Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Tunnel to machine behind NAT firewall

Posted on 2003-03-08
11
Medium Priority
?
338 Views
Last Modified: 2013-11-16
Does anyone know of a software system I can set up so that I can connect to my desktop machine that is behind a NAT firewall from outside of its network?  This desktop machine I would like to connect to does not have an outside IP address; although it does have internet access through a NAT firewall machine that I cannot administer.  I have a linux box outside the network that I could make a connection to from that machine and open some sort of ssh port tunnel, etc. if this would help.  My goal is to be able to connect to the desktop machine inside the network by connecting to this linux server from outside the network and have it forward the connection to the desktop that is inside the network, after beforehand making sure the machine has opened a connection to the linux server.

I don't know if it is completely clear so let me see if I can draw it out...

   OUTSIDE OF NETWORK                  | INSIDE OF NETWORK
 /---------\           /-------\    /--|---\   /---------\
 | ROAMING |-----------| LINUX |----| NAT  |---| DESKTOP |
 \---------/           \-------/    \--|---/   \---------/

 1.  Connect desktop machine to linux server in a "waiting" mode which runs indefinitely
 2.  Connect roaming machine to linux server as needed for normal use
 3.  Linux server forwards packets from roaming machine to desktop machine through connection in step 1

A solution such as www.gotomypc.com is not acceptable for this question, as I know a free soultion should exist or can be developed because I have my own server... I just need to know what software to use and how to set it up.
0
Comment
Question by:psikic
  • 5
  • 5
11 Comments
 

Author Comment

by:psikic
ID: 8094468
If my ascii drawing doesn't look correct for you, copy and paste it into notepad.

psikic <http://cs.atu.edu/~bryan/>
0
 
LVL 8

Expert Comment

by:heskyttberg
ID: 8096149
Hi!

You need to use and setup openssh.
http://www.openssh.org/

Regards
/Hans - Erik Skyttberg
0
 

Author Comment

by:psikic
ID: 8096164
I already knew that I probably needed to use SSH and the port tunneling features, but I wouldn't know how to go about setting it up.  How would I make the desktop connect to the Linux machine and keep an open connection?  How would I instruct the linux machine to forward the connections from the mobile machine to the desktop machine?  I need to know how to set up the software--that is my question.

Thanks

psikic <http://cs.atu.edu/~bryan/>
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
LVL 8

Expert Comment

by:heskyttberg
ID: 8096196
Hi!

Well easiest is to get cygwin package for windows and install the binary ssh, in unix/linux just download a binary or source package and either install or compile and install.

If you goto www.openssh.org, and www.cygwin.com, they have good install instructions and howtos and so on.

When you installed make sure the server part is running on both machines.

Then you can do something like this:
Opening a tunnel:
https://www.helixcommunity.org/nonav/docs/ddSSHGuideCygwin.html.en
Closing the tunnel:
https://www.helixcommunity.org/nonav/docs/ddSSHGuideterminating.html.en

I don't intend to give step by step install instructions here since such instructions are given in the cygwin and openssh pages. Cygwin is really very easy, you download their setup program run it and choose the packages you want to install.

Regards
/Hans - Erik Skyttberg
0
 

Author Comment

by:psikic
ID: 8096211
So you install the server on the roaming machine, and on the desktop machine, telnet to the linux machine and make two ssh connections (one to roaming and one to desktop)?  I need to know more than just how to open a tunnel... I know how to do that; I need to know if I can do forwarding like this.
0
 
LVL 8

Expert Comment

by:heskyttberg
ID: 8096307
Hi!

I don't think you really understand this.

When creating that tunnel you say this:
Any connection done on computer A at port 1080 will be forwarded to computer B at port 1080.

The tunnel is making port on local computer appear on a remote computer or the other way around.

If you allready know how to create a tunnel then you also should know that anyhting connecting to one side of the tunnel will automatically end up on the other side of the tunnel.

Regards
/Hans - Erik Skyttberg
0
 

Author Comment

by:psikic
ID: 8096318
Yes, that makes sense, but how can the linux server forward to a port on a machine behind the firewall?  That is why the desktop machine would have to initiate the connection.  I can't tell the linux server to create the tunnel to the machine behind the firewall because all traffic to the desktop machine must be initiated by the desktop machine.
0
 
LVL 8

Accepted Solution

by:
heskyttberg earned 500 total points
ID: 8097338
Hi!

That is why the tunnel must be opened from the machine inside the firewall, not the other way around.

When the tunnel is up, the linux box only sends the data to the firewall, which knows this connection is approved from the inside and does the wonderful NAT translations and sends data to your box on inside.

I have to say it imposes some security risks doing this.
And this won't work with all ports or applications.

Regards
/Hans - Erik Skyttberg
0
 

Author Comment

by:psikic
ID: 8098595
I got part of it to work, but I am not going to be able to use it like I want unless I login to the linux box from the roaming box and then use the linux box to login to the desktop box.  The reason for this is because OpenSSH running on the Linux box will not let other machines connect to the tunnel that is created other than itself.  I appreciate your help though, I think I can make it work the way I have it now using workarounds.  I sure am farther along that I was before, at least...

psikic <http://cs.atu.edu/~bryan/>
0
 
LVL 8

Expert Comment

by:heskyttberg
ID: 8101581
Hi!

I'm not sure, but look into the -A and -D options to make tunnel availible to others outside your linux computer.

Regards
/Hans - Erik Skyttberg
0
 

Expert Comment

by:hitek0001
ID: 8336488
Hi,
 I currently use a little program called Privaria.
http://www.privaria.org

This lets me remotley control my computer much like gotomypc through our Nat and Firewalled network from home.

Jared
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Make the most of your online learning experience.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question