This is a read-only archive!

Tunneling is fun

My girlfriend is stuck behind a very restrictive firewall at college. It hides her behind some kind of NAT. No open ports whatsoever. In a way I can understand it; when you have thousands of Windows machines running on a high-speed network, you need all the help you can get. In another way, I just couldn't live with that kind of crippled access. I know I'm not really a typical user, but I needs me my open ports for SSH and whatnot.

We wanted to play ZSNES over the internet, which needs a direct connection between two computers. It took me forever to figure out how to get a reverse SSH tunnel set up, but I finally did. The terminology is always very confusing. "Local" vs. "remote"; is that from the point of view of the client, or the server?

Just so I have a record of how to do this:

ssh -R 12345:localhost:6881 SERVER_NAME

-R means SSH will LISTEN for connections on the REMOTE host ("remote" from the point of view of the PERSON RUNNING THE COMMAND, i.e. the client). (-L is the opposite.) It will listen for connections on port 12345 on the machine where the server resides; it will forward the data to incoming port 6881 on the machine where the client resides.

After getting that working, it turns out we needed UDP forwarding too, so I had to look for something else. I ended up using OpenVPN. That program is pretty amazing. It only took a short while to install, by following the HOWTO. Even on Windows (though it has Linux versions too). I used had to use TAP devices instead of TUN; I have no idea what either of those things is, but TAP seems to create imaginary network devices. The program uses some nice encryption too. And using this program, you can do anything you could do with someone who was physically on your LAN.

Turns out OpenVPN is in portage, too. I wish I'd have noticed it sooner.

September 11, 2006 @ 6:08 AM PDT
Cateogory: Linux


Quoth Nicole on September 11, 2006 @ 6:21 AM PDT

im just a gerl~ tee hee

Quoth Brian on September 11, 2006 @ 6:30 AM PDT

<3 <3 <3

Quoth Hussam on September 13, 2006 @ 10:33 PM PDT

This might be just me but a while back you had to tunnel through ssh and came up with the same (if not exact) technique! If I'm not mistkane you even said "this is for my future reference"..

Or that could have been a totally different blog. Although I don't follow more than two.

Quoth Brian on September 14, 2006 @ 3:58 AM PDT

I wrote about tunneling VNC before ( ), but that was actually a tunnel in the opposite direction. In that case I wanted to connect to a program that was running on the same machine as the SSH server. In this case I want to connect to a program that was running on the same machine as the SSH client.