ssh reverse proxy to enable remote access behind a LAN and firewall

So say you are behind a typical NAT/LAN setup whether at home, work or while travelling.  What if you have a computer or server that you need to connect to from the outside?

Yes you could use a VPN but a quick and dirty, temporary and secure way is to use SSH's Reverse Tunneling Proxy feature.

Requirements

On the remote ssh server host you need the GatewayPorts option enabled in sshd_config (be sure to restart sshd after making the change)

Your sshd_config needs this:

GatewayPorts yes
 

On the client / machine that is behind the firewall run the SSH command

ssh -R 33000:localhost:3389 username@remoteip

33000 means when we connect to remoteip:33000 we will be connected to port 3389 o the localhost.

Now we can change the localhost to another IP on our LAN if we wanted to.

Now if we connected to remote ip's 3389 we could connect to RDP even though the machine is firewall'd (this works even if all ports are closed and nothing is forwarded to your machine since the ssh -R reverse proxy command is what handles our inbound connections through the remoteip).


Tags:

ssh, proxy, enable, lan, firewallso, nat, travelling, server, vpn, tunneling, feature, requirements, gatewayports, enabled, sshd_config, restart, sshd, firewall, localhost, username, remoteip, ip, rdp, ports, forwarded, handles, inbound, connections,

Latest Articles

  • LXC Containers LXD How to Install and Configure Tutorial Ubuntu Debian Mint
  • GlusterFS HowTo Tutorial For Distributed Storage in Docker, Kubernetes, LXC, KVM, Proxmox
  • Ubuntu Mint audio output not working pulseaudio "pulseaudio[13710]: [pulseaudio] sink-input.c: Failed to create sink input: too many inputs per sink."
  • How To Shrink Dynamically Allocated VM QEMU KVM VMware Disk Image File
  • How To Enable Linux Swapfile Instead of Partition Ubuntu Mint Debian Centos
  • 404 Not Found [IP: 151.101.194.132 80] apt update Debian 11 Bullseye Solution The repository 'http://security.debian.org bullseye/updates Release' does not have a Release file.
  • WARNING: Can't download daily.cvd from db.local.clamav.net freshclam clamav error solution
  • (firefox:9562): LIBDBUSMENU-GLIB-WARNING **: Unable to get session bus: Failed to execute child process "dbus-launch" (No such file or directory) Solution
  • Debian Mint Ubuntu Which Package Provides missing top, ps and w Solution
  • Vbox Virtualbox DNS NAT Network Mode NOT working
  • Docker Tutorial HowTo Install Docker, Use and Create Docker Container Images Clustering Swarm Mode Monitoring Service Hosting Provider
  • Zoom Password Error 'That passcode was incorrect' - Solution Wrong Passcode Wrong Meeting Name
  • How To Startup and Open Remote/Local Folder/Directory in Ubuntu Linux Mint automatically upon login
  • How To Reset Windows Server Password 2019, 2022, 7, 8, 10, 11 Recovery and Removal Guide Using Linux Ubuntu Mint Debian
  • How To Create OpenVPN Server for Secure Remote Corporate Access in Linux Debian/Mint/Ubuntu with client public key authentication
  • HongKong VPS Server, Cloud, Dedicated Server, Co-Location, Datacenter The Best Guide on Hong Kong, China Internet IT/Computing
  • ssh-keygen id_rsa private key howto remove the passphrase so no password is required and no encryption is used
  • Package wget is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source. E: Package 'wget' has no installation candidate. Solution
  • tag#4 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE tag#4 Sense Key : Illegal Request [current] res 40/00:b4:98:02:00/00:00:00:00:00/40 Emask 0x10 (ATA bus error) solution
  • Wazuh Install and Configuration Howto Tutorial Guide for Monitoring Agents