I need to access a remote server which is behind a NAT. I don't control that router but I have permission from the owner to do this. Since I have a public IP at my office, I set up a systemd service to tunnel two ports through autossh on the remote machine like this:
Code: Select all
/usr/bin/autossh -M 0 -q -N -o ServerAliveInterval=60 -o ServerAliveCountMax=3 -R :2222:localhost:22 -R :9091:localhost:9090 elliott@mypublicip -p 1234
Code: Select all
ssh user@192.168.1.50 -p 2222
Code: Select all
ssh: connect to host 192.168.1.50 port 2222: Connection refused
On the remote server everything seems to be running fine:
Code: Select all
$ ps aux | grep ss[h]
root 16941 0.0 0.0 112864 4348 ? Ss Jun24 0:00 /usr/sbin/sshd -D
alt 16982 0.0 0.0 6512 720 ? Ss Jun24 0:00 /usr/bin/autossh -M 0 -q -N -o ServerAliveInterval=60 -o ServerAliveCountMax=3 -R :2222:localhost:22 -R :9091:localhost:9090 elliott@mypublicip -p 1234
alt 108855 0.0 0.0 180724 4240 ? S 00:57 0:00 /usr/bin/ssh -q -N -o ServerAliveInterval=60 -o ServerAliveCountMax=3 -R :2222:localhost:22 -R :9091:localhost:9090 -p 1234 elliott@mypublicip
alt 129559 0.0 0.0 72420 776 ? Ss 16:22 0:00 /usr/bin/ssh-agent /bin/sh -c exec -l /bin/bash -c "env GNOME_SHELL_SESSION_MODE=classic gnome-session --session gnome-classic"
alt 220668 0.0 0.0 72424 3364 ? S 16:42 0:00 /usr/bin/ssh-agent -D -a /run/user/1001/keyring/.ssh
$ sudo lsof -i:22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 16941 root 3u IPv4 30666 0t0 TCP *:ssh (LISTEN)
sshd 16941 root 4u IPv6 30668 0t0 TCP *:ssh (LISTEN)
$ ssh elliott@mypublicip -p 1234
this connects successfully
Code: Select all
# lsof -i:2222 on my local server
blank, no connections shown
$ ss -tn
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 169.254.0.2:58396 169.254.0.1:5000
ESTAB 0 0 192.168.1.50:22 192.168.1.201:33134 (autossh from remote server)
ESTAB 0 0 169.254.0.2:58400 169.254.0.1:5000
ESTAB 0 0 127.0.0.1:37414 127.0.0.1:9090 (local web app)
ESTAB 0 0 169.254.0.2:58394 169.254.0.1:5000
ESTAB 0 0 169.254.0.2:58398 169.254.0.1:5000
ESTAB 0 0 192.168.1.50:22 192.168.1.202:58143 (ssh from my laptop)
ESTAB 0 0 ::ffff:127.0.0.1:9090 ::ffff:127.0.0.1:37414