ssh reverse proxy to enable remote access behind a LAN and firewall

So say you are behind a typical NAT/LAN setup whether at home, work or while travelling.  What if you have a computer or server that you need to connect to from the outside?

Yes you could use a VPN but a quick and dirty, temporary and secure way is to use SSH's Reverse Tunneling Proxy feature.

Requirements

On the remote ssh server host you need the GatewayPorts option enabled in sshd_config (be sure to restart sshd after making the change)

Your sshd_config needs this:

GatewayPorts yes
 

On the client / machine that is behind the firewall run the SSH command

ssh -R 33000:localhost:3389 username@remoteip

33000 means when we connect to remoteip:33000 we will be connected to port 3389 o the localhost.

Now we can change the localhost to another IP on our LAN if we wanted to.

Now if we connected to remote ip's 3389 we could connect to RDP even though the machine is firewall'd (this works even if all ports are closed and nothing is forwarded to your machine since the ssh -R reverse proxy command is what handles our inbound connections through the remoteip).


Tags:

ssh, proxy, enable, lan, firewallso, nat, travelling, server, vpn, tunneling, feature, requirements, gatewayports, enabled, sshd_config, restart, sshd, firewall, localhost, username, remoteip, ip, rdp, ports, forwarded, handles, inbound, connections,

Latest Articles

  • Linux tftp listens on all interfaces and IPs by DEFAULT Security Risk Hole Solution
  • python import docx error
  • Cisco Unified Communications Manager Express Cheatsheet CUCME CME
  • Linux Ubuntu Debian Missing privilege separation directory: /var/run/sshd
  • bash how to count the number of columns or words in a line
  • bash if statement how to test program output without assigning to variable
  • RTNETLINK answers: Network is unreachable
  • Centos 7 how to save iptables rules like Centos 6
  • nfs tuning maximum amount of connections
  • qemu-kvm error "Could not initialize SDL(No available video device) - exiting"
  • Centos 7 tftpd will not work with selinux enabled
  • Debian Ubuntu Mint Howto Create Bridge (br0)
  • How To Control Interface that dhcpd server listens to on Debian based Linux like Mint and Ubuntu
  • LUKS unable to type password to unlock during boot on Debian, Ubuntu and Mint
  • Debian Ubuntu and Linux Mint Broken Kernel After Date - New Extra Module Naming Convention
  • Wordpress overwrites and wipes out custom htaccess rules and changes soluton
  • Apache htaccess and mod_rewrite how to redirect and force all URLs and visitors to the SSL / HTTPS version
  • python 3 pip cannot install mysql module
  • QEMU-KVM won't boot Windows 2016 or 2019 server on an Intel Core i3
  • Virtualbox vbox not starting