What we will do in the situation where we want to access a node located behind a firewall, or locate in LAN behind a router. Quite impossible to access it. May be we can do port forwarding it the router to forward our packets to the target node, but we have to be the system administrator of the LAN to do it (or may be ask them to do).
However, if our target node is able contact us from the LAN, we still can access the node without disturbing our lovely system administrator. A tunnel between our node and the node will do the job. In this case, the tunnel is initiated by our target node. This is known as reverse tunnel.
Using ssh, you can set up this easily. Type the command as below:
# ssh -fNR [bind_address:]port:host:hostport] [user@]hostname
As example we want to access the target node (name: localhost) from our node (name: www.example.org). The port we want to access is port 22 and it will be accessible from our node at port 2222.
# ssh -fNR 2222:localhost:22 www.example.com
After that, the you are prompted password as usual. After successful login, the command quit but it will remains in background.
To access the target node, use our node to access the forwarded port (2222). So let say, if you want to ssh into the machine (because we have forwarded ssh port), we can use this command
# ssh localhost -p 2222
Then we will able to access the node in the LAN. This is valid for other ports as well. Cheers!
Posted by fadli 