Tunnelling server traffic throuh SSH when port forwarding on network is unavailable?












0














Setup



At home, I have a little Raspberry Pi 3 that runs services that are exposed to the internet. For example, it is running a HTTP server. I will call this server raspberry. I can manage raspberry remotely via SSH: I have opened port 22 on my router at home and therefore traffic to my public IP for this port is forwarded to raspberry. So far so good.



raspberry's architecture is arm64 and it runs FreeBSD which makes it impossible (apparently, I tried hacking around, but no dice) for me to run a game server (UrbanTerror 4.3) on it.



I also have another machine, which is a ThinkPad (later on: thinkpad) running OpenBSD and it has an amd64 architecture, which does in fact allow me to run the desired server. From thinkpad, I can access raspberry by using SSH.



Question



I am currently not at home, but on a different network, actually abroad. I have an irresistible urge to host my server now, but I couldn't manage to do it on raspberry, as I said.



Would it be somehow possible to run the server on thinkpad and tunnel all traffic through raspberry (since I can expose that to the internet, whereas here, abroad, I do not have administrator rights to the router)?



Essentially, what I want is to run the server on thinkpad as if I were running it on raspberry in terms of networking. That is the server would appear in server browsers and players would be able to connect: the traffic would arrive at raspberry through port eg 27900 and it would be sent over the internet via SSH to thinkpad.



PS I realize this would probably result in poor performance due to relaying the traffic through SSH but I would still like to try.



Thank you in advance and sorry for the long post!



EDIT 2018-12-14: Here is what I have already tried



So I need a reverse SSH tunnel for this. I created a tunnel from thinkpad like so



ssh -N -R :27960:localhost:27960 <raspberry's public IP>


The tunnel is created successfully. I checked with netstat on raspberry and it is indeed listening on *:27960 (but TCP; is this a problem? UrbanTerror, like other games, uses UDP). Now I launched the server on thinkpad and again, with netstat, I saw that it's listening on *:27960 (UDP).



I tried opening an UrbanTerror client on thinkpad and connecting to <raspberry's IP>, but it didn't work. To debug, I tried the same while running



tcpdump -n -e -ttt -i ue0 | grep 27960


on raspberry. When I attempted joining my server through raspberry from UrbanTerror, the following appeared in the dump:



188.112.111.89.27961 > 192.168.0.33.27960: UDP, length 16
192.168.0.33 > 188.112.111.89: ICMP 192.168.0.33 udp port 27960 unreachable


(I stripped the output for brevity)



188.112.111.89 is the current public IP of thinkpad and 192.168.0.33 is of course raspberry. Why is port 27960 unreachable? Clearly, according to netstat, thinkpad is listening on that port.



Just to test connectivity, I tried running nc -l 27960 on thinkpad and nc localhost 27960 on raspberry: I could communicate in both directions w/o problems.



I think it's also worth mentioning that I have OpenBSD's pf packet filter running on both machines but I have disabled it for troubleshooting.










share|improve this question















migrated from serverfault.com Dec 13 '18 at 18:41


This question came from our site for system and network administrators.















  • What have you tried so far? Does "remote port forwarding" ring a bell? Have you read man ssh? In this question the setup is similar (translation: "Plex" -> "thinkpad"; "remote server" -> "raspberry").
    – Kamil Maciorowski
    Dec 13 '18 at 19:14








  • 1




    Yes, you can do that. Keywords are "ssh" and "tunnel" (unsurprisingly). Both the man page and the web have lots of details. If you can't set it up, edit your question with what you've tried, and what doesn't work.
    – dirkt
    Dec 13 '18 at 19:33










  • @dirkt I have updated my question as you asked.
    – bertalanp99
    Dec 14 '18 at 12:30
















0














Setup



At home, I have a little Raspberry Pi 3 that runs services that are exposed to the internet. For example, it is running a HTTP server. I will call this server raspberry. I can manage raspberry remotely via SSH: I have opened port 22 on my router at home and therefore traffic to my public IP for this port is forwarded to raspberry. So far so good.



raspberry's architecture is arm64 and it runs FreeBSD which makes it impossible (apparently, I tried hacking around, but no dice) for me to run a game server (UrbanTerror 4.3) on it.



I also have another machine, which is a ThinkPad (later on: thinkpad) running OpenBSD and it has an amd64 architecture, which does in fact allow me to run the desired server. From thinkpad, I can access raspberry by using SSH.



Question



I am currently not at home, but on a different network, actually abroad. I have an irresistible urge to host my server now, but I couldn't manage to do it on raspberry, as I said.



Would it be somehow possible to run the server on thinkpad and tunnel all traffic through raspberry (since I can expose that to the internet, whereas here, abroad, I do not have administrator rights to the router)?



Essentially, what I want is to run the server on thinkpad as if I were running it on raspberry in terms of networking. That is the server would appear in server browsers and players would be able to connect: the traffic would arrive at raspberry through port eg 27900 and it would be sent over the internet via SSH to thinkpad.



PS I realize this would probably result in poor performance due to relaying the traffic through SSH but I would still like to try.



Thank you in advance and sorry for the long post!



EDIT 2018-12-14: Here is what I have already tried



So I need a reverse SSH tunnel for this. I created a tunnel from thinkpad like so



ssh -N -R :27960:localhost:27960 <raspberry's public IP>


The tunnel is created successfully. I checked with netstat on raspberry and it is indeed listening on *:27960 (but TCP; is this a problem? UrbanTerror, like other games, uses UDP). Now I launched the server on thinkpad and again, with netstat, I saw that it's listening on *:27960 (UDP).



I tried opening an UrbanTerror client on thinkpad and connecting to <raspberry's IP>, but it didn't work. To debug, I tried the same while running



tcpdump -n -e -ttt -i ue0 | grep 27960


on raspberry. When I attempted joining my server through raspberry from UrbanTerror, the following appeared in the dump:



188.112.111.89.27961 > 192.168.0.33.27960: UDP, length 16
192.168.0.33 > 188.112.111.89: ICMP 192.168.0.33 udp port 27960 unreachable


(I stripped the output for brevity)



188.112.111.89 is the current public IP of thinkpad and 192.168.0.33 is of course raspberry. Why is port 27960 unreachable? Clearly, according to netstat, thinkpad is listening on that port.



Just to test connectivity, I tried running nc -l 27960 on thinkpad and nc localhost 27960 on raspberry: I could communicate in both directions w/o problems.



I think it's also worth mentioning that I have OpenBSD's pf packet filter running on both machines but I have disabled it for troubleshooting.










share|improve this question















migrated from serverfault.com Dec 13 '18 at 18:41


This question came from our site for system and network administrators.















  • What have you tried so far? Does "remote port forwarding" ring a bell? Have you read man ssh? In this question the setup is similar (translation: "Plex" -> "thinkpad"; "remote server" -> "raspberry").
    – Kamil Maciorowski
    Dec 13 '18 at 19:14








  • 1




    Yes, you can do that. Keywords are "ssh" and "tunnel" (unsurprisingly). Both the man page and the web have lots of details. If you can't set it up, edit your question with what you've tried, and what doesn't work.
    – dirkt
    Dec 13 '18 at 19:33










  • @dirkt I have updated my question as you asked.
    – bertalanp99
    Dec 14 '18 at 12:30














0












0








0







Setup



At home, I have a little Raspberry Pi 3 that runs services that are exposed to the internet. For example, it is running a HTTP server. I will call this server raspberry. I can manage raspberry remotely via SSH: I have opened port 22 on my router at home and therefore traffic to my public IP for this port is forwarded to raspberry. So far so good.



raspberry's architecture is arm64 and it runs FreeBSD which makes it impossible (apparently, I tried hacking around, but no dice) for me to run a game server (UrbanTerror 4.3) on it.



I also have another machine, which is a ThinkPad (later on: thinkpad) running OpenBSD and it has an amd64 architecture, which does in fact allow me to run the desired server. From thinkpad, I can access raspberry by using SSH.



Question



I am currently not at home, but on a different network, actually abroad. I have an irresistible urge to host my server now, but I couldn't manage to do it on raspberry, as I said.



Would it be somehow possible to run the server on thinkpad and tunnel all traffic through raspberry (since I can expose that to the internet, whereas here, abroad, I do not have administrator rights to the router)?



Essentially, what I want is to run the server on thinkpad as if I were running it on raspberry in terms of networking. That is the server would appear in server browsers and players would be able to connect: the traffic would arrive at raspberry through port eg 27900 and it would be sent over the internet via SSH to thinkpad.



PS I realize this would probably result in poor performance due to relaying the traffic through SSH but I would still like to try.



Thank you in advance and sorry for the long post!



EDIT 2018-12-14: Here is what I have already tried



So I need a reverse SSH tunnel for this. I created a tunnel from thinkpad like so



ssh -N -R :27960:localhost:27960 <raspberry's public IP>


The tunnel is created successfully. I checked with netstat on raspberry and it is indeed listening on *:27960 (but TCP; is this a problem? UrbanTerror, like other games, uses UDP). Now I launched the server on thinkpad and again, with netstat, I saw that it's listening on *:27960 (UDP).



I tried opening an UrbanTerror client on thinkpad and connecting to <raspberry's IP>, but it didn't work. To debug, I tried the same while running



tcpdump -n -e -ttt -i ue0 | grep 27960


on raspberry. When I attempted joining my server through raspberry from UrbanTerror, the following appeared in the dump:



188.112.111.89.27961 > 192.168.0.33.27960: UDP, length 16
192.168.0.33 > 188.112.111.89: ICMP 192.168.0.33 udp port 27960 unreachable


(I stripped the output for brevity)



188.112.111.89 is the current public IP of thinkpad and 192.168.0.33 is of course raspberry. Why is port 27960 unreachable? Clearly, according to netstat, thinkpad is listening on that port.



Just to test connectivity, I tried running nc -l 27960 on thinkpad and nc localhost 27960 on raspberry: I could communicate in both directions w/o problems.



I think it's also worth mentioning that I have OpenBSD's pf packet filter running on both machines but I have disabled it for troubleshooting.










share|improve this question















Setup



At home, I have a little Raspberry Pi 3 that runs services that are exposed to the internet. For example, it is running a HTTP server. I will call this server raspberry. I can manage raspberry remotely via SSH: I have opened port 22 on my router at home and therefore traffic to my public IP for this port is forwarded to raspberry. So far so good.



raspberry's architecture is arm64 and it runs FreeBSD which makes it impossible (apparently, I tried hacking around, but no dice) for me to run a game server (UrbanTerror 4.3) on it.



I also have another machine, which is a ThinkPad (later on: thinkpad) running OpenBSD and it has an amd64 architecture, which does in fact allow me to run the desired server. From thinkpad, I can access raspberry by using SSH.



Question



I am currently not at home, but on a different network, actually abroad. I have an irresistible urge to host my server now, but I couldn't manage to do it on raspberry, as I said.



Would it be somehow possible to run the server on thinkpad and tunnel all traffic through raspberry (since I can expose that to the internet, whereas here, abroad, I do not have administrator rights to the router)?



Essentially, what I want is to run the server on thinkpad as if I were running it on raspberry in terms of networking. That is the server would appear in server browsers and players would be able to connect: the traffic would arrive at raspberry through port eg 27900 and it would be sent over the internet via SSH to thinkpad.



PS I realize this would probably result in poor performance due to relaying the traffic through SSH but I would still like to try.



Thank you in advance and sorry for the long post!



EDIT 2018-12-14: Here is what I have already tried



So I need a reverse SSH tunnel for this. I created a tunnel from thinkpad like so



ssh -N -R :27960:localhost:27960 <raspberry's public IP>


The tunnel is created successfully. I checked with netstat on raspberry and it is indeed listening on *:27960 (but TCP; is this a problem? UrbanTerror, like other games, uses UDP). Now I launched the server on thinkpad and again, with netstat, I saw that it's listening on *:27960 (UDP).



I tried opening an UrbanTerror client on thinkpad and connecting to <raspberry's IP>, but it didn't work. To debug, I tried the same while running



tcpdump -n -e -ttt -i ue0 | grep 27960


on raspberry. When I attempted joining my server through raspberry from UrbanTerror, the following appeared in the dump:



188.112.111.89.27961 > 192.168.0.33.27960: UDP, length 16
192.168.0.33 > 188.112.111.89: ICMP 192.168.0.33 udp port 27960 unreachable


(I stripped the output for brevity)



188.112.111.89 is the current public IP of thinkpad and 192.168.0.33 is of course raspberry. Why is port 27960 unreachable? Clearly, according to netstat, thinkpad is listening on that port.



Just to test connectivity, I tried running nc -l 27960 on thinkpad and nc localhost 27960 on raspberry: I could communicate in both directions w/o problems.



I think it's also worth mentioning that I have OpenBSD's pf packet filter running on both machines but I have disabled it for troubleshooting.







ssh port-forwarding ssh-tunnel






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 14 '18 at 12:29

























asked Dec 13 '18 at 18:32









bertalanp99

739




739




migrated from serverfault.com Dec 13 '18 at 18:41


This question came from our site for system and network administrators.






migrated from serverfault.com Dec 13 '18 at 18:41


This question came from our site for system and network administrators.














  • What have you tried so far? Does "remote port forwarding" ring a bell? Have you read man ssh? In this question the setup is similar (translation: "Plex" -> "thinkpad"; "remote server" -> "raspberry").
    – Kamil Maciorowski
    Dec 13 '18 at 19:14








  • 1




    Yes, you can do that. Keywords are "ssh" and "tunnel" (unsurprisingly). Both the man page and the web have lots of details. If you can't set it up, edit your question with what you've tried, and what doesn't work.
    – dirkt
    Dec 13 '18 at 19:33










  • @dirkt I have updated my question as you asked.
    – bertalanp99
    Dec 14 '18 at 12:30


















  • What have you tried so far? Does "remote port forwarding" ring a bell? Have you read man ssh? In this question the setup is similar (translation: "Plex" -> "thinkpad"; "remote server" -> "raspberry").
    – Kamil Maciorowski
    Dec 13 '18 at 19:14








  • 1




    Yes, you can do that. Keywords are "ssh" and "tunnel" (unsurprisingly). Both the man page and the web have lots of details. If you can't set it up, edit your question with what you've tried, and what doesn't work.
    – dirkt
    Dec 13 '18 at 19:33










  • @dirkt I have updated my question as you asked.
    – bertalanp99
    Dec 14 '18 at 12:30
















What have you tried so far? Does "remote port forwarding" ring a bell? Have you read man ssh? In this question the setup is similar (translation: "Plex" -> "thinkpad"; "remote server" -> "raspberry").
– Kamil Maciorowski
Dec 13 '18 at 19:14






What have you tried so far? Does "remote port forwarding" ring a bell? Have you read man ssh? In this question the setup is similar (translation: "Plex" -> "thinkpad"; "remote server" -> "raspberry").
– Kamil Maciorowski
Dec 13 '18 at 19:14






1




1




Yes, you can do that. Keywords are "ssh" and "tunnel" (unsurprisingly). Both the man page and the web have lots of details. If you can't set it up, edit your question with what you've tried, and what doesn't work.
– dirkt
Dec 13 '18 at 19:33




Yes, you can do that. Keywords are "ssh" and "tunnel" (unsurprisingly). Both the man page and the web have lots of details. If you can't set it up, edit your question with what you've tried, and what doesn't work.
– dirkt
Dec 13 '18 at 19:33












@dirkt I have updated my question as you asked.
– bertalanp99
Dec 14 '18 at 12:30




@dirkt I have updated my question as you asked.
– bertalanp99
Dec 14 '18 at 12:30










2 Answers
2






active

oldest

votes


















1














There are several ways you can do this. Easiest is to temporarily create ssh tunnel to router web interface via raspberry. Open UDP on router to thinkpad (UrbanTerror server only uses UDP and default port is 27960). After that, players would be able to connect to your public IP.



If you don't want to open another port on router. Each players will have to have access to SSH to your raspberry and make SSH port forwarding tunnel via TCP port 22 and perform UDP to TCP relay on their machine. You can do this with socat:



Raspberry side: socat tcp4-listen:27900,reuseaddr,fork UDP:`thinkpad`:27960

Players side: socat -T15 udp4-recvfrom:27960,reuseaddr,fork tcp:localhost:27900





share|improve this answer





















  • Sorry, either I wasn't clear enough or you have missed something. I cannot open the port to thinkpad as that box is not even on my home network. I am not sure about the second solution you provided, I would like everybody to be able to connect, without having the need to SSH.
    – bertalanp99
    Dec 14 '18 at 12:13





















0














If I understood you correctly, you and your thinkpad are abroad, the raspberry is at home, and you can remotely configure your router at home to open new ports on the raspberry.



TCP vs UDP makes a big difference, because ssh can only tunnel TCP. So you additionally need to convert between those.



The latency in the complete setup will be very noticeable.



You need to



1) Configure your router at home to forward UDP port 27960 to the raspberry.



2) On the raspberry, convert with socat between UDP and TCP, the latter say on port 27900.



3) Create a ssh tunnel from the thinkpad to the raspberry; the direction will depend on the socat commands. Say, port 27900 on both sides.



4) On the thinkpad, use socat again to convert between TCP 27900 and UDP 27960.



IIRC you have to be a bit careful which of the UDP variants to use with socat so it works in both directions. I'd need to test this, but I don't have the time right now, so I can't give you concrete commands right now. You also have to set it up on the correct order, so that the "listening" services are started first, before they get a connection from the other steps.






share|improve this answer





















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1383373%2ftunnelling-server-traffic-throuh-ssh-when-port-forwarding-on-network-is-unavaila%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    There are several ways you can do this. Easiest is to temporarily create ssh tunnel to router web interface via raspberry. Open UDP on router to thinkpad (UrbanTerror server only uses UDP and default port is 27960). After that, players would be able to connect to your public IP.



    If you don't want to open another port on router. Each players will have to have access to SSH to your raspberry and make SSH port forwarding tunnel via TCP port 22 and perform UDP to TCP relay on their machine. You can do this with socat:



    Raspberry side: socat tcp4-listen:27900,reuseaddr,fork UDP:`thinkpad`:27960

    Players side: socat -T15 udp4-recvfrom:27960,reuseaddr,fork tcp:localhost:27900





    share|improve this answer





















    • Sorry, either I wasn't clear enough or you have missed something. I cannot open the port to thinkpad as that box is not even on my home network. I am not sure about the second solution you provided, I would like everybody to be able to connect, without having the need to SSH.
      – bertalanp99
      Dec 14 '18 at 12:13


















    1














    There are several ways you can do this. Easiest is to temporarily create ssh tunnel to router web interface via raspberry. Open UDP on router to thinkpad (UrbanTerror server only uses UDP and default port is 27960). After that, players would be able to connect to your public IP.



    If you don't want to open another port on router. Each players will have to have access to SSH to your raspberry and make SSH port forwarding tunnel via TCP port 22 and perform UDP to TCP relay on their machine. You can do this with socat:



    Raspberry side: socat tcp4-listen:27900,reuseaddr,fork UDP:`thinkpad`:27960

    Players side: socat -T15 udp4-recvfrom:27960,reuseaddr,fork tcp:localhost:27900





    share|improve this answer





















    • Sorry, either I wasn't clear enough or you have missed something. I cannot open the port to thinkpad as that box is not even on my home network. I am not sure about the second solution you provided, I would like everybody to be able to connect, without having the need to SSH.
      – bertalanp99
      Dec 14 '18 at 12:13
















    1












    1








    1






    There are several ways you can do this. Easiest is to temporarily create ssh tunnel to router web interface via raspberry. Open UDP on router to thinkpad (UrbanTerror server only uses UDP and default port is 27960). After that, players would be able to connect to your public IP.



    If you don't want to open another port on router. Each players will have to have access to SSH to your raspberry and make SSH port forwarding tunnel via TCP port 22 and perform UDP to TCP relay on their machine. You can do this with socat:



    Raspberry side: socat tcp4-listen:27900,reuseaddr,fork UDP:`thinkpad`:27960

    Players side: socat -T15 udp4-recvfrom:27960,reuseaddr,fork tcp:localhost:27900





    share|improve this answer












    There are several ways you can do this. Easiest is to temporarily create ssh tunnel to router web interface via raspberry. Open UDP on router to thinkpad (UrbanTerror server only uses UDP and default port is 27960). After that, players would be able to connect to your public IP.



    If you don't want to open another port on router. Each players will have to have access to SSH to your raspberry and make SSH port forwarding tunnel via TCP port 22 and perform UDP to TCP relay on their machine. You can do this with socat:



    Raspberry side: socat tcp4-listen:27900,reuseaddr,fork UDP:`thinkpad`:27960

    Players side: socat -T15 udp4-recvfrom:27960,reuseaddr,fork tcp:localhost:27900






    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Dec 14 '18 at 9:03









    badrul

    111




    111












    • Sorry, either I wasn't clear enough or you have missed something. I cannot open the port to thinkpad as that box is not even on my home network. I am not sure about the second solution you provided, I would like everybody to be able to connect, without having the need to SSH.
      – bertalanp99
      Dec 14 '18 at 12:13




















    • Sorry, either I wasn't clear enough or you have missed something. I cannot open the port to thinkpad as that box is not even on my home network. I am not sure about the second solution you provided, I would like everybody to be able to connect, without having the need to SSH.
      – bertalanp99
      Dec 14 '18 at 12:13


















    Sorry, either I wasn't clear enough or you have missed something. I cannot open the port to thinkpad as that box is not even on my home network. I am not sure about the second solution you provided, I would like everybody to be able to connect, without having the need to SSH.
    – bertalanp99
    Dec 14 '18 at 12:13






    Sorry, either I wasn't clear enough or you have missed something. I cannot open the port to thinkpad as that box is not even on my home network. I am not sure about the second solution you provided, I would like everybody to be able to connect, without having the need to SSH.
    – bertalanp99
    Dec 14 '18 at 12:13















    0














    If I understood you correctly, you and your thinkpad are abroad, the raspberry is at home, and you can remotely configure your router at home to open new ports on the raspberry.



    TCP vs UDP makes a big difference, because ssh can only tunnel TCP. So you additionally need to convert between those.



    The latency in the complete setup will be very noticeable.



    You need to



    1) Configure your router at home to forward UDP port 27960 to the raspberry.



    2) On the raspberry, convert with socat between UDP and TCP, the latter say on port 27900.



    3) Create a ssh tunnel from the thinkpad to the raspberry; the direction will depend on the socat commands. Say, port 27900 on both sides.



    4) On the thinkpad, use socat again to convert between TCP 27900 and UDP 27960.



    IIRC you have to be a bit careful which of the UDP variants to use with socat so it works in both directions. I'd need to test this, but I don't have the time right now, so I can't give you concrete commands right now. You also have to set it up on the correct order, so that the "listening" services are started first, before they get a connection from the other steps.






    share|improve this answer


























      0














      If I understood you correctly, you and your thinkpad are abroad, the raspberry is at home, and you can remotely configure your router at home to open new ports on the raspberry.



      TCP vs UDP makes a big difference, because ssh can only tunnel TCP. So you additionally need to convert between those.



      The latency in the complete setup will be very noticeable.



      You need to



      1) Configure your router at home to forward UDP port 27960 to the raspberry.



      2) On the raspberry, convert with socat between UDP and TCP, the latter say on port 27900.



      3) Create a ssh tunnel from the thinkpad to the raspberry; the direction will depend on the socat commands. Say, port 27900 on both sides.



      4) On the thinkpad, use socat again to convert between TCP 27900 and UDP 27960.



      IIRC you have to be a bit careful which of the UDP variants to use with socat so it works in both directions. I'd need to test this, but I don't have the time right now, so I can't give you concrete commands right now. You also have to set it up on the correct order, so that the "listening" services are started first, before they get a connection from the other steps.






      share|improve this answer
























        0












        0








        0






        If I understood you correctly, you and your thinkpad are abroad, the raspberry is at home, and you can remotely configure your router at home to open new ports on the raspberry.



        TCP vs UDP makes a big difference, because ssh can only tunnel TCP. So you additionally need to convert between those.



        The latency in the complete setup will be very noticeable.



        You need to



        1) Configure your router at home to forward UDP port 27960 to the raspberry.



        2) On the raspberry, convert with socat between UDP and TCP, the latter say on port 27900.



        3) Create a ssh tunnel from the thinkpad to the raspberry; the direction will depend on the socat commands. Say, port 27900 on both sides.



        4) On the thinkpad, use socat again to convert between TCP 27900 and UDP 27960.



        IIRC you have to be a bit careful which of the UDP variants to use with socat so it works in both directions. I'd need to test this, but I don't have the time right now, so I can't give you concrete commands right now. You also have to set it up on the correct order, so that the "listening" services are started first, before they get a connection from the other steps.






        share|improve this answer












        If I understood you correctly, you and your thinkpad are abroad, the raspberry is at home, and you can remotely configure your router at home to open new ports on the raspberry.



        TCP vs UDP makes a big difference, because ssh can only tunnel TCP. So you additionally need to convert between those.



        The latency in the complete setup will be very noticeable.



        You need to



        1) Configure your router at home to forward UDP port 27960 to the raspberry.



        2) On the raspberry, convert with socat between UDP and TCP, the latter say on port 27900.



        3) Create a ssh tunnel from the thinkpad to the raspberry; the direction will depend on the socat commands. Say, port 27900 on both sides.



        4) On the thinkpad, use socat again to convert between TCP 27900 and UDP 27960.



        IIRC you have to be a bit careful which of the UDP variants to use with socat so it works in both directions. I'd need to test this, but I don't have the time right now, so I can't give you concrete commands right now. You also have to set it up on the correct order, so that the "listening" services are started first, before they get a connection from the other steps.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Dec 14 '18 at 13:44









        dirkt

        9,05231121




        9,05231121






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1383373%2ftunnelling-server-traffic-throuh-ssh-when-port-forwarding-on-network-is-unavaila%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            "Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

            Alcedinidae

            Origin of the phrase “under your belt”?