LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 05-01-2009, 10:24 PM   #1
statistic
LQ Newbie
 
Registered: Jan 2009
Location: Guelph ON
Distribution: Ubuntu
Posts: 7

Rep: Reputation: 0
ssh tunnelling through a firewall


I've just moved into a sublet for the summer, and I die without the ability to ssh to my PC. It's kind of an obsession. Trouble is we can only get ON the wireless router, no administrator password for it. It was apparently setup by the provider, and the people at the house nor the provider know the password. Of course the simple answer is to reset to router, but it's locked in a room we can't get into (short of picking the lock, and believe me I've tried) until the guy who lives in that room comes 'round to visit.

So I'm trying to port forward using an external server I have a shell account on. This could be quickly done if the sshd gateway setting was turned on, but it's not. I've managed a bit of an awkward scenario that works for several minutes then I have to restart all the connections.

Currently I have on the client:
ssh -R1339:localhost:1339 remote.server.com -fN
You'll notice there is no -g, because it cannot be used with remote port forwarding.

On the server I'm running:
screen ssh -L1338:localhost:1339 localhost -g
I screen it and detach it into the background since it flings errors about being unable to bind the port if I just send it to the background.

So since the remote forward from my PC can only be accessed by localhost due to the sshd settings, I have a local forward on the remote machine to itself so that it accepts the connection.

I'm able to get to my PC using:
ssh -p1338 remote.server.com
However after a while (an hour or so), none of the connections respond anymore, though the processes are still running. I have to kill all the processes and start them again to get it going again.

Does anyone have any ideas what might be causing this? IPtables forgetting things? ssh idle time booting me?

Any help would be greatly appreciated.
Thanks.

Last edited by statistic; 05-02-2009 at 10:43 AM. Reason: Forgot a parameter, and a misspelling
 
Old 05-01-2009, 10:31 PM   #2
statistic
LQ Newbie
 
Registered: Jan 2009
Location: Guelph ON
Distribution: Ubuntu
Posts: 7

Original Poster
Rep: Reputation: 0
Also if anyone just generally has a better way, that would be great too.
 
Old 05-02-2009, 12:53 PM   #3
TimothyEBaldwin
Member
 
Registered: Mar 2009
Posts: 249

Rep: Reputation: 27
NAT and firewalls (iptables is one) timeout might be to blame.

Set the "ServerAliveInterval" in the client configuration file (or use the -o option).

An alternative is to use IPv6 (with Teredo tunneling). Miredo is a Teredo implementation for Linux and will give you a global IPv6 address, unless it is behind a symmetric NAT without port forwarding. With luck, a static public IPv4 address and a port number specified in it's configuration file, it will give you a static IPv6 address.

Of course if you fortunate enough to already have IPv6 you don't need Teredo, but running your own Teredo relay may improve efficiency of connection with Teredo clients.
 
Old 05-03-2009, 09:22 AM   #4
statistic
LQ Newbie
 
Registered: Jan 2009
Location: Guelph ON
Distribution: Ubuntu
Posts: 7

Original Poster
Rep: Reputation: 0
Thanks Timothy,

I'll look into those both tonight when I get home. Moredo sounds like the nicer option if I can get it working, and even if I can't I might learn something.
 
Old 05-03-2009, 09:07 PM   #5
statistic
LQ Newbie
 
Registered: Jan 2009
Location: Guelph ON
Distribution: Ubuntu
Posts: 7

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by TimothyEBaldwin View Post
NAT and firewalls (iptables is one) timeout might be to blame.

Set the "ServerAliveInterval" in the client configuration file (or use the -o option).

An alternative is to use IPv6 (with Teredo tunneling). Miredo is a Teredo implementation for Linux and will give you a global IPv6 address, unless it is behind a symmetric NAT without port forwarding. With luck, a static public IPv4 address and a port number specified in it's configuration file, it will give you a static IPv6 address.

Of course if you fortunate enough to already have IPv6 you don't need Teredo, but running your own Teredo relay may improve efficiency of connection with Teredo clients.
Miredo seemed like definitely the best way to go about it, and now that I understand a little about IPv6 I think I'm look more into that. However it looks like to get the Miredo server to run on the host without root on the box takes a little song dance despite the simplicity of the client.

I set the the ServerAliveInterval option by adding:
-o ServerAliveInterval=300
to the end of the command run on the client and the connection managed to stay running all day today. So Many thanks.
 
  


Reply

Tags
port forwarding, ssh forwarding, ssh tunnel, tunneling


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Subversion (SVN) tunnelling through SSH nikhil010586 Linux - Server 4 01-24-2009 12:18 AM
SSH Tunnelling Only Server humbletech99 Linux - Security 1 08-03-2007 09:33 PM
[putty&ssh] Who is really good & expert in ssh https tunnelling and firewalling ? Xeratul Linux - General 12 12-03-2006 04:22 AM
tightvnc using ssh tunnelling curmudgeon42 Linux - Software 1 08-18-2004 10:40 PM
ssh tunnelling internet access bfkeats Linux - Networking 2 03-19-2004 04:13 PM


All times are GMT -5. The time now is 09:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration