|
reverse nat ssh tunnel - open more that one port?
I will be setting up a few raspberry pi's in various locations, and they will be creating reverse nat ssh tunnels to my ssh server.
I need to set up a monitoring server at the server's location to monitor the raspberry pi's through the ssh server. The monitoring agent that will be installed on the raspberry pi's is communicating with the monitoring server on port 4700. My question is: Since I am using reverse nat ssh tunnels to connect on the ssh server, I am guessing that port 4700 will not be opened. If this is true, is there a way to also open port 4700 in that tunnel, so the monitoring server can access the remote agent? Thanks |
If I am reading this correctly, then you want that when you connect over the tunnel to a Raspberry Pi from the server, that the port 4700 on the Raspberry Pi is forwarded to your server. This can be done using the -L option to ssh.
On the server, something like 'ssh -p <port used to create tunnel from Raspberry PI> -L4701:<IP address of Raspberry Pi>:4700 <user>@localhost' would forward port 4700 on the Raspberry Pi to port 4701 on the server. You would probably want to create the initial tunnel on a different port for each Raspberry Pi. |
This is the command I am currently using to create the tunnel. Can you advise how to modify it?
ssh -t -t -o StrictHostKeyChecking=no -o ServerAliveCountMax=5 -o ServerAliveInterval=60 -o LogLevel=ERROR user@my_host_com -R 5001:127.0.0.1:22 |
That command looks OK for setting up the reverse SSH tunnel. If you wish to forward port 4700 on the Raspberry Pi to to port 4700 on the server, then on the server try:
Code:
ssh -p 5001 -L4700:<IP address of Raspberry Pi>:4700 <user>@localhost |
Thanks for your reply. The command you provided requires me to ssh on the server and from there ssh on the raspberry pi. If there a way to open port 4700 (between the ssh server and the pi) when creating the tunnel? So no additional actions are required?
|
It's a separate tunnel from the original one, you can't open two tunnels with one ssh command. You can, however, open both of them from the pi, one after the other.
|
Instead of opening two tunnels, is it possible to choose which ports to be open within the tunnel?
|
You already did, you've linked 5001 on the server side to 22 on the RPi side. Any access to port 5001 on the server will transfer through the tunnel and arrive at port 22 on the RPi.
If you want to link two different ports, you need a second tunnel. |
So no way to have 2 ports open with 1 tunnel?
|
Not that I'm aware of. You could have the second tunnel pass through the first tunnel (this is what allend's command is doing), but you still need to set up two tunnels. I'm not sure what the problem with this is...it's just one more command to add on the RPi side so it opens right after the existing ssh tunnel. Once you have the necessary ssh keys set up, it's trivially easy to add any number of tunnels you want.
|
Im just trying to achieve this using the most efficient method. I want to save bandwidth and resources.
|
A little recap of what goes on.
1. On the Raspberry Pi, the command Code:
ssh -t -t -o StrictHostKeyChecking=no -o ServerAliveCountMax=5 -o ServerAliveInterval=60 -o LogLevel=ERROR user@my_host_com -R 5001:127.0.0.1:222. On the server, the command Code:
ssh -p 5001 -L4700:<IP address of Raspberry Pi>:4700 <user>@localhostNote that there is only one tunnel, and that the port forwarding is initiated by the server. |
| All times are GMT -5. The time now is 12:46 AM. |