1

I'm wondering if/how I can realize the following setup. It doesn't seem to fit the standard ssh port forwarding model.

I have a client machine A. I have a server application running on machine A, which listens on port X. However, machine A is behind a common IP-address (shared by many users) so it can't receive incoming connections to port X from the internet. However, I have access to a machine, B, in Amazon EC2 and it would be OK connections would go through that machine. It's not possible to move the application to this machine in EC2.

Hence, what I want, is to have machine B listen on port X and forward all connections/communications to machine A. Machine A has to see it as if clients are connecting to port X in the usual way (it would be acceptable that the source IP appears as machine B).

The solution must work in such a way that machine A is the client that connects to machine B. So in the case of ssh, A would have to be the ssh client and B the ssh server. Again, this is because machine A is behind the common IP, hence all connections have to be outgoing from A.

How can this setup be realized? Preferably using commonly available and free software? Thank you in advance.

Morty
  • 123
  • 5

1 Answers1

1

This can be easily done by with a ssh reverse connection, started on Machine A. As a pointer this should be helpfull

ssh -R :PortX:127.0.0.1:PortX user@MachineB

If you run windows on "Machine A" plink is an alternative to ssh (client).

However, persistent reverse-port-forward can be tricky, but absolutely possible.

On "Machine B" you need to have enabled 

GatewayPorts clientspecified

in sshd_config

EDIT:

  • the ":" (colon) in front of PortX is needed to make the Port available to 0/0
  • GatewayPorts clientspecified enables this feature. GatewayPorts Yes always makes the reverse forwareded port world reachable.
Tim Haegele
  • 951
  • 6
  • 13