[PLUG] Reverse SSH tunneling with HTTP proxy

Erik Lane eriklane at gmail.com
Mon Jul 8 18:47:54 UTC 2019 

On Sun, Jul 7, 2019 at 11:13 PM <tomas.kuchta.lists at gmail.com> wrote:

> I am wondering, based on your description, what kind of modem goes
> behind another modem!
>
> Sorry, I goofed on that one. I've been chasing my tail so much on this one
that I was really more concentrating on the problem and messed up the
description. I'm pretty sure he went from CenturyLink to Comcast when he
switched, but at any rate, the previous configuration was a modem and a
router - two separate devices. The thing that is making this hard is that
the previous modem was just a modem, and the new one has a router built in.
So the previous router and the new router leaves two layers of NAT and
firewall between the internet and his network. Not a problem for anything
else, but since the new router/modem does not have a rule in place to allow
me access to SSH into my Linux server at his place, I did the reverse SSH
instead. Sorry for the mistake!




> Even without you mentioning Comcast - It smells like wrong end of a
> fish.
>
> It would make sense to understand why and how it is suppose to work.
> Then, if it does not make sense or add value - get rid of one of the
> modems/routers/whatever the hell they are. So that you can do normal
> forwarding.
>
> If that is not possible for some reason - you probably need raspberry-
> pi ssh/VPN tunneling somewhere with static IP on the net (cheapest
> Linode or AWS EC2, digitalOcean VM instance). You would then connect
> through there.
>
>
Well, I guess I could do that, but I'd rather avoid it if possible. I have
a dynamic DNS address that points to both my house and his, so I can always
get an IP address, but it does change from time to time. That's all set up
to update every few minutes with a cron job, and it works well. I think
that should be enough, since I can get SSH access to the server at his
house anytime I want. It's just the http forwarding that is stymieing me at
the moment.

Thanks!
Erik

-Tomas
>
> On Sun, 2019-07-07 at 16:29 -0700, Erik Lane wrote:
> > Hello,
> >
> > I'm very possibly going about this the wrong way. I've tried all
> > manner of
> > search terms that I can think of with variations of what I put in the
> > subject line.
> >
> > Basically, for a long time it worked very well to just open an SSH
> > tunneling command to connect to the network at my dad's house to do
> > maintenance on the computers/networking equipment there. All was good
> > until
> > he either changed providers or just had problems with his equipment.
> > Either
> > way, he got a new modem, and instead of replacing his existing all-
> > in-one
> > modem and router, he and/or the tech decided it would be safer to
> > just add
> > the new modem upstream of the existing one, and just have two NAT
> > translations happening. This broke my port forwarding that I had
> > working,
> > so I had to change how I got access. I don't know if he even has
> > access to
> > the settings in the new modem - it's a Comcast thing, and he's not
> > sure,
> > and I think he's also a little uneasy about the idea of changing
> > anything,
> > since it's now working well and he went for a while with having
> > things be
> > really flaky.
> >
> > So to keep his stress level low, the first time afterwards that I
> > went out
> > there I got onto the linux server that I have running there and set
> > up a
> > persistent reverse SSH tunnel using autossh. It works great, and all
> > I have
> > to do from my local server machine is run 'ssh -p 2222 localhost' and
> > I get
> > connected and everything is good.
> >
> > However, to do a fix for a current problem, I need to get http access
> > to a
> > server running on that same machine. All of the logs make it look
> > like it's
> > running fine, but they're reporting that something isn't right.
> > Before, I
> > could set up a tunnel and use a proxy command to then connect from a
> > local
> > machine to a port on the server at my dad's house and do whatever
> > amount of
> > troubleshooting I needed. With the new reverse tunnel set up, it
> > doesn't
> > seem to be accepting the proxy traffic, and I have no idea why.
> >
> > Dad's server  Dad's old modem/router --- Dad's new modem --- internet
> > ----
> > my modem/router --- my server --- my laptop
> >
> > So I want to use firefox on my laptop to view content served from my
> > dad's
> > server, but the only possible connection is currently through a
> > reverse ssh
> > tunnel set up on my server. It seems like this must be a somewhat
> > basic
> > thing to do, as all I want is for traffic sent to a chosen port on my
> > server to be rerouted through the existing SSH tunnel and then appear
> > to
> > originate on my dad's private network so that it can then query the
> > http
> > server and send the response back through the tunnel.
> >
> > But maybe I'm trying to do this the hard way and there's a simpler
> > solution? Maybe I just don't know the right search terms to use? I
> > could be
> > calling these things the wrong names. It's a bit of a drive to get
> > out
> > there in person, and I'd like to get this running before the next
> > time that
> > I'm planning to be there anyway, if possible.
> >
> > Thanks!
> > Erik
> > _______________________________________________
> > PLUG mailing list
> > PLUG at pdxlinux.org
> > http://lists.pdxlinux.org/mailman/listinfo/plug
> _______________________________________________
> PLUG mailing list
> PLUG at pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>

More information about the PLUG mailing list