How to connect (easily) two NATed boxes?
 

Hi!

I'd like to get ssh access to one box that's behind a firewall (nated) from a box that is in another network (nated, as well).

Supposing I can use another box that's accessible to both boxes, is there a way I can use that other box to get my (nated) box to get ssh access to the other nated box? Is it possible to do it with SSH tunnels?

Thanks in advance.

PS I know I could set up a VPN, but would require using software on all the boxes and I'd really like to keep it on SSH.

Can you not just add routes on each endpoint? For example
Replace "10.1.0.0" with the network of the second machine, and "10.2.0.0" with the network of the first machine.

The networks are separated. Can't just route between them (and I'm not the administrator, that's why I'm going to the "run something on the clients" solution).

I think I could set a ssh tunnel from both nated boxes to the public box.... but then is there one simple application I could use that could connect separate connections to 2 listening ports (or maybe one)? I mean, one application that could link together 2 client connections made on it?

If you can SSH to the public box, can you not SSH from the public box to one of the other boxes?

Thanks for replying, David.

I already figured out how to do what I want. I'll post a blog entry on the solution and I'll link it here.... so don't desperate. You'll see how probably by the weekend.

Still waiting on that blog entry...

You're right, man.... I'm sorry I didn't link here.

http://maratux.blogspot.com/2009/06/...rom-nated.html

It was not clear from your posts that you wanted to access a Windows remote desktop via the machine in the middle.

While the SSH port forwarding solution is straightforward, there are other ways to solve your problem.

However, if you only had SSH access, and no administrator rights on any of the boxes, then you are probably limited to the solution you used.

Oh, well.... I didn't want to get Remote Desktop access to a windows box (God forbid!). I wanted to get (and actually got) access to a SSH service... and that's plenty. :-D

What means this, then:

That's just an example of what you can do. It's not necessarily that I wanted or needed to do that. As I said, the ultimate goal was to get SSH access to a GNU/Linux box... it's right at the beginning of the article.

ok. We have established what you actually wanted to do. Now I am assuming your boxes are connected like this:
If this is correct, you can SSH from "Machine 1" to "Machine 3", and then you can SSH from "Machine 3" to "Machine 2". I know it means an extra login/password combination, but it is simpler than two SSH tunnels. And if you use keys, then you can eliminate the need to type the password.

Let me know if I missed something.

The problem is, David, that Machine 2 is nated to internet too. So it's impossible to reach machine 2 from machine 3 (or 1, of course).

Then how do the tunnels work?

Maybe I do not understand what you mean by "NATed". I am assuming that the firewalls are forwarding the SSH port to the "NATed" machines. If that assumption is incorrect, I would love to know exactly what is being forwarded.