LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-23-2015, 11:58 PM   #1
aristosv
Member
 
Registered: Dec 2014
Posts: 143

Rep: Reputation: Disabled
reverse nat ssh tunnel - open more that one port?


I will be setting up a few raspberry pi's in various locations, and they will be creating reverse nat ssh tunnels to my ssh server.

I need to set up a monitoring server at the server's location to monitor the raspberry pi's through the ssh server. The monitoring agent that will be installed on the raspberry pi's is communicating with the monitoring server on port 4700.

My question is:

Since I am using reverse nat ssh tunnels to connect on the ssh server, I am guessing that port 4700 will not be opened. If this is true, is there a way to also open port 4700 in that tunnel, so the monitoring server can access the remote agent?

Thanks
 
Old 03-24-2015, 06:06 AM   #2
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 4,539

Rep: Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419
If I am reading this correctly, then you want that when you connect over the tunnel to a Raspberry Pi from the server, that the port 4700 on the Raspberry Pi is forwarded to your server. This can be done using the -L option to ssh.
On the server, something like 'ssh -p <port used to create tunnel from Raspberry PI> -L4701:<IP address of Raspberry Pi>:4700 <user>@localhost' would forward port 4700 on the Raspberry Pi to port 4701 on the server.
You would probably want to create the initial tunnel on a different port for each Raspberry Pi.
 
Old 03-24-2015, 06:30 AM   #3
aristosv
Member
 
Registered: Dec 2014
Posts: 143

Original Poster
Rep: Reputation: Disabled
This is the command I am currently using to create the tunnel. Can you advise how to modify it?

ssh -t -t -o StrictHostKeyChecking=no -o ServerAliveCountMax=5 -o ServerAliveInterval=60 -o LogLevel=ERROR user@my_host_com -R 5001:127.0.0.1:22
 
Old 03-24-2015, 08:37 AM   #4
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 4,539

Rep: Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419
That command looks OK for setting up the reverse SSH tunnel. If you wish to forward port 4700 on the Raspberry Pi to to port 4700 on the server, then on the server try:
Code:
ssh -p 5001 -L4700:<IP address of Raspberry Pi>:4700 <user>@localhost
 
Old 03-24-2015, 08:54 AM   #5
aristosv
Member
 
Registered: Dec 2014
Posts: 143

Original Poster
Rep: Reputation: Disabled
Thanks for your reply. The command you provided requires me to ssh on the server and from there ssh on the raspberry pi. If there a way to open port 4700 (between the ssh server and the pi) when creating the tunnel? So no additional actions are required?
 
Old 03-24-2015, 10:02 AM   #6
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,459

Rep: Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065
It's a separate tunnel from the original one, you can't open two tunnels with one ssh command. You can, however, open both of them from the pi, one after the other.

Last edited by suicidaleggroll; 03-24-2015 at 10:05 AM.
 
Old 03-24-2015, 10:10 AM   #7
aristosv
Member
 
Registered: Dec 2014
Posts: 143

Original Poster
Rep: Reputation: Disabled
Instead of opening two tunnels, is it possible to choose which ports to be open within the tunnel?
 
Old 03-24-2015, 10:15 AM   #8
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,459

Rep: Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065
You already did, you've linked 5001 on the server side to 22 on the RPi side. Any access to port 5001 on the server will transfer through the tunnel and arrive at port 22 on the RPi.

If you want to link two different ports, you need a second tunnel.
 
Old 03-24-2015, 10:19 AM   #9
aristosv
Member
 
Registered: Dec 2014
Posts: 143

Original Poster
Rep: Reputation: Disabled
So no way to have 2 ports open with 1 tunnel?
 
Old 03-24-2015, 10:22 AM   #10
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,459

Rep: Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065Reputation: 2065
Not that I'm aware of. You could have the second tunnel pass through the first tunnel (this is what allend's command is doing), but you still need to set up two tunnels. I'm not sure what the problem with this is...it's just one more command to add on the RPi side so it opens right after the existing ssh tunnel. Once you have the necessary ssh keys set up, it's trivially easy to add any number of tunnels you want.
 
Old 03-24-2015, 10:39 AM   #11
aristosv
Member
 
Registered: Dec 2014
Posts: 143

Original Poster
Rep: Reputation: Disabled
Im just trying to achieve this using the most efficient method. I want to save bandwidth and resources.
 
Old 03-24-2015, 06:55 PM   #12
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 4,539

Rep: Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419Reputation: 1419
A little recap of what goes on.
1. On the Raspberry Pi, the command
Code:
ssh -t -t -o StrictHostKeyChecking=no -o ServerAliveCountMax=5 -o ServerAliveInterval=60 -o LogLevel=ERROR user@my_host_com -R 5001:127.0.0.1:22
creates a reverse SSH tunnel to the server between port 22 on the Pi and port 5001 on the server.
2. On the server, the command
Code:
ssh -p 5001 -L4700:<IP address of Raspberry Pi>:4700 <user>@localhost
connects to the Pi through the tunnel and forwards the port 4700 on the Pi to port 4700 on the server through the existing secure channel.

Note that there is only one tunnel, and that the port forwarding is initiated by the server.

Last edited by allend; 03-24-2015 at 06:57 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH Reverse Tunnel - ~/.ssh/config - PHP marcelp1 Linux - Newbie 1 05-28-2014 12:49 AM
[SOLVED] ssh reverse tunnel vib150 Linux - Networking 16 10-27-2013 09:22 PM
can't connect to listening port (reverse tunnel\port forwarding) YS* Linux - Networking 0 05-16-2011 01:48 PM
[SOLVED] Reverse SSH tunnel edan Linux - Security 3 07-14-2010 09:37 PM
Reverse SSH Tunnel sniggleflop Linux - Security 1 10-13-2002 01:24 PM


All times are GMT -5. The time now is 12:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration