Tunnelling server traffic throuh SSH when port forwarding on network is unavailable?
Setup
At home, I have a little Raspberry Pi 3 that runs services that are exposed to the internet. For example, it is running a HTTP server. I will call this server raspberry. I can manage raspberry remotely via SSH: I have opened port 22 on my router at home and therefore traffic to my public IP for this port is forwarded to raspberry. So far so good.
raspberry's architecture is arm64 and it runs FreeBSD which makes it impossible (apparently, I tried hacking around, but no dice) for me to run a game server (UrbanTerror 4.3) on it.
I also have another machine, which is a ThinkPad (later on: thinkpad) running OpenBSD and it has an amd64 architecture, which does in fact allow me to run the desired server. From thinkpad, I can access raspberry by using SSH.
Question
I am currently not at home, but on a different network, actually abroad. I have an irresistible urge to host my server now, but I couldn't manage to do it on raspberry, as I said.
Would it be somehow possible to run the server on thinkpad and tunnel all traffic through raspberry (since I can expose that to the internet, whereas here, abroad, I do not have administrator rights to the router)?
Essentially, what I want is to run the server on thinkpad as if I were running it on raspberry in terms of networking. That is the server would appear in server browsers and players would be able to connect: the traffic would arrive at raspberry through port eg 27900 and it would be sent over the internet via SSH to thinkpad.
PS I realize this would probably result in poor performance due to relaying the traffic through SSH but I would still like to try.
Thank you in advance and sorry for the long post!
EDIT 2018-12-14: Here is what I have already tried
So I need a reverse SSH tunnel for this. I created a tunnel from thinkpad like so
ssh -N -R :27960:localhost:27960 <raspberry's public IP>
The tunnel is created successfully. I checked with netstat on raspberry and it is indeed listening on *:27960 (but TCP; is this a problem? UrbanTerror, like other games, uses UDP). Now I launched the server on thinkpad and again, with netstat, I saw that it's listening on *:27960 (UDP).
I tried opening an UrbanTerror client on thinkpad and connecting to <raspberry's IP>, but it didn't work. To debug, I tried the same while running
tcpdump -n -e -ttt -i ue0 | grep 27960
on raspberry. When I attempted joining my server through raspberry from UrbanTerror, the following appeared in the dump:
188.112.111.89.27961 > 192.168.0.33.27960: UDP, length 16
192.168.0.33 > 188.112.111.89: ICMP 192.168.0.33 udp port 27960 unreachable
(I stripped the output for brevity)
188.112.111.89 is the current public IP of thinkpad and 192.168.0.33 is of course raspberry. Why is port 27960 unreachable? Clearly, according to netstat, thinkpad is listening on that port.
Just to test connectivity, I tried running nc -l 27960 on thinkpad and nc localhost 27960 on raspberry: I could communicate in both directions w/o problems.
I think it's also worth mentioning that I have OpenBSD's pf packet filter running on both machines but I have disabled it for troubleshooting.
ssh port-forwarding ssh-tunnel
asked Dec 13 '18 at 18:32
bertalanp99
739
migrated from serverfault.com Dec 13 '18 at 18:41
This question came from our site for system and network administrators.
add a comment |
Setup
At home, I have a little Raspberry Pi 3 that runs services that are exposed to the internet. For example, it is running a HTTP server. I will call this server raspberry. I can manage raspberry remotely via SSH: I have opened port 22 on my router at home and therefore traffic to my public IP for this port is forwarded to raspberry. So far so good.
raspberry's architecture is arm64 and it runs FreeBSD which makes it impossible (apparently, I tried hacking around, but no dice) for me to run a game server (UrbanTerror 4.3) on it.
I also have another machine, which is a ThinkPad (later on: thinkpad) running OpenBSD and it has an amd64 architecture, which does in fact allow me to run the desired server. From thinkpad, I can access raspberry by using SSH.
Question
I am currently not at home, but on a different network, actually abroad. I have an irresistible urge to host my server now, but I couldn't manage to do it on raspberry, as I said.
Would it be somehow possible to run the server on thinkpad and tunnel all traffic through raspberry (since I can expose that to the internet, whereas here, abroad, I do not have administrator rights to the router)?
Essentially, what I want is to run the server on thinkpad as if I were running it on raspberry in terms of networking. That is the server would appear in server browsers and players would be able to connect: the traffic would arrive at raspberry through port eg 27900 and it would be sent over the internet via SSH to thinkpad.
PS I realize this would probably result in poor performance due to relaying the traffic through SSH but I would still like to try.
Thank you in advance and sorry for the long post!
EDIT 2018-12-14: Here is what I have already tried
So I need a reverse SSH tunnel for this. I created a tunnel from thinkpad like so
ssh -N -R :27960:localhost:27960 <raspberry's public IP>
The tunnel is created successfully. I checked with netstat on raspberry and it is indeed listening on *:27960 (but TCP; is this a problem? UrbanTerror, like other games, uses UDP). Now I launched the server on thinkpad and again, with netstat, I saw that it's listening on *:27960 (UDP).
I tried opening an UrbanTerror client on thinkpad and connecting to <raspberry's IP>, but it didn't work. To debug, I tried the same while running
tcpdump -n -e -ttt -i ue0 | grep 27960
on raspberry. When I attempted joining my server through raspberry from UrbanTerror, the following appeared in the dump:
188.112.111.89.27961 > 192.168.0.33.27960: UDP, length 16
192.168.0.33 > 188.112.111.89: ICMP 192.168.0.33 udp port 27960 unreachable
(I stripped the output for brevity)
188.112.111.89 is the current public IP of thinkpad and 192.168.0.33 is of course raspberry. Why is port 27960 unreachable? Clearly, according to netstat, thinkpad is listening on that port.
Just to test connectivity, I tried running nc -l 27960 on thinkpad and nc localhost 27960 on raspberry: I could communicate in both directions w/o problems.
I think it's also worth mentioning that I have OpenBSD's pf packet filter running on both machines but I have disabled it for troubleshooting.
ssh port-forwarding ssh-tunnel
asked Dec 13 '18 at 18:32
bertalanp99
739
migrated from serverfault.com Dec 13 '18 at 18:41
This question came from our site for system and network administrators.
What have you tried so far? Does "remote port forwarding" ring a bell? Have you readman ssh? In this question the setup is similar (translation: "Plex" -> "thinkpad"; "remote server" -> "raspberry").
– Kamil Maciorowski
Dec 13 '18 at 19:14
1
Yes, you can do that. Keywords are "ssh" and "tunnel" (unsurprisingly). Both the man page and the web have lots of details. If you can't set it up, edit your question with what you've tried, and what doesn't work.
– dirkt
Dec 13 '18 at 19:33
@dirkt I have updated my question as you asked.
– bertalanp99
Dec 14 '18 at 12:30
add a comment |
Setup
At home, I have a little Raspberry Pi 3 that runs services that are exposed to the internet. For example, it is running a HTTP server. I will call this server raspberry. I can manage raspberry remotely via SSH: I have opened port 22 on my router at home and therefore traffic to my public IP for this port is forwarded to raspberry. So far so good.
raspberry's architecture is arm64 and it runs FreeBSD which makes it impossible (apparently, I tried hacking around, but no dice) for me to run a game server (UrbanTerror 4.3) on it.
I also have another machine, which is a ThinkPad (later on: thinkpad) running OpenBSD and it has an amd64 architecture, which does in fact allow me to run the desired server. From thinkpad, I can access raspberry by using SSH.
Question
I am currently not at home, but on a different network, actually abroad. I have an irresistible urge to host my server now, but I couldn't manage to do it on raspberry, as I said.
Would it be somehow possible to run the server on thinkpad and tunnel all traffic through raspberry (since I can expose that to the internet, whereas here, abroad, I do not have administrator rights to the router)?
Essentially, what I want is to run the server on thinkpad as if I were running it on raspberry in terms of networking. That is the server would appear in server browsers and players would be able to connect: the traffic would arrive at raspberry through port eg 27900 and it would be sent over the internet via SSH to thinkpad.
PS I realize this would probably result in poor performance due to relaying the traffic through SSH but I would still like to try.
Thank you in advance and sorry for the long post!
EDIT 2018-12-14: Here is what I have already tried
So I need a reverse SSH tunnel for this. I created a tunnel from thinkpad like so
ssh -N -R :27960:localhost:27960 <raspberry's public IP>
The tunnel is created successfully. I checked with netstat on raspberry and it is indeed listening on *:27960 (but TCP; is this a problem? UrbanTerror, like other games, uses UDP). Now I launched the server on thinkpad and again, with netstat, I saw that it's listening on *:27960 (UDP).
I tried opening an UrbanTerror client on thinkpad and connecting to <raspberry's IP>, but it didn't work. To debug, I tried the same while running
tcpdump -n -e -ttt -i ue0 | grep 27960
on raspberry. When I attempted joining my server through raspberry from UrbanTerror, the following appeared in the dump:
188.112.111.89.27961 > 192.168.0.33.27960: UDP, length 16
192.168.0.33 > 188.112.111.89: ICMP 192.168.0.33 udp port 27960 unreachable
(I stripped the output for brevity)
188.112.111.89 is the current public IP of thinkpad and 192.168.0.33 is of course raspberry. Why is port 27960 unreachable? Clearly, according to netstat, thinkpad is listening on that port.
Just to test connectivity, I tried running nc -l 27960 on thinkpad and nc localhost 27960 on raspberry: I could communicate in both directions w/o problems.
I think it's also worth mentioning that I have OpenBSD's pf packet filter running on both machines but I have disabled it for troubleshooting.
ssh port-forwarding ssh-tunnel
asked Dec 13 '18 at 18:32
bertalanp99
739
Setup
At home, I have a little Raspberry Pi 3 that runs services that are exposed to the internet. For example, it is running a HTTP server. I will call this server raspberry. I can manage raspberry remotely via SSH: I have opened port 22 on my router at home and therefore traffic to my public IP for this port is forwarded to raspberry. So far so good.
raspberry's architecture is arm64 and it runs FreeBSD which makes it impossible (apparently, I tried hacking around, but no dice) for me to run a game server (UrbanTerror 4.3) on it.
I also have another machine, which is a ThinkPad (later on: thinkpad) running OpenBSD and it has an amd64 architecture, which does in fact allow me to run the desired server. From thinkpad, I can access raspberry by using SSH.
Question
I am currently not at home, but on a different network, actually abroad. I have an irresistible urge to host my server now, but I couldn't manage to do it on raspberry, as I said.
Would it be somehow possible to run the server on thinkpad and tunnel all traffic through raspberry (since I can expose that to the internet, whereas here, abroad, I do not have administrator rights to the router)?
Essentially, what I want is to run the server on thinkpad as if I were running it on raspberry in terms of networking. That is the server would appear in server browsers and players would be able to connect: the traffic would arrive at raspberry through port eg 27900 and it would be sent over the internet via SSH to thinkpad.
PS I realize this would probably result in poor performance due to relaying the traffic through SSH but I would still like to try.
Thank you in advance and sorry for the long post!
EDIT 2018-12-14: Here is what I have already tried
So I need a reverse SSH tunnel for this. I created a tunnel from thinkpad like so
ssh -N -R :27960:localhost:27960 <raspberry's public IP>
The tunnel is created successfully. I checked with netstat on raspberry and it is indeed listening on *:27960 (but TCP; is this a problem? UrbanTerror, like other games, uses UDP). Now I launched the server on thinkpad and again, with netstat, I saw that it's listening on *:27960 (UDP).
I tried opening an UrbanTerror client on thinkpad and connecting to <raspberry's IP>, but it didn't work. To debug, I tried the same while running
tcpdump -n -e -ttt -i ue0 | grep 27960
on raspberry. When I attempted joining my server through raspberry from UrbanTerror, the following appeared in the dump:
188.112.111.89.27961 > 192.168.0.33.27960: UDP, length 16
192.168.0.33 > 188.112.111.89: ICMP 192.168.0.33 udp port 27960 unreachable
(I stripped the output for brevity)
188.112.111.89 is the current public IP of thinkpad and 192.168.0.33 is of course raspberry. Why is port 27960 unreachable? Clearly, according to netstat, thinkpad is listening on that port.
Just to test connectivity, I tried running nc -l 27960 on thinkpad and nc localhost 27960 on raspberry: I could communicate in both directions w/o problems.
I think it's also worth mentioning that I have OpenBSD's pf packet filter running on both machines but I have disabled it for troubleshooting.
ssh port-forwarding ssh-tunnel
ssh port-forwarding ssh-tunnel
asked Dec 13 '18 at 18:32
bertalanp99
739
asked Dec 13 '18 at 18:32
bertalanp99
739
edited Dec 14 '18 at 12:29
asked Dec 13 '18 at 18:32
bertalanp99
739
asked Dec 13 '18 at 18:32
bertalanp99
739
asked Dec 13 '18 at 18:32
bertalanp99
739
739
migrated from serverfault.com Dec 13 '18 at 18:41
This question came from our site for system and network administrators.
migrated from serverfault.com Dec 13 '18 at 18:41
This question came from our site for system and network administrators.
What have you tried so far? Does "remote port forwarding" ring a bell? Have you readman ssh? In this question the setup is similar (translation: "Plex" -> "thinkpad"; "remote server" -> "raspberry").
– Kamil Maciorowski
Dec 13 '18 at 19:14
1
Yes, you can do that. Keywords are "ssh" and "tunnel" (unsurprisingly). Both the man page and the web have lots of details. If you can't set it up, edit your question with what you've tried, and what doesn't work.
– dirkt
Dec 13 '18 at 19:33
@dirkt I have updated my question as you asked.
– bertalanp99
Dec 14 '18 at 12:30
add a comment |
What have you tried so far? Does "remote port forwarding" ring a bell? Have you readman ssh? In this question the setup is similar (translation: "Plex" -> "thinkpad"; "remote server" -> "raspberry").
– Kamil Maciorowski
Dec 13 '18 at 19:14
1
Yes, you can do that. Keywords are "ssh" and "tunnel" (unsurprisingly). Both the man page and the web have lots of details. If you can't set it up, edit your question with what you've tried, and what doesn't work.
– dirkt
Dec 13 '18 at 19:33
@dirkt I have updated my question as you asked.
– bertalanp99
Dec 14 '18 at 12:30
What have you tried so far? Does "remote port forwarding" ring a bell? Have you read
man ssh? In this question the setup is similar (translation: "Plex" -> "thinkpad"; "remote server" -> "raspberry").– Kamil Maciorowski
Dec 13 '18 at 19:14
What have you tried so far? Does "remote port forwarding" ring a bell? Have you read
man ssh? In this question the setup is similar (translation: "Plex" -> "thinkpad"; "remote server" -> "raspberry").– Kamil Maciorowski
Dec 13 '18 at 19:14
1
1
Yes, you can do that. Keywords are "ssh" and "tunnel" (unsurprisingly). Both the man page and the web have lots of details. If you can't set it up, edit your question with what you've tried, and what doesn't work.
– dirkt
Dec 13 '18 at 19:33
Yes, you can do that. Keywords are "ssh" and "tunnel" (unsurprisingly). Both the man page and the web have lots of details. If you can't set it up, edit your question with what you've tried, and what doesn't work.
– dirkt
Dec 13 '18 at 19:33
@dirkt I have updated my question as you asked.
– bertalanp99
Dec 14 '18 at 12:30
@dirkt I have updated my question as you asked.
– bertalanp99
Dec 14 '18 at 12:30
add a comment |
2 Answers
2
active
oldest
votes
There are several ways you can do this. Easiest is to temporarily create ssh tunnel to router web interface via raspberry. Open UDP on router to thinkpad (UrbanTerror server only uses UDP and default port is 27960). After that, players would be able to connect to your public IP.
If you don't want to open another port on router. Each players will have to have access to SSH to your raspberry and make SSH port forwarding tunnel via TCP port 22 and perform UDP to TCP relay on their machine. You can do this with socat:
Raspberry side: socat tcp4-listen:27900,reuseaddr,fork UDP:`thinkpad`:27960
Players side: socat -T15 udp4-recvfrom:27960,reuseaddr,fork tcp:localhost:27900
answered Dec 14 '18 at 9:03
badrul
111
Sorry, either I wasn't clear enough or you have missed something. I cannot open the port tothinkpadas that box is not even on my home network. I am not sure about the second solution you provided, I would like everybody to be able to connect, without having the need to SSH.
– bertalanp99
Dec 14 '18 at 12:13
add a comment |
If I understood you correctly, you and your thinkpad are abroad, the raspberry is at home, and you can remotely configure your router at home to open new ports on the raspberry.
TCP vs UDP makes a big difference, because ssh can only tunnel TCP. So you additionally need to convert between those.
The latency in the complete setup will be very noticeable.
You need to
1) Configure your router at home to forward UDP port 27960 to the raspberry.
2) On the raspberry, convert with socat between UDP and TCP, the latter say on port 27900.
3) Create a ssh tunnel from the thinkpad to the raspberry; the direction will depend on the socat commands. Say, port 27900 on both sides.
4) On the thinkpad, use socat again to convert between TCP 27900 and UDP 27960.
IIRC you have to be a bit careful which of the UDP variants to use with socat so it works in both directions. I'd need to test this, but I don't have the time right now, so I can't give you concrete commands right now. You also have to set it up on the correct order, so that the "listening" services are started first, before they get a connection from the other steps.
answered Dec 14 '18 at 13:44
dirkt
9,05231121
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1383373%2ftunnelling-server-traffic-throuh-ssh-when-port-forwarding-on-network-is-unavaila%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
There are several ways you can do this. Easiest is to temporarily create ssh tunnel to router web interface via raspberry. Open UDP on router to thinkpad (UrbanTerror server only uses UDP and default port is 27960). After that, players would be able to connect to your public IP.
If you don't want to open another port on router. Each players will have to have access to SSH to your raspberry and make SSH port forwarding tunnel via TCP port 22 and perform UDP to TCP relay on their machine. You can do this with socat:
Raspberry side: socat tcp4-listen:27900,reuseaddr,fork UDP:`thinkpad`:27960
Players side: socat -T15 udp4-recvfrom:27960,reuseaddr,fork tcp:localhost:27900
answered Dec 14 '18 at 9:03
badrul
111
Sorry, either I wasn't clear enough or you have missed something. I cannot open the port tothinkpadas that box is not even on my home network. I am not sure about the second solution you provided, I would like everybody to be able to connect, without having the need to SSH.
– bertalanp99
Dec 14 '18 at 12:13
add a comment |
There are several ways you can do this. Easiest is to temporarily create ssh tunnel to router web interface via raspberry. Open UDP on router to thinkpad (UrbanTerror server only uses UDP and default port is 27960). After that, players would be able to connect to your public IP.
If you don't want to open another port on router. Each players will have to have access to SSH to your raspberry and make SSH port forwarding tunnel via TCP port 22 and perform UDP to TCP relay on their machine. You can do this with socat:
Raspberry side: socat tcp4-listen:27900,reuseaddr,fork UDP:`thinkpad`:27960
Players side: socat -T15 udp4-recvfrom:27960,reuseaddr,fork tcp:localhost:27900
answered Dec 14 '18 at 9:03
badrul
111
Sorry, either I wasn't clear enough or you have missed something. I cannot open the port tothinkpadas that box is not even on my home network. I am not sure about the second solution you provided, I would like everybody to be able to connect, without having the need to SSH.
– bertalanp99
Dec 14 '18 at 12:13
add a comment |
There are several ways you can do this. Easiest is to temporarily create ssh tunnel to router web interface via raspberry. Open UDP on router to thinkpad (UrbanTerror server only uses UDP and default port is 27960). After that, players would be able to connect to your public IP.
If you don't want to open another port on router. Each players will have to have access to SSH to your raspberry and make SSH port forwarding tunnel via TCP port 22 and perform UDP to TCP relay on their machine. You can do this with socat:
Raspberry side: socat tcp4-listen:27900,reuseaddr,fork UDP:`thinkpad`:27960
Players side: socat -T15 udp4-recvfrom:27960,reuseaddr,fork tcp:localhost:27900
answered Dec 14 '18 at 9:03
badrul
111
There are several ways you can do this. Easiest is to temporarily create ssh tunnel to router web interface via raspberry. Open UDP on router to thinkpad (UrbanTerror server only uses UDP and default port is 27960). After that, players would be able to connect to your public IP.
If you don't want to open another port on router. Each players will have to have access to SSH to your raspberry and make SSH port forwarding tunnel via TCP port 22 and perform UDP to TCP relay on their machine. You can do this with socat:
Raspberry side: socat tcp4-listen:27900,reuseaddr,fork UDP:`thinkpad`:27960
Players side: socat -T15 udp4-recvfrom:27960,reuseaddr,fork tcp:localhost:27900
answered Dec 14 '18 at 9:03
badrul
111
answered Dec 14 '18 at 9:03
badrul
111
answered Dec 14 '18 at 9:03
badrul
111
answered Dec 14 '18 at 9:03
badrul
111
111
Sorry, either I wasn't clear enough or you have missed something. I cannot open the port tothinkpadas that box is not even on my home network. I am not sure about the second solution you provided, I would like everybody to be able to connect, without having the need to SSH.
– bertalanp99
Dec 14 '18 at 12:13
add a comment |
Sorry, either I wasn't clear enough or you have missed something. I cannot open the port tothinkpadas that box is not even on my home network. I am not sure about the second solution you provided, I would like everybody to be able to connect, without having the need to SSH.
– bertalanp99
Dec 14 '18 at 12:13
Sorry, either I wasn't clear enough or you have missed something. I cannot open the port to
thinkpad as that box is not even on my home network. I am not sure about the second solution you provided, I would like everybody to be able to connect, without having the need to SSH.– bertalanp99
Dec 14 '18 at 12:13
Sorry, either I wasn't clear enough or you have missed something. I cannot open the port to
thinkpad as that box is not even on my home network. I am not sure about the second solution you provided, I would like everybody to be able to connect, without having the need to SSH.– bertalanp99
Dec 14 '18 at 12:13
add a comment |
If I understood you correctly, you and your thinkpad are abroad, the raspberry is at home, and you can remotely configure your router at home to open new ports on the raspberry.
TCP vs UDP makes a big difference, because ssh can only tunnel TCP. So you additionally need to convert between those.
The latency in the complete setup will be very noticeable.
You need to
1) Configure your router at home to forward UDP port 27960 to the raspberry.
2) On the raspberry, convert with socat between UDP and TCP, the latter say on port 27900.
3) Create a ssh tunnel from the thinkpad to the raspberry; the direction will depend on the socat commands. Say, port 27900 on both sides.
4) On the thinkpad, use socat again to convert between TCP 27900 and UDP 27960.
IIRC you have to be a bit careful which of the UDP variants to use with socat so it works in both directions. I'd need to test this, but I don't have the time right now, so I can't give you concrete commands right now. You also have to set it up on the correct order, so that the "listening" services are started first, before they get a connection from the other steps.
answered Dec 14 '18 at 13:44
dirkt
9,05231121
add a comment |
If I understood you correctly, you and your thinkpad are abroad, the raspberry is at home, and you can remotely configure your router at home to open new ports on the raspberry.
TCP vs UDP makes a big difference, because ssh can only tunnel TCP. So you additionally need to convert between those.
The latency in the complete setup will be very noticeable.
You need to
1) Configure your router at home to forward UDP port 27960 to the raspberry.
2) On the raspberry, convert with socat between UDP and TCP, the latter say on port 27900.
3) Create a ssh tunnel from the thinkpad to the raspberry; the direction will depend on the socat commands. Say, port 27900 on both sides.
4) On the thinkpad, use socat again to convert between TCP 27900 and UDP 27960.
IIRC you have to be a bit careful which of the UDP variants to use with socat so it works in both directions. I'd need to test this, but I don't have the time right now, so I can't give you concrete commands right now. You also have to set it up on the correct order, so that the "listening" services are started first, before they get a connection from the other steps.
answered Dec 14 '18 at 13:44
dirkt
9,05231121
add a comment |
If I understood you correctly, you and your thinkpad are abroad, the raspberry is at home, and you can remotely configure your router at home to open new ports on the raspberry.
TCP vs UDP makes a big difference, because ssh can only tunnel TCP. So you additionally need to convert between those.
The latency in the complete setup will be very noticeable.
You need to
1) Configure your router at home to forward UDP port 27960 to the raspberry.
2) On the raspberry, convert with socat between UDP and TCP, the latter say on port 27900.
3) Create a ssh tunnel from the thinkpad to the raspberry; the direction will depend on the socat commands. Say, port 27900 on both sides.
4) On the thinkpad, use socat again to convert between TCP 27900 and UDP 27960.
IIRC you have to be a bit careful which of the UDP variants to use with socat so it works in both directions. I'd need to test this, but I don't have the time right now, so I can't give you concrete commands right now. You also have to set it up on the correct order, so that the "listening" services are started first, before they get a connection from the other steps.
answered Dec 14 '18 at 13:44
dirkt
9,05231121
If I understood you correctly, you and your thinkpad are abroad, the raspberry is at home, and you can remotely configure your router at home to open new ports on the raspberry.
TCP vs UDP makes a big difference, because ssh can only tunnel TCP. So you additionally need to convert between those.
The latency in the complete setup will be very noticeable.
You need to
1) Configure your router at home to forward UDP port 27960 to the raspberry.
2) On the raspberry, convert with socat between UDP and TCP, the latter say on port 27900.
3) Create a ssh tunnel from the thinkpad to the raspberry; the direction will depend on the socat commands. Say, port 27900 on both sides.
4) On the thinkpad, use socat again to convert between TCP 27900 and UDP 27960.
IIRC you have to be a bit careful which of the UDP variants to use with socat so it works in both directions. I'd need to test this, but I don't have the time right now, so I can't give you concrete commands right now. You also have to set it up on the correct order, so that the "listening" services are started first, before they get a connection from the other steps.
answered Dec 14 '18 at 13:44
dirkt
9,05231121
answered Dec 14 '18 at 13:44
dirkt
9,05231121
answered Dec 14 '18 at 13:44
dirkt
9,05231121
answered Dec 14 '18 at 13:44
dirkt
9,05231121
9,05231121
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1383373%2ftunnelling-server-traffic-throuh-ssh-when-port-forwarding-on-network-is-unavaila%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
What have you tried so far? Does "remote port forwarding" ring a bell? Have you read
man ssh? In this question the setup is similar (translation: "Plex" -> "thinkpad"; "remote server" -> "raspberry").– Kamil Maciorowski
Dec 13 '18 at 19:14
1
Yes, you can do that. Keywords are "ssh" and "tunnel" (unsurprisingly). Both the man page and the web have lots of details. If you can't set it up, edit your question with what you've tried, and what doesn't work.
– dirkt
Dec 13 '18 at 19:33
@dirkt I have updated my question as you asked.
– bertalanp99
Dec 14 '18 at 12:30