LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   ssh tunnelling through a firewall (http://www.linuxquestions.org/questions/linux-networking-3/ssh-tunnelling-through-a-firewall-723060/)

statistic 05-01-2009 09:24 PM

ssh tunnelling through a firewall
 
I've just moved into a sublet for the summer, and I die without the ability to ssh to my PC. It's kind of an obsession. Trouble is we can only get ON the wireless router, no administrator password for it. It was apparently setup by the provider, and the people at the house nor the provider know the password. Of course the simple answer is to reset to router, but it's locked in a room we can't get into (short of picking the lock, and believe me I've tried) until the guy who lives in that room comes 'round to visit.

So I'm trying to port forward using an external server I have a shell account on. This could be quickly done if the sshd gateway setting was turned on, but it's not. I've managed a bit of an awkward scenario that works for several minutes then I have to restart all the connections.

Currently I have on the client:
ssh -R1339:localhost:1339 remote.server.com -fN
You'll notice there is no -g, because it cannot be used with remote port forwarding.

On the server I'm running:
screen ssh -L1338:localhost:1339 localhost -g
I screen it and detach it into the background since it flings errors about being unable to bind the port if I just send it to the background.

So since the remote forward from my PC can only be accessed by localhost due to the sshd settings, I have a local forward on the remote machine to itself so that it accepts the connection.

I'm able to get to my PC using:
ssh -p1338 remote.server.com
However after a while (an hour or so), none of the connections respond anymore, though the processes are still running. I have to kill all the processes and start them again to get it going again.

Does anyone have any ideas what might be causing this? IPtables forgetting things? ssh idle time booting me?

Any help would be greatly appreciated.
Thanks.

statistic 05-01-2009 09:31 PM

Also if anyone just generally has a better way, that would be great too. :D

TimothyEBaldwin 05-02-2009 11:53 AM

NAT and firewalls (iptables is one) timeout might be to blame.

Set the "ServerAliveInterval" in the client configuration file (or use the -o option).

An alternative is to use IPv6 (with Teredo tunneling). Miredo is a Teredo implementation for Linux and will give you a global IPv6 address, unless it is behind a symmetric NAT without port forwarding. With luck, a static public IPv4 address and a port number specified in it's configuration file, it will give you a static IPv6 address.

Of course if you fortunate enough to already have IPv6 you don't need Teredo, but running your own Teredo relay may improve efficiency of connection with Teredo clients.

statistic 05-03-2009 08:22 AM

Thanks Timothy,

I'll look into those both tonight when I get home. Moredo sounds like the nicer option if I can get it working, and even if I can't I might learn something. :)

statistic 05-03-2009 08:07 PM

Quote:

Originally Posted by TimothyEBaldwin (Post 3527826)
NAT and firewalls (iptables is one) timeout might be to blame.

Set the "ServerAliveInterval" in the client configuration file (or use the -o option).

An alternative is to use IPv6 (with Teredo tunneling). Miredo is a Teredo implementation for Linux and will give you a global IPv6 address, unless it is behind a symmetric NAT without port forwarding. With luck, a static public IPv4 address and a port number specified in it's configuration file, it will give you a static IPv6 address.

Of course if you fortunate enough to already have IPv6 you don't need Teredo, but running your own Teredo relay may improve efficiency of connection with Teredo clients.

Miredo seemed like definitely the best way to go about it, and now that I understand a little about IPv6 I think I'm look more into that. However it looks like to get the Miredo server to run on the host without root on the box takes a little song dance despite the simplicity of the client.

I set the the ServerAliveInterval option by adding:
-o ServerAliveInterval=300
to the end of the command run on the client and the connection managed to stay running all day today. So Many thanks.


All times are GMT -5. The time now is 12:32 AM.