1

In my lab I want to set up a ssh jump host that forwards incoming ssh connections to Android devices that are connected to it via USB. All Android devices have USB-tethering turned on. The tethering connection spawns a network adapter in the sub net 192.168.42.0/24 for each Android device. Every Android device runs a ssh server on a different port. The setup is illustrated in the following:

exemplary setup with two devices

My idea is to forward ssh connections according to the port. Therefore, I added the network adapters to a bridge and forwarded the connections via iptables. I made up the following for this purpose:

sudo ip link add name ogt type bridge
sudo ip l set eno1 master ogt 
sudo ip l set usb0 master ogt 
sudo ip l set usb1 master ogt
sudo ip a a 192.168.42.1/24 dev ogt
sudo ip link set ogt up

sudo iptables -t nat -A POSTROUTING -o ogt -j MASQUERADE
sudo iptables -t nat -A POSTROUTING ! -d 192.168.42.0/24 -o eno1 -j SNAT --to-source 172.16.1.100
echo 1 > /proc/sys/net/ipv4/ip_forward

sudo iptables -A PREROUTING -t nat -i eno1 -p tcp --dport 130 -j DNAT --to 192.168.42.130:130
sudo iptables -A FORWARD -p tcp -d 192.168.42.130 --dport 130 -j ACCEPT

sudo iptables -A PREROUTING -t nat -i eno1 -p tcp --dport 131 -j DNAT --to 192.168.42.131:131
sudo iptables -A FORWARD -p tcp -d 192.168.42.131 --dport 130 -j ACCEPT

The setup works but I have no internet on the jump host. Unfortunately, I do not quite understand why. How can I improve the forwarding or is there maybe a better solution? I would be very happy to have a helping hand!

Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47
ninjab3s
  • 11
  • 5
  • I just realized that I made a mistake in the sketch. The incoming connection is not on port 22, it is on port 130 or 131 depending on the device I want to connect to. I hope it is not too confusing. – ninjab3s Mar 05 '21 at 17:05

1 Answers1

0

After a little while I got it working. Instead of iptables I use adb forward.

Therefore, start adb so that it listens on all local interfaces:

sudo adb -a nodaemon server start

The -a option makes adb listen on all local interfaces. Start adb without it if you only want to work locally.

Afterwards use adb forward to forward incoming ssh connections to the respective port on the Android device:

adb -s [serialDevice#1] forward tcp:130 tcp:130
adb -s [serialDevice#2] forward tcp:131 tcp:131

This forwards incoming connections on port 130/131 to the respective Android device. Using ssh root@172.16.1.100 -p130 or ssh root@172.16.1.100 -p131 I can now connect to the desired device

Here are some resources I used to research about this problem:

ninjab3s
  • 11
  • 5