But there's a catch: we don't want a simple shell, we want a standard encrypted connection: an ssh connection.
Let's consider the following machines:
- a public machine: myhost.example.com
- a machine behind NAT: 10.0.0.1
We want to connect from myhost.example.com to 10.0.0.1. Because it is behind NAT, it does not have a public IP address and therefore we can not ask it for a connection.
However, with a little help from 10.0.0.1, we can do it. At 10.0.0.1 we do:
ssh -N -R 2222:localhost:22 me@myhost.example.com
This will create a tunnel-only connection to the public machine, with a reverse tunnel from the 2222 public machine port to the 22 port of 10.0.0.1.
This means that any packets going to port 2222 of the public machine will reach port 22 of 10.0.0.1, which is exacly what we need to start an ssh connection.
Because of this cool reverse tunnel, now we can connect to 10.0.0.1 by doing the following at the public machine:
ssh -p 2222 me@localhost
No comments:
Post a Comment