Port forwarding and SSH tunneling

D

Dylan_G

Expert Member
Joined
Nov 12, 2011
Messages
4,163
Reaction score
2,678
Hi guys

So I've been playing around with a Raspberry Pi recently. I've managed to make it into a download+media server and everything is working nicely.

My next project is involving remote access to it, but there's some stuff I'm just not understanding.

I've got a Dynamic DNS account with no-ip. I've forwarded port 22 to the pi through my router. When I use PuTTY, point it to the DDNS domain at port 22, I can SSH to my Pi. Fantastic.

Now, I've been reading up that SSH tunneling is the safest option when connecting to the Pi remotely esp when using protocols that aren't encrypted (VNC and such).

So lets say I want to use an SSH tunnel to VNC to the Pi (I have tightvnc installed and can use it on the local network)...

Can this be done from Windows -> Raspbian? From what I read online, it would seem like you'd need a Linux client for using the SSH in the terminal to use the "SSH -L localport:host:hostport" command.

Is there another port I need to forward perhaps? I would think not, as I want it to come through port 22 for the SSH, right?

I'd also like to connect to my torrent client (transmission), Sickbeard and SABnzbd through an SSH tunnel too... Just for fun. :p I know they've all got their own ports, but they're accessed through the browser... So would it be the application specific port (8080, 8081) or port 80.

Thanks
 
http://www.heystephenwood.com/2012/12/raspberry-pi-as-ssh-tunnel-gateway.html

That guide covers it basically. It will work and route 80, 443 over the ssh tunnel port 22. You will have to read up more about routing natting etc to understand it better and minipulate it for other ports. If you want to be really sneaky tunnel your traffic through ICMP no shaping or firewall will stop you unless the admins monitor ICMP and thats very very unlikely.

THis enables you to surf free on any public wifi connection out there :) This includes hotels etc. without them being able to track your usage.
 
Last edited:
I have done it that way a few times but I found it quicker to just configure putty to d othe port forwarding and not d othe socks proxy.
 
plod said:
I have done it that way a few times but I found it quicker to just configure putty to d othe port forwarding and not d othe socks proxy.
Click to expand...

This is the correct way to do it. If you want to do something more advanced ( and learn some more unix on the side ) try out Cygwin. It gives you a unix terminal on your local machine that you can use to do things like ssh, scp, rsync, wget, and the like, all inside Windows.

An example command to get a local port forwarded to your pi would be

ssh -L 3333:localhost:5900 [email protected]
Click to expand...

That will mean you can connect on localhost port 3333 to the vnc ( normally 5900 ) on the raspberry pi.

Drop me a pm if you need any help setting up, getting into Linux is one of the most rewarding things you will ever do :)
 
bullzeye.za said:
This is the correct way to do it. If you want to do something more advanced ( and learn some more unix on the side ) try out Cygwin. It gives you a unix terminal on your local machine that you can use to do things like ssh, scp, rsync, wget, and the like, all inside Windows.

An example command to get a local port forwarded to your pi would be





That will mean you can connect on localhost port 3333 to the vnc ( normally 5900 ) on the raspberry pi.

Drop me a pm if you need any help setting up, getting into Linux is one of the most rewarding things you will ever do :)
Click to expand...

Let the guy tinker on his pi and get it working there he will learn much more than installing cygwin on windows in my opinion. Just use putty to ssh to your pi and then configure it. You will learn much more about networking and the inner workings of linux.
:)
 
GoofySmurf said:
If you want to be really sneaky tunnel your traffic through ICMP no shaping or firewall will stop you unless the admins monitor ICMP and thats very very unlikely.

THis enables you to surf free on any public wifi connection out there :) This includes hotels etc. without them being able to track your usage.
Click to expand...

Lol, well this is new. Haven't heard of it before, but it's definitely interesting. Will be looking into it. Now its a choice between doing this or using a VPN... Or could they work together ? I'm taking baby steps here. :)

bullzeye.za said:
This is the correct way to do it. If you want to do something more advanced ( and learn some more unix on the side ) try out Cygwin. It gives you a unix terminal on your local machine that you can use to do things like ssh, scp, rsync, wget, and the like, all inside Windows.
Click to expand...

Thanks dude. I read about Cygwin. Was just looking into all possibilities and which would be the most appropriate. I was advised to just set up a VPN because I intend on using more than one application and that I could just use the VPN to access all of them. Currently setting up OpenVPN. Good idea?

GoofySmurf said:
Let the guy tinker on his pi and get it working there he will learn much more than installing cygwin on windows in my opinion. Just use putty to ssh to your pi and then configure it. You will learn much more about networking and the inner workings of linux.
:)
Click to expand...

Lol, I fully agree man. Theres just some stuff dealing with SSH and networks that I can't wrap my head around.

I'm not a complete Linux noob (I used many distros and stuck with Linux Mint for a while). I just love Linux. It just works so well (and to me, looks a damn sight better than Windows). The only reason I use Windows is because I paid for the license when I bought my laptop. I have a Mint VM set up that I used when setting up my Pi. :)
 
DA-LION-619 said:
Just a question, why are you using transmission?
Click to expand...

Deluge was giving me ****. :)

Actually, it kept on crashing. I was going to find out why and said I'd test another torrent client first. I tried Transmission, and now it stuck.

It does everything I want and seems to have a smaller footprint.
 
I tried Transmission, hated it! I'm running rtorrent on my VPS with rutorrent for the Web GUI.
 
If you want to give Yaler.net a try. Creates a tunnel similar to Teamviewer and works well.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X