Comments on: Bypassing corporate firewall with reverse ssh port forwarding

By: Christian Rishøj

Christian Rishøj — Fri, 05 Mar 2010 17:33:35 +0000

Excellent post! Thorough, explanatory and extremely useful. You saved the day!

By: SSH port forwarding | - [ t o i c . o r g ] -

SSH port forwarding | - [ t o i c . o r g ] - — Tue, 16 Feb 2010 13:44:45 +0000

[...] one of my previous post I made a tutorial how to bypass corporate firewalls and gain access into your office computer. It work well if you are at your home and you need ssh [...]

By: Reverse ssh port forwarding « Linux notes

Reverse ssh port forwarding « Linux notes — Sun, 14 Feb 2010 15:07:11 +0000

[...] via Reverse ssh port forwarding | – [ t o i c . o r g ] -. [...]

By: Branko

Branko — Mon, 25 Jan 2010 07:56:24 +0000

As far as I know this setup will not work for you in this way.

If you reverse proxy the connections trough your home computer than all traffic will go trough that tunnel, and that beats the purpose of what your trying.

By: Branko

Branko — Mon, 25 Jan 2010 07:53:49 +0000

What you need to do is make sure Gatewayports are set to clientspecified in /etc/ssh/sshd_config

On your vps run this command:

ssh -nNT -R 0.0.0.0:2222:localhost:22 username@localhost

Make sure you replace port 2222 with a port that is opened on your university, and replace username with your local vps username.

After doing so make sure your vps firewall is permitting traffic on the port of your choice (2222 in this example).

Do a quick nestat -ntl on yoiur vps, and it should show something like this:

tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN

By: abuiles

abuiles — Mon, 25 Jan 2010 04:37:09 +0000

Hi there.

Normally in my university 22 port is blocked, so being there I can’t get connected to my ssh account, ( I have a VPS )

So I tried to do some port forwarding in my server, to send all the incoming request in certain port to port 22, i tried the following command.

ssh -nNT -R somePort:myip:22 myuser@myip.com

it didn’t work, certainly I’m doing wrong, do you know if it is possible to do something like that ?

Any help would be really appreciated.

By: sandeep

sandeep — Wed, 13 Jan 2010 19:23:32 +0000

haii,
i am studying in college…at college computer i can’t use bit-TORRENT .because i suppose that it is blocked by college firewall………
pls tell me how i download torrent file on college computer….

pls help…………

By: Branko

Branko — Fri, 08 Jan 2010 10:17:20 +0000

Can you specify what command you are using to establish a reverese tunnel from office Computer?

By: Justin

Justin — Sat, 02 Jan 2010 19:46:42 +0000

I am having a few issues with this setup.
I CAN establish a reverse tunnel from officeComputer to remoteServer However I am unable to connect to officeComputer THRU remoteServer using the ssh -p 2210 remoteServer example.

However if I ssh in to the remoteServer i can ssh -p officeComputerPORT localhost

I changed the GatewayPorts on remoteServer and restarted with no change.

when my officeComputer connects to remoteServer and I do a netstat -tnl it still shows only the l27.0.0.1 as the listening port.

Any suggestions?

By: Mike C

Mike C — Thu, 17 Dec 2009 16:04:55 +0000

You Rock! Awesome site.

FWIW, I was reverse tunneling and could only connect via localhost (connections to the remote nic kept failing).

mike@go:/etc/ssh$ telnet localhost 4007
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
^]

telnet> close
Connection closed.
mike@go:/etc/ssh$ telnet myDomainName.com 4007
Trying 72.14.188.90…
telnet: Unable to connect to remote host: Connection refused

I discovered the GatewayPorts option in ssh_config (client!) and put it in my client config. Of course this didn’t work. Then I put it in the sshd_config per your instruction with the clientspecified value. After an sshd restart, everything is good!

Thank you!