?
Solved

Tunnel to machine behind NAT firewall

Posted on 2003-03-08
11
Medium Priority
?
329 Views
Last Modified: 2013-11-16
Does anyone know of a software system I can set up so that I can connect to my desktop machine that is behind a NAT firewall from outside of its network?  This desktop machine I would like to connect to does not have an outside IP address; although it does have internet access through a NAT firewall machine that I cannot administer.  I have a linux box outside the network that I could make a connection to from that machine and open some sort of ssh port tunnel, etc. if this would help.  My goal is to be able to connect to the desktop machine inside the network by connecting to this linux server from outside the network and have it forward the connection to the desktop that is inside the network, after beforehand making sure the machine has opened a connection to the linux server.

I don't know if it is completely clear so let me see if I can draw it out...

   OUTSIDE OF NETWORK                  | INSIDE OF NETWORK
 /---------\           /-------\    /--|---\   /---------\
 | ROAMING |-----------| LINUX |----| NAT  |---| DESKTOP |
 \---------/           \-------/    \--|---/   \---------/

 1.  Connect desktop machine to linux server in a "waiting" mode which runs indefinitely
 2.  Connect roaming machine to linux server as needed for normal use
 3.  Linux server forwards packets from roaming machine to desktop machine through connection in step 1

A solution such as www.gotomypc.com is not acceptable for this question, as I know a free soultion should exist or can be developed because I have my own server... I just need to know what software to use and how to set it up.
0
Comment
Question by:psikic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
11 Comments
 

Author Comment

by:psikic
ID: 8094468
If my ascii drawing doesn't look correct for you, copy and paste it into notepad.

psikic <http://cs.atu.edu/~bryan/>
0
 
LVL 8

Expert Comment

by:heskyttberg
ID: 8096149
Hi!

You need to use and setup openssh.
http://www.openssh.org/

Regards
/Hans - Erik Skyttberg
0
 

Author Comment

by:psikic
ID: 8096164
I already knew that I probably needed to use SSH and the port tunneling features, but I wouldn't know how to go about setting it up.  How would I make the desktop connect to the Linux machine and keep an open connection?  How would I instruct the linux machine to forward the connections from the mobile machine to the desktop machine?  I need to know how to set up the software--that is my question.

Thanks

psikic <http://cs.atu.edu/~bryan/>
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Expert Comment

by:heskyttberg
ID: 8096196
Hi!

Well easiest is to get cygwin package for windows and install the binary ssh, in unix/linux just download a binary or source package and either install or compile and install.

If you goto www.openssh.org, and www.cygwin.com, they have good install instructions and howtos and so on.

When you installed make sure the server part is running on both machines.

Then you can do something like this:
Opening a tunnel:
https://www.helixcommunity.org/nonav/docs/ddSSHGuideCygwin.html.en
Closing the tunnel:
https://www.helixcommunity.org/nonav/docs/ddSSHGuideterminating.html.en

I don't intend to give step by step install instructions here since such instructions are given in the cygwin and openssh pages. Cygwin is really very easy, you download their setup program run it and choose the packages you want to install.

Regards
/Hans - Erik Skyttberg
0
 

Author Comment

by:psikic
ID: 8096211
So you install the server on the roaming machine, and on the desktop machine, telnet to the linux machine and make two ssh connections (one to roaming and one to desktop)?  I need to know more than just how to open a tunnel... I know how to do that; I need to know if I can do forwarding like this.
0
 
LVL 8

Expert Comment

by:heskyttberg
ID: 8096307
Hi!

I don't think you really understand this.

When creating that tunnel you say this:
Any connection done on computer A at port 1080 will be forwarded to computer B at port 1080.

The tunnel is making port on local computer appear on a remote computer or the other way around.

If you allready know how to create a tunnel then you also should know that anyhting connecting to one side of the tunnel will automatically end up on the other side of the tunnel.

Regards
/Hans - Erik Skyttberg
0
 

Author Comment

by:psikic
ID: 8096318
Yes, that makes sense, but how can the linux server forward to a port on a machine behind the firewall?  That is why the desktop machine would have to initiate the connection.  I can't tell the linux server to create the tunnel to the machine behind the firewall because all traffic to the desktop machine must be initiated by the desktop machine.
0
 
LVL 8

Accepted Solution

by:
heskyttberg earned 500 total points
ID: 8097338
Hi!

That is why the tunnel must be opened from the machine inside the firewall, not the other way around.

When the tunnel is up, the linux box only sends the data to the firewall, which knows this connection is approved from the inside and does the wonderful NAT translations and sends data to your box on inside.

I have to say it imposes some security risks doing this.
And this won't work with all ports or applications.

Regards
/Hans - Erik Skyttberg
0
 

Author Comment

by:psikic
ID: 8098595
I got part of it to work, but I am not going to be able to use it like I want unless I login to the linux box from the roaming box and then use the linux box to login to the desktop box.  The reason for this is because OpenSSH running on the Linux box will not let other machines connect to the tunnel that is created other than itself.  I appreciate your help though, I think I can make it work the way I have it now using workarounds.  I sure am farther along that I was before, at least...

psikic <http://cs.atu.edu/~bryan/>
0
 
LVL 8

Expert Comment

by:heskyttberg
ID: 8101581
Hi!

I'm not sure, but look into the -A and -D options to make tunnel availible to others outside your linux computer.

Regards
/Hans - Erik Skyttberg
0
 

Expert Comment

by:hitek0001
ID: 8336488
Hi,
 I currently use a little program called Privaria.
http://www.privaria.org

This lets me remotley control my computer much like gotomypc through our Nat and Firewalled network from home.

Jared
0

Featured Post

ATEN's HDBaseT Presentation at InfoComm 2017

Hear ATEN Product Manager YT Liang review HDBaseT technology, highlighting ATEN’s latest solutions as they relate to real-world applications during her presentation at the HDBaseT booth at InfoComm 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses
Course of the Month9 days, 4 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question