8096 at Work, via an intermediary server.

At Home, edit your ecce/apps/siteconfig/Dataservers and change the relevant lines to

    <desc>ECCE Data Server--remote</desc>


Note that submission actually happens from your ecce client, not your server (i.e. from Home, not Work), so to get your submission scripts in order you may have to do a bit of fiddling. E.g. if you ecce server is also the queue master for an SGE batch system:

ssh -R 19999:localhost:22

ssh -L 5454:localhost:19999

Edit /apps/siteconfig/ and add
ssh_p5454: ssh -XC -p 5454|scp -P 5454|xterm

But you can read more about that here:

30 April 2012

126. linux ssh examples: rsync across portforwarded ssh and helping remotely via ssh behind firewalls

Even bog-standard ssh is pretty neat, since there's little that can't be done in the terminal. However, firewalls can be annoying and if you set somebody up with linux you will have to be prepared to support them for years to come -- at least with debian wheezy the odd breakage happen, and people tend to be less forgiving with linux problems than with windows problems.


1. rsync across a server 
A can connect to B, B can connect to C. A can't connect directly to C. B and C can't connect directly to A. B and C can connect to each other either direction. An example is when B is your home router and C sits on your local network, while A has a public IP but sits behind a corporate firewall.

You want to rsync from A to C

On A, do
ssh user_at_B@B_ip_address -L 5555:C_ip_address:22
then in another terminal
rsync -avz  --progress --stats -e "ssh -p 5555" /home/user_a/work user_c@localhost:/home/user_c/Documents

2. Helping someone in the terminal across a server
A and C can't connect to each-other. A and C can both connect to B. B can't connect to A or C. A wants to connect to C to start e.g a screen session to help out. An example is when both users A and C can connect to a lab router from their respective home, but their ISPs are preventing direct ssh access between them.

Setting up reverse ssh, on C, do
autossh -R 19998:localhost:22 user_B@B_ip_address

Connecting from A to C, do
ssh user_B@B_ip_address -L 19999:localhost:19998
then in another terminal
ssh user_C@localhost -p 19999

You can then set up a screen session to both help and teach.