I have a openssh-server. On Ubuntu 14.04x behind a firewall (I have no admin rights to) I want to create a ssh tunnel from my Kali Linux rolling that is using a tether from mobile device that is behind a firewall I have no admin rights. Is this possible? I have chrome remote desktop which allows command line access to the Ubuntu machine which has open vpn access. Server and open ssh server.
-
1Both sides have NAT? You're practically out of luck without a third party. – phk Oct 22 '16 at 18:18
2 Answers
Ubuntu----Firewall1----Internet----Firewall2----Kali
And you want to SSH to the ubuntu box from the kali box, with no access to either firewall.
There are two things you need to have.
1) Some way for an inbound connection to pass through Firewall1 and get to the Ubuntu host. Which port is irrelevant, as long as something is NATted in. It should be a TCP port.
2) Firewall2 needs to allow the connection FROM internal TO internet on the same port as #1.
Without both of those, you're not going to achieve your goal.
Possible alternatives
Check IPv6 - if both ends have functional IPv6 then NAT becomes a non-issue. However firewall rules may still need adjusting.
Use a third party - a shell server somewhere on the internet, and both Ubuntu and Kali maintain a ssh session with reverse tunnels configured. So from Kali you would SSH to shellbox with a
-R
option. More info on this at How does reverse SSH tunneling work?Bypass the firewall by laying in and managing your own connectivity. This might mean installing a DSL or Fibre connection at either end. Downside here is cost and permission. You might get away with using a cellular connection, but they get expensive really quick.
Simply don't. If you're bored at work/school and this is merely a distraction, perhaps you need a more challenging and involving job.

- 1,781
-
If the network layout in line1 does not match reality, then please advise and I'll rework it. – Criggie Oct 22 '16 at 19:38
If either of the firewall devices supports UPnP, you can use it to set up a port forward. There are are several available command line utilities you can use that send UPnP calls.
One such utility suite can be found here: http://people.ds.cam.ac.uk/ssb22/setup/upnp.html
You will likely need the requisite python module, which you can install with pip install --user miniupnpc
.
Usage is very simple:
./upnp-add-port 22222 22
This will forward port 22222
on the firwall device to port 22
on your machine.
The upnp-ports
command should then show something like this:
./upnp-ports
TCP:22222 -> 192.168.0.139:22 upnp-add-port 22222

- 71,831
-
Well i couldnt find ssh middleman so will try plug n play or learn ip6 does the router have to be newer to support ip6 – Ronald grumpet Oct 23 '16 at 00:50