[TriLUG] reverse ssh through firewall/NAT with a twist
Steve Litt
slitt at troubleshooters.com
Sun Nov 16 05:06:44 EST 2014
On Sat, 15 Nov 2014 22:22:10 -0500
Kevin Hunter Kesling <hunteke at earlham.edu> wrote:
> At 10:59am -0500 Sat, 15 Nov 2014, Bill Farrow wrote:
> > On Sat, Nov 15, 2014 at 10:23 AM, Alan Porter wrote:
> >>> BusComp <--> router <--> Internet <--> router <--> HomeComp
> >
> > I think the Kevin is looking for an implementation of "Firewall Hole
> > Punching" for SSH.
> > http://en.wikipedia.org/wiki/Hole_punching
>
> Exactly. I didn't know what this was called (obviously!). Thanks!
>
> > Traversing NAT on your firewall is nothing new. Skype does this all
> > the time. Perhaps this tool might work ?
> > http://samy.pl/pwnat/
>
> Awesome. I read through the description and how-it-works sections
> and it appears to be exactly for what I asked. That is a
> fantastically clever hack, from someone who clearly knows the IP4
> protocols better than I.
I must be missing something. Pinholes are for when the server is on
your LAN (like your own sshd server), not when the servers on the
Internet (like Skype).
Anyway, one easy way to pinhole port 22 is by using PFSense, which is a
FreeBSD firewall appliance. It's very easy, and you don't need to be a
pf syntax guru.
When I'm on the road and ssh into the dynamic dns IP for my firewall,
the ssh client query gets passed to the sshd running on my desktop. I
also use that to grab email off my desktop's IMAP server, via ssh
tunnel.
SteveT
Steve Litt * http://www.troubleshooters.com/
Troubleshooting Training * Human Performance
More information about the TriLUG
mailing list