Join Log in
Score:0
seriously avatar Server

port forwarding using proxy ip

cg flag
seriously

I am trying to access my machine remotely through ssh with my public IP.

The regular way to do this would be to allow port forwarding on my router and then do: ssh ubuntu@myPublicIp but my ISP uses CGNAT so I can't port forward with my assigned public IP. So I used tinyproxy on my AWS instance and connected my local machine to the proxy IP address.

Meaning every request I make through my local machine goes through the proxy IP. Now my public IP is replaced with the proxy IP. My question is how can I set up port forwarding on my local Linux machine which has the proxy enabled so that I can connect to the machine remotely using ssh like: ssh ubuntu@myProxyIp.

456
2 + 0
ssh
Score:1
m4ki3lf0 avatar Server
hk flag
m4ki3lf0

Depending on what you need to actually port forward, you could make a dynamic reverse port forward with ssh.

If you only need to proxy port 22 :

ssh -R 22:0.0.0.0:2222 user@remote_server

You can then ssh on your local machine doing:

ssh -p 2222 localuser@ProxyIP

If you want to forward dynamically:

ssh -R 0.0.0.0:2222 user @remote_server

You can access anything on your local network using proxy chains. Pay attention that anyone knowing your remote ip and port for the SOCKS proxy can access your local network. You might want to implement a firewall to restrict who can access it.

Here is a good article talking about it: https://posts.specterops.io/offensive-security-guide-to-ssh-tunnels-and-proxies-b525cbd4d4c6

+ 0
Score:1
galaxy avatar Server
de flag
galaxy

To reach out a machine behind NAT/firewall/whatever you don't need anything except for that machine being able to make an outbound connection to the public network and ssh access to an instance in the public network.

The setup on the machine behind NAT is to ensure it makes an outbout ssh connection with the reverse port-forwarding enabled:

ssh -R:60000:127.0.0.1:22 [email protected]

where [email protected] is the account and the address of the instance in the public network you have access to. This command, basically, means the following: establish an SSH connection to friendly.domain.tld using user joe to authenticate and expose our local tcp port 22 at the remote end as tcp port 60000. If the SSH server software is recent enough (and configuration allows it) you may also directly map your local forwarded port to an internet facing IP address on friendly.domain.tld, but I assume here that such a configuration is not allowed.

Now, that our machine has established the outgoing link all we need to do to connect to it from anywhere is to use the friendly.domain.tld as a proxy in our SSH connection. For this you will need to open two terminal windows: the first will be used to establish a link with the friendly.domain.tld instance to port-forward the exposed tcp port 60000 to your local machine:

ssh -L60000:127.0.0.1:60000 [email protected]

This maps tcp port 60000 on the loopback interface of friendly.domain.tld to the loopback interface of the instance you are running the ssh command on.

From this point on, you can connect to your machine behind NAT by simply using:

ssh -p60000 my_account@localhost

where my_account is an account on your machine behind NAT.

All in all, there are three SSH tunnels in play:

machine_behind_nat <=1=> friendly_instance <=2=> your_laptop
            <=================3==================>

The reason for such a setup is to ensure that even if "friendly_instance" is broken into your communication with the machine behind NAT is not compromised (we are not trusting the "friendly_instance" beyond allowing it to transfer bytes via its loopback interface. We are using end-to-end encryption in our tunnel #3 which travels over tunnels #1 and #2.

I covered this setup in my blog if you want a bit of background and other tricks you can do with ssh.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.