0

I have a main node on one dedicated server where all ports are opened. I have to additional dedicated servers where some ports that we are using to communicate between servers are closed by ISP provider. So, I can not establish a connection between them using the internet IP address of the main server.

Communication between nodes over SSH port forwarding

I have created SSH port forwarding from one of the dedicated servers with closed ports using a command like that:

ssh -fNT -L 84xx:localhost:84xx user@main_server_IP

It works when I have only one port forwarding but how to make that for 2 and more servers with closed ports? Also, I think localhost is not correct usage when I have more than one servers for forwarding connection. How I can create an Intranet address apart from a static IP address that each server have? Or I can use a static IP address instead of localhost? I need to forward only communication that node establishing via 84xx port all other connections should go in the regular way without a tunnel.

Improve this question

1 Answer 1

Reset to default
0

As you rightly mentioned, localhost should not be used, mostly because you are using the wrong tunneling type -- -L instead of -R. You want to open new ports on the main server to be available for external clients, which means that the ports should be bound to the public IP address. If you bind it to localhost, no-one from the outside will be able to reach it.

The simple solution, considering the way you tried to approach your problem -- ssh tunnel -- is to use two different ports on you main_server. If the main server is "main_ip" and the two other servers are "sec1_ip" and "sec2_ip" you have to run the following commands:

On sec1_ip:

ssh -fNT -R 8447:localhost:8447 user@main_ip

On sec2_ip:

ssh -fNT -R 8448:localhost:8447 user@main_ip

After that, everyone connecting to main_ip:8447 will be reverse tunneled to sec1_ip and everyone connecting to main_ip:8448 will be reverse tunneled to sec2_ip.

Note the following:

  1. You have to use different ports as the first option of the reverse tunnel. There can only be a single process opening a specific port on a specific ip address.
  2. We use localhost and the -R (reverse tunnel), not -L. This means that the localhost part is on sec*_ip servers.
  3. If you want to use the same port for both the "hidden" servers, you will need to ask for an additional public IP address on the main_ip server. In this case, you could change the aforementioned commands to:

On sec1_ip:

ssh -fNT -R main_ip:8447:localhost:8447 user@main_ip

On sec2_ip:

ssh -fNT -R main_ipB:8447:localhost:8447 user@main_ip
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.