Saturday, November 24, 2012

Stupid SSH Tricks - Securely jumping NATs

I have 3 machines - A,B,C.
A and C are two residential networks that are behind typical NAT routers.
B is a VPS on the internet.

My problem is that I'm at a friend's house, and i need to check my torrent downloads via a webserver on my home's internal network. How can i do this without actually exposing any listening ports to the internet?

So, basically I want to connect from A to C in order to browse several servers in C's network.

This is how to do it without opening any publicly listening ports. (the easy way is just to have C listen on a B's public interface, but that raises security concerns)

1. Have C create a remote port forward to a port on B's localhost
i.e (from C's terminal)
 ssh -R 6000:localhost:22 user@vps 

2. Have A create a remote port forward to a port on B's localhost
i.e (from A's terminal)

 ssh -R 6001:localhost:22 user@vps 

3. Have B create a remote port forward between A and C via the local ports
i.e (from B's terminal)
 ssh -R 6002:localhost:6000 localhost -p6001 

4. Have A setup a socks connection to the new local port listening on A
i.e (from A's terminal)
 ssh -D localhost:8080 localhost -p6002 

5. Point A's browser to use localhost:8080 as a socks proxy. This now will tunnel all the requests from that browser over the ssh tunnels to C's internal network.

My suggestion, is that you keep C always connected to B. This allows you to set up all the tunnels with one long command from A's terminal:

 ssh -R 6001:localhost:22 user@vps -t ssh -R 6002:localhost:6000 localhost -p6001 -t ssh -D localhost:8080 localhost -p6002

EDIT NOTE
Its important to note that you dont TECHNICALLY need to do that many reverse tunnels. 1 reverse tunnel from C to B, and then a local forward from A to B is really all thats needed. But, to each his own...

No comments:

Post a Comment