I'm trying to keep a tunnel using autossh, with the following command :
autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -R 0.0.0.0:8865:localhost:8765 user@remote
The goal is to make Client Box app on a specific port (a motioneye camera setup) viewable from internet.
(4G internet connection is not suitable for NAT forwarding, so a tunnel seems to be appropriate)
┌───────────────────────────────────────────────────────────┐
│ │
│ │
┌─────────────────┼────┐ ┌───────────────┐ ┌────────┴───────┐
│ │ │ ┌──────────┐ │ ├──────┤ remote box │
│ Client Box │ ├──┤ 4G box ├────────┤ INTERNET │ │8865 public port│
│ init ssh tunnel│ │ └──────────┘ │ │ └────────▲───────┘
│ │ │ └───────┬───────┘ │
│ ┌──────────────▼─┐ │ │ │
│ │ app on 8865 │ │ │ │
│ └────────────────┘ │ │ │
│ │ │ │
└──────────────────────┘ │ │
┌───────────┴──────────┐ │
│ Test box │ │
│ ├────────────┘
│ browser remote:8865 │
│ │
└──────────────────────┘
This setup works, I'm able to connect to the App on Client Box through Remote box tunnel endpoint.
But, after 12 hours or so, it is not reacheable anymore...
But the ssh tunnel is still active from the Client Box side !
If I reboot Remote box, it is working again (autossh is doing its job correctly).
Is there a way to debug this ?
Before rebooting, using netstat on remote, there's a bunch of CLOSE_WAIT connections (all ip's are anonymized) :
user@remote:~$ netstat -taupel
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode
tcp 0 0 0.0.0.0:8822 0.0.0.0:* LISTEN marc 14443
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN root 13018
tcp 0 0 0.0.0.0:8865 0.0.0.0:* LISTEN marc 14996
tcp 0 0 99.ip-99-99-99:8865 77-77-77-77.cou:53909 ESTABLISHED marc 269229
tcp 1 0 99.ip-99-99-99:8865 88.88.88.88:4689 CLOSE_WAIT marc 273524
tcp 517 0 99.ip-99-99-99:8865 88.88.88.88:62618 CLOSE_WAIT marc 270519
tcp 1 0 99.ip-99-99-99:8865 88.88.88.88:4742 CLOSE_WAIT marc 273702
tcp 530 0 99.ip-99-99-99:8865 88.88.88.88:4712 CLOSE_WAIT marc 273700
tcp 0 628 99.ip-99-99-99.:ssh 88.88.88.88:4867 ESTABLISHED root 273951
tcp 517 0 99.ip-99-99-99:8865 88.88.88.88:63033 CLOSE_WAIT marc 270489
tcp 517 0 99.ip-99-99-99:8865 88.88.88.88:62505 CLOSE_WAIT marc 269762
tcp 516 0 99.ip-99-99-99:8865 88.88.88.88:62850 ESTABLISHED marc 270756
tcp 0 0 99.ip-99-99-99.:ssh dsl-66-66-66-66:45052 ESTABLISHED root 274146
tcp 517 0 99.ip-99-99-99:8865 88.88.88.88:62504 CLOSE_WAIT marc 269763
tcp 516 0 99.ip-99-99-99:8865 88.88.88.88:4747 ESTABLISHED marc 273701
tcp 1 0 99.ip-99-99-99:8865 88.88.88.88:4761 CLOSE_WAIT marc 273703
tcp 0 1400 99.ip-99-99-99.:ssh 77-77-77-77.cou:53649 ESTABLISHED root 14909
tcp 0 0 99.ip-99-99-99.:ssh 88.88.88.88:62552 ESTABLISHED root 269900
tcp 0 0 99.ip-99-99-99:8865 77-77-77-77.cou:53641 ESTABLISHED marc 269231
tcp 590 0 99.ip-99-99-99:8865 88.88.88.88:4690 ESTABLISHED marc 273523
tcp 517 0 99.ip-99-99-99:8865 88.88.88.88:4675 CLOSE_WAIT marc 273699
tcp 0 0 99.ip-99-99-99.:ssh 66.66.66.66:56662 ESTABLISHED root 274175
tcp 0 0 99.ip-99-99-99.:ssh 55.55.55.55:62864 TIME_WAIT root 0
tcp 0 32768 99.ip-99-99-99:8865 77-77-77-77.cou:53911 ESTABLISHED marc 269230
tcp 0 0 99.ip-99-99-99.:ssh 88.88.88.88:62520 ESTABLISHED root 269764
tcp 0 100 99.ip-99-99-99.:ssh 77-77-77-77.cou:53569 ESTABLISHED root 14023
tcp 517 0 99.ip-99-99-99:8865 88.88.88.88:62619 CLOSE_WAIT marc 270518
tcp 0 0 99.ip-99-99-99.:ssh 55.55.55.55:21735 ESTABLISHED root 273543
tcp 517 0 99.ip-99-99-99:8865 88.88.88.88:62798 CLOSE_WAIT marc 270103
tcp6 0 0 [::]:8822 [::]:* LISTEN marc 14446
tcp6 0 0 [::]:ssh [::]:* LISTEN root 13029
tcp6 0 0 [::]:8865 [::]:* LISTEN marc 14997
Thanks !
