[Gllug] ssh to a machine behind NAT

[Paul Rayner]

Morning all,

I have a small linux file server (machine 1) behind a NAT router which 
I would like to be able to admin remotely on occasion. The machine can 
access the internet (no proxies), and not many ports appear to be 
blocked by any firewalls, but it is in a managed office building where 
I have no access to add static routes or port mapping further up the 
line.

I have a server (machine 2) in a data centre where I have complete 
control of the firewall (a Zywall 35) and the server. Currently machine 
1 runs rsync overnight to machine 2 to backup user files and settings. 
The Zywall runs several IPSec tunnels so I cannot enable pass through.

My plan for allowing remote admin is to machine 1 is as follows:

Set up a cron task to run every 5 mins which will see if there is an 
ssh connection to machine 2, and if not it will establish one, 
forwarding a port from the local machine to the remote one. I will then 
connect to machine 2 and connect to the forwarded port.

Surely there is a neater way to achieve this? The method above seems 
like a bit of a kludge to me.

If not, would ssh -R 9922:localhost:22 <machine 2> (forwarding 9922 on 
machine 2 back to ssh on machine 1) work, or would I Need to pick a 
different protocol for the return connection?

Both machines run FC4, and I would like to keep them machines free from 
any custom kernels or apps built from source in order to keep required 
documentation for someone else to replicate/fix/modify the setup in 
future to a minimum.

Suggestions would be much appreciated.

Regards,

Paul

--
Paul Rayner
Ylem Solutions Ltd ~ 32-38 Leman St, London. E1 8EW
Office: 020 7173 6241 ~ Mobile: 07739 143 763 ~ 
Paul.Rayner at YlemSolutions.com

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug