how to setup an ssh reverse tunnel through a NAT device 


from behind NAT(fedoradora):        ssh -R 19999:localhost:22   john@aserver.com (external)
from external box:                 ssh localhost -p 19999

from another external box (e.g. linuxlab):  ssh to external, then ssh localhost -p 19999 

fedoradora: 	ssh -R 19999:localhost:22   aserver.com
fedoradora: 	top
aserver.com:	ssh localhost -p 19999
linuxlab:	ssh aserver.com; ssh localhost -p 19999

-----------------------------------------------------------------------

Reverse SSH Tunneling, 
	behind NAT  (fedoradora) has 		192.168.9.9 
	box on the net (aserver.com) has	79.149.49.295

THE GOAL have the aserver.com get the fedoradora:  
-------------------------------------------------------------------------
	aserver.com (79.149.49.295) -> |NAT| ->  fedoradora (192.168.9.9) 
-------------------------------------------------------------------------

1. SSH from the fedoradora to aserver.com (with public ip) using command below:


	ssh -R 19999:localhost:22   john@79.149.49.295

		* port 19999 can be any unused port.

2. Now you can SSH from aserver.com to fedoradora through SSH tuneling:

		ssh localhost -p 19999


Other servers can also access fedoradora (192.168.9.9) through the aserver.com (79.149.49.295).

	john's linux box -> aserver.com (79.149.49.295) -> |NAT|  -> fedoradora (192.168.9.9) 

	1 From john's linux box  
		ssh john@79.149.49.295  (ssh aserver.com)
	2 After the login to aserver.com:
		ssh localhost -p 19999

	* the connection between fedoradora and aserver.com must be alive at all time.

Tip: you may run need to run a command on fedoradora to keep the connection active.  This is normal for putty and ssh sessions between hosts.  
Typically running top will keep the connection alive.  
I used to write a wrapper script for checking mail, when I exit mail it launches top automatically, keeping the connection alive.  However,
there is a variable that can be set on the ssh server:
	ClientAliveInterval 30       # this was added to prevent the connection from dropping
	ClientAliveCountMax 5        # this was added to prevent the connection from dropping
There is also an option when lauching ssh, see man ssh.

-- Linux commands, scripts, tools and systems administration --

SEARCH and Navigation TOOL
Google     select a domain to search or visit.
(use back key to return )

johnmeister.com/jeep/sj
 JeepMeister
"Jeep is America's
only real sports car."
-Enzo Ferrari
JohnMeister.com LinuxMeister
MeisterTech FotoMeister.us
BibleTech the rest of the web

AMSOIL product guide click
and enter your year, make and model.

assorted links
Everett weather -- Seattle - Everett traffic -- assorted News
parallel NASB/KJV -- BBC: Middle East
South East Asian Missions -- Voice of the Martyrs

Nuts-Bolts-Wrench specs
john's vehicle history since 1972