A and C are two residential networks that are behind typical NAT routers.
B is a VPS on the internet.
My problem is that I'm at a friend's house, and i need to check my torrent downloads via a webserver on my home's internal network. How can i do this without actually exposing any listening ports to the internet?
So, basically I want to connect from A to C in order to browse several servers in C's network.
This is how to do it without opening any publicly listening ports. (the easy way is just to have C listen on a B's public interface, but that raises security concerns)
1. Have C create a remote port forward to a port on B's localhost
i.e (from C's terminal)
ssh -R 6000:localhost:22 user@vps
2. Have A create a remote port forward to a port on B's localhost
i.e (from A's terminal)
ssh -R 6001:localhost:22 user@vps
3. Have B create a remote port forward between A and C via the local ports
i.e (from B's terminal)
ssh -R 6002:localhost:6000 localhost -p6001
4. Have A setup a socks connection to the new local port listening on A
i.e (from A's terminal)
ssh -D localhost:8080 localhost -p6002
5. Point A's browser to use localhost:8080 as a socks proxy. This now will tunnel all the requests from that browser over the ssh tunnels to C's internal network.
My suggestion, is that you keep C always connected to B. This allows you to set up all the tunnels with one long command from A's terminal:
ssh -R 6001:localhost:22 user@vps -t ssh -R 6002:localhost:6000 localhost -p6001 -t ssh -D localhost:8080 localhost -p6002
EDIT NOTEIts important to note that you dont TECHNICALLY need to do that many reverse tunnels. 1 reverse tunnel from C to B, and then a local forward from A to B is really all thats needed. But, to each his own...
No comments:
Post a Comment