Re: services behind NAT and firewall

• Previous message: Jose Maria Lopez Hernandez: "Re: services behind NAT and firewall"
• In reply to: m: "Re: services behind NAT and firewall"
• Next in thread: m: "Re: services behind NAT and firewall"
• Reply: m: "Re: services behind NAT and firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 29 Apr 2005 11:35:27 +0200

>> I'm not really certain of what you are asking here. It may be that
>> OpenVPN will do what you want.
>
> No, OpenVPN can not do this :(
>
> COMPUTER_2 ==| firewall -- internet -- COMPUTER_1 -- Internet -- COMP_3
>
> and I want to connect from COMP_3 to COMPUTER_2 via COMPUTER_1
>
> COUMPUTER_2 is completely behind firewall and I want to make some kind
> of all time connection from COUMPTER_2 to COUMPUTER_1 not from
> COMPUTER_1 to COMPUTER_2 like VPN makes :)
>

If you have SSH access from COMPUTER_2 to the outside world (eg,
COMPUTER_1), then you can do this with SSH port forwarding.

eg; something like:

on COMPUTER_2:

ssh -R 3333:COMPUTER_2:22 username@COMPUTER_1

This works by opening an SSH tunnel between COMPUTER_2 and COMPUTER_1. On
COMPUTER_1 a local port is opened (here 3333), and every traffic coming
into it will be forwarded across the SSH tunnel back to COMPUTER_2. From
there, it is redirected to the local SSH server.

In other words, once you've done that; on COMPUTER_1 you just have to do:
ssh -p3333 username@localhost

Further informations available in SSH man's pages.

Note that you can use any ports you want instead of 3333 (above 1024;
otherwise you'll have to be root), and you can use COMPUTER_3 instead of
COMPUTER_1, as soon as you have direct access to it.

Hope that helps.

-- 
Vincent Jaussaud, Kelkoo.com IT Architect
---
UNIX is many things to many people, but it's never been everything to
anybody.

• Previous message: Jose Maria Lopez Hernandez: "Re: services behind NAT and firewall"
• In reply to: m: "Re: services behind NAT and firewall"
• Next in thread: m: "Re: services behind NAT and firewall"
• Reply: m: "Re: services behind NAT and firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: openvpn from extras ... i installed it as a routed tunnel. ... ping and ssh, but smtp, imap, web do not work at all. ... Allow TUN interface connections to OpenVPN server ... (Fedora) Re: openvpn in spite of firewalls ... Nevertheless, http, ssh, ftp and a few other protocols ... The protocols you mentioned all use TCP - any holes in the firewalls for ... That's openvpn's preferred mode of operation, although a TCP hole ... If you run openvpn in tcp mode, then you can use a proxy server at the ... (Debian-User) Re: PPP VPN solution over ssh tunnel? ... >>I run an ssh tunnel home from work all day long. ... I could run a traditional VPN connection ... For linux-linux vpns, I really like openvpn. ... (comp.os.linux.networking) Re: Remote administration of a machine behind NAT ... You have already pointed out that you can't use an ssh tunnel. ... Your mother's PC is behind at least one layer of NAT, so any connection ... Start OpenVPN from your mother's PC ... (Debian-User) Re: recommended way to allow access from remote sites ... > of the VPN to everything except the portrequired for the specific ... > If your server is up to it, ... > I don't like routing general traffic over an ssh tunnel. ... I will dig a little deeper in OpenVPN. ... (comp.os.linux.security)