LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-16-2009, 08:57 PM   #1
genmaicha
Member
 
Registered: Apr 2009
Posts: 38

Rep: Reputation: 15
SSHing to server behind NAT?


I'd like to be able to SSH into a server that is behind a NAT. For reasons beyond my control, I cannot simply open up port 22 and forward connections. But I do have physical access to the machine and can do anything remotely.

I figure that I could SSH from the server behind the NAT (call it 'A') to a machine with a proper public IP address (call it 'B'), leave the connection open, and then ssh to B from a remote client (call it 'C')...

Ie, on A, do:
% ssh -R 2222:localhost:22 B

and from C, do
% ssh -p 2222 B

Is there a better way to do this? because with this method the traffic is being encrypted twice between A and B (an SSH connection inside another SSH connection).
 
Old 04-16-2009, 09:14 PM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
Can you open up another port and forward it to 22 on the local PC? Or do you have no control over the firewall?
 
Old 04-16-2009, 10:52 PM   #3
cmdln
Member
 
Registered: Apr 2009
Location: Lawrence, KS
Distribution: Debian, Centos
Posts: 104
Blog Entries: 1

Rep: Reputation: 24
Quote:
Originally Posted by genmaicha View Post
Is there a better way to do this? because with this method the traffic is being encrypted twice between A and B (an SSH connection inside another SSH connection).
There is nothing wrong with doing it that way but another option would be a VPN. Hamachi is pretty cool and ridiculously easy to setup. Once both computers are connected, joined, and online (that will make a bit more sense and sound a bit less repettive once you start using hamachi) you can just ssh directly to the hamach ip assigned to the other computer.
 
Old 04-16-2009, 11:07 PM   #4
genmaicha
Member
 
Registered: Apr 2009
Posts: 38

Original Poster
Rep: Reputation: 15
I'm not sure what you're suggesting, but yes, the NAT in front of the server is not owned/operated by me so I cannot poke holes in it. But I do have complete control of the client machine and it's firewalls.
 
Old 04-17-2009, 12:57 AM   #5
cmdln
Member
 
Registered: Apr 2009
Location: Lawrence, KS
Distribution: Debian, Centos
Posts: 104
Blog Entries: 1

Rep: Reputation: 24
Quote:
Originally Posted by genmaicha View Post
I'm not sure what you're suggesting, but yes, the NAT in front of the server is not owned/operated by me so I cannot poke holes in it. But I do have complete control of the client machine and it's firewalls.
Hamachi is VPN software. You won't have to alter the firewall of the nat router. Basically you log both computers into a secure network using hamachi to do the tunneling. They each get assigned an extra ip that's on the hamachi network. Now you can communicate between the two computers regardless of nat via the assigned hamachi ips .

You also get the added benefit of not having to tunnel specific ports.
 
Old 04-17-2009, 01:43 AM   #6
genmaicha
Member
 
Registered: Apr 2009
Posts: 38

Original Poster
Rep: Reputation: 15
Whoops, my earlier reply was to AlucardZero, disregard that...

Quote:
Originally Posted by cmdln View Post
Hamachi is VPN software. You won't have to alter the firewall of the nat router. Basically you log both computers into a secure network using hamachi to do the tunneling. They each get assigned an extra ip that's on the hamachi network. Now you can communicate between the two computers regardless of nat via the assigned hamachi ips .

You also get the added benefit of not having to tunnel specific ports.
That sounds intriguing... is there a free/open source way of accomplishing the same thing? Would 'openvpn' or 'openswan' work? (I did a quick search for vpn on linux...)
 
Old 04-17-2009, 01:49 AM   #7
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Openvpn will require a port to be forwarded to your machine unless you can set the gateway up to be the server, which doesn't sound like it works for you.
 
Old 04-17-2009, 01:50 AM   #8
rossonieri#1
Member
 
Registered: Jun 2007
Posts: 359

Rep: Reputation: 34
hi,

what the other posters suggested by using a 3rd party tunnel server is the best and easiest way to accomplished your goal.

but, if you dont like it - the direct VPN link between you (as the VPN server) and the server (as VPN client) may be the option, and you dont need to SSH no more.

remember that your server can never be a VPN server because it is behind NAT router - so your side needs to be the VPN server, and it need a few thing to setup on the server (and firewall if any) so it can reach you.

HTH.

Last edited by rossonieri#1; 04-17-2009 at 01:51 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
server behind NAT lipun4u Linux - Networking 2 03-10-2009 04:26 AM
Slowness when SSHing and SCPing? Rotwang Linux - General 6 03-17-2008 11:14 AM
sshing questions bluknight43 Linux - Newbie 1 02-12-2005 10:06 PM
color xterm when sshing into another machine...? clockworks Linux - General 0 01-19-2004 09:24 AM
Problems sshing into box Ripshred Linux - Networking 2 11-08-2003 05:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration