CODEWITHSUNDEEP
linuxnetwork-programmingsshfirewallhttp-tunneling
DucDigital
DucDigital

Reputation: 4622

Use HTTPTunnel (htc/hts) to connect SSH server inside firewall?

I would like to access my PC at Home, however, the connection to my home is under a NAT firewall which block all port except 80 and 443. I cannot do any modifications to the network in anyway.

I have setup the httptunnel at my HOME and WORK PC and tested the connection successfully (PCHOME SSHclient => PCWORK SSHd)

Work Server command: hts --no-daemon  --forward-port localhost:22 8080
Home Client command: htc --no-daemon -F 1234 myserver.com:8080
Home ssh to server: ssh localhost -p 1234 (success)

But I would like to do the reverse way. The goal is: PC Work SSH Client => PC HOME SSHd, provided that the tunnel, ssh is setted up and work normally without any modification.

Are there anyway to do that?

And could it be possible to access local Home network intranet using tunneling through SSH?

______________                                  _______________
|  PC HOME   |                                  |  PC Work    |
|------------|                                  |-------------|
| Server SSH |                                  | Client  SSH |
|     ^      |                                  |     |       |
|     |      |                                  |     |       |
|     |      |                                  |     V       |
| Client HTC <===== BLOCKED ALL EXCEPT 80 ======= Server  HTS |
|___[1234]___| 8080                             |___[8080]____|

192.168.0.10                                      myserver.com
(No Public IP)

PS: I hope the diagram is clear

Upvotes: 2

Views: 4514

Answers (1)

lorenzodarkside
lorenzodarkside

Reputation: 186

Well, your key for this is remote tunnelling

Once you have an normal ssh connection, like you mentioned (just inserted username for clarity of the destination in the ocean of localhosts :)

ssh -p 1234 htsuser@localhost

you can do a remote tunnel backwards extending your command line.

So for example to reach HTC's http port initiatied from HTS-side, first start the connection with an extra remote tunnel from HTC-side, like

ssh -p 1234 -R9000:localhost:80 htsuser@localhost

This will open a tunnel on port 9000 on the remote machine (HTS) and until this tunnel lives, you can reach HTC's port 80 at localhost (HTS) port 9000 (you can check by browsing http://localhost:9000)

Or for ssh, just replace 80 with 22

ssh -p 1234 -R9000:localhost:22 htsuser@localhost

...and then on HTS side, just

ssh -p 9000 htcuser@localhost

Upvotes: 1

Related Questions