[Freedombox-discuss] How to make a freedombox on non-public network available on the Internet
Petter Reinholdtsen
pere at hungry.com
Fri Nov 1 09:01:00 UTC 2013
Hos should we make the services on a Freedombox on a non-public
network / behind NAT publicly available? The pagekide system,
requested into Debian in <URL: http://bugs.debian.org/610358 > is one
complelling idea. It allow one to get any port forwarded from
somewhere to somewhere else, and optionally buy services from the
company behind pagekide.net to have the end point hosted there. And I
suspect we should try to get it into Debian for this purpose. Any
volunteers to package it for Debian?
Another, which I tested yesterday, is to use SSH to open a reverse
tunnel. To get it working, pick a machine with a public IP address,
and add GatewayPorts clientspecified to sshd_config:
pere at www:~$ grep GatewayPorts /etc/ssh/sshd_config
GatewayPorts clientspecified
pere at www:~$
Next, log in from a machine on the non-public network to the machine
with a public IP adress using the -R statement to open a listening
port on the public machine to a machine on the non-public net like
this:
ssh -R *:80:non-public-host:80 root at public-host
If you lack root-access on public-host machine, you can pick a port
above 1024 (for example 8080) like this:
ssh -R *:8080:non-public-host:80 root at public-host
The anyone on the internet can visit <URL: http://public-host/ > and
watch the web pages available on <URL: http://non-public-host/ >.
This can be done for any service on the non-public host, by specifying
multiple -R statements on the ssh line. Requiring root access on the
public-host machine is a disadvantage, though.
Are there other useful options? Any one got an opinion?
--
Happy hacking
Petter Reinholdtsen
More information about the Freedombox-discuss
mailing list