Tuesday, March 26, 2013

How to Use Reverse Port Forwarding to Run Commands on Your Natted Server


Have you ever wanted to run (remote) commands on a computer that sits behind a natted firewall, i.e., your computer at home that has a private IP (in the 10.x.x.x or 192.168.x.x range) from another server (Perhaps, from your server at work)?

One issue, for your connecting to your server, is that your home computer's IP not directly accessible from the public internet.  Your internet provider, e.g., ATT or Comcast, may have a cable modem that has a public IP Address (which you can see at http://www.whatismyip.com/), but that public aka WAN IP Address does not get you all the way to your computer.

One solution is to leverage ssh's reverse port forwarding feature to open a terminal session to your work server, which has a static IP address.  This will open an SSH tunnel through which you can later push commands from your work server to your home computer.


Your work server name is workserver.  Note:  You can put this convenience domain name in your /etc/hosts file s.t., you don't have to enter that IP Address over and over again.

The (reverse) port number used for pushing commands from your work server to your home computer is 20022.

The port number that you have configured to accept SSH requests on your work server is 30022.


Run the following command to open the magical reverse tunnel:

[username@homecomputer ~]$ ssh -R 20022:localhost:22 workserver -p 30022

[username@workserver ~]$ ssh localhost -p 20022 "echo 'I am running on `hostname`' "

This will print:  I am running on homecomputer

Debugging SSH

When working with SSH it is often helpful to run the SSH client and SSH server daemon in debug mode.

Debugging SSH  Client

Just put the -v parameter to turn on verbose output:

ssh -v localhost -p 20022

Debugging SSH Daemon

Run the SSH Server in debug mode:

[root@homecomputer ~]# /usr/sbin/sshd -d

Back to Normal

Run the SSHD normally:

[root@homecomputer ~]# /etc/init.d/sshd reload

Sponsor Ads

No comments:

Post a Comment