[PLUG] Reverse SSH tunneling with HTTP proxy

Mon Jul 8 06:12:55 UTC 2019

I am wondering, based on your description, what kind of modem goes
behind another modem!

Even without you mentioning Comcast - It smells like wrong end of a
fish.

It would make sense to understand why and how it is suppose to work.
Then, if it does not make sense or add value - get rid of one of the
modems/routers/whatever the hell they are. So that you can do normal
forwarding.

If that is not possible for some reason - you probably need raspberry-
pi ssh/VPN tunneling somewhere with static IP on the net (cheapest
Linode or AWS EC2, digitalOcean VM instance). You would then connect
through there.

-Tomas

On Sun, 2019-07-07 at 16:29 -0700, Erik Lane wrote:
> Hello,
> 
> I'm very possibly going about this the wrong way. I've tried all
> manner of
> search terms that I can think of with variations of what I put in the
> subject line.
> 
> Basically, for a long time it worked very well to just open an SSH
> tunneling command to connect to the network at my dad's house to do
> maintenance on the computers/networking equipment there. All was good
> until
> he either changed providers or just had problems with his equipment.
> Either
> way, he got a new modem, and instead of replacing his existing all-
> in-one
> modem and router, he and/or the tech decided it would be safer to
> just add
> the new modem upstream of the existing one, and just have two NAT
> translations happening. This broke my port forwarding that I had
> working,
> so I had to change how I got access. I don't know if he even has
> access to
> the settings in the new modem - it's a Comcast thing, and he's not
> sure,
> and I think he's also a little uneasy about the idea of changing
> anything,
> since it's now working well and he went for a while with having
> things be
> really flaky.
> 
> So to keep his stress level low, the first time afterwards that I
> went out
> there I got onto the linux server that I have running there and set
> up a
> persistent reverse SSH tunnel using autossh. It works great, and all
> I have
> to do from my local server machine is run 'ssh -p 2222 localhost' and
> I get
> connected and everything is good.
> 
> However, to do a fix for a current problem, I need to get http access
> to a
> server running on that same machine. All of the logs make it look
> like it's
> running fine, but they're reporting that something isn't right.
> Before, I
> could set up a tunnel and use a proxy command to then connect from a
> local
> machine to a port on the server at my dad's house and do whatever
> amount of
> troubleshooting I needed. With the new reverse tunnel set up, it
> doesn't
> seem to be accepting the proxy traffic, and I have no idea why.
> 
> Dad's server  Dad's old modem/router --- Dad's new modem --- internet
> ----
> my modem/router --- my server --- my laptop
> 
> So I want to use firefox on my laptop to view content served from my
> dad's
> server, but the only possible connection is currently through a
> reverse ssh
> tunnel set up on my server. It seems like this must be a somewhat
> basic
> thing to do, as all I want is for traffic sent to a chosen port on my
> server to be rerouted through the existing SSH tunnel and then appear
> to
> originate on my dad's private network so that it can then query the
> http
> server and send the response back through the tunnel.
> 
> But maybe I'm trying to do this the hard way and there's a simpler
> solution? Maybe I just don't know the right search terms to use? I
> could be
> calling these things the wrong names. It's a bit of a drive to get
> out
> there in person, and I'd like to get this running before the next
> time that
> I'm planning to be there anyway, if possible.
> 
> Thanks!
> Erik
> _______________________________________________
> PLUG mailing list
> PLUG at pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug