0

I have a openssh-server. On Ubuntu 14.04x behind a firewall (I have no admin rights to) I want to create a ssh tunnel from my Kali Linux rolling that is using a tether from mobile device that is behind a firewall I have no admin rights. Is this possible? I have chrome remote desktop which allows command line access to the Ubuntu machine which has open vpn access. Server and open ssh server.

Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255

2 Answers2

0
  Ubuntu----Firewall1----Internet----Firewall2----Kali

And you want to SSH to the ubuntu box from the kali box, with no access to either firewall.

There are two things you need to have.

1) Some way for an inbound connection to pass through Firewall1 and get to the Ubuntu host. Which port is irrelevant, as long as something is NATted in. It should be a TCP port.

2) Firewall2 needs to allow the connection FROM internal TO internet on the same port as #1.

Without both of those, you're not going to achieve your goal.

Possible alternatives

  • Check IPv6 - if both ends have functional IPv6 then NAT becomes a non-issue. However firewall rules may still need adjusting.

  • Use a third party - a shell server somewhere on the internet, and both Ubuntu and Kali maintain a ssh session with reverse tunnels configured. So from Kali you would SSH to shellbox with a -R option. More info on this at How does reverse SSH tunneling work?

  • Bypass the firewall by laying in and managing your own connectivity. This might mean installing a DSL or Fibre connection at either end. Downside here is cost and permission. You might get away with using a cellular connection, but they get expensive really quick.

  • Simply don't. If you're bored at work/school and this is merely a distraction, perhaps you need a more challenging and involving job.

Criggie
  • 1,781
0

If either of the firewall devices supports UPnP, you can use it to set up a port forward. There are are several available command line utilities you can use that send UPnP calls.

One such utility suite can be found here: http://people.ds.cam.ac.uk/ssb22/setup/upnp.html
You will likely need the requisite python module, which you can install with pip install --user miniupnpc.

Usage is very simple:

./upnp-add-port 22222 22

This will forward port 22222 on the firwall device to port 22 on your machine.

The upnp-ports command should then show something like this:

./upnp-ports
TCP:22222 -> 192.168.0.139:22   upnp-add-port 22222
phemmer
  • 71,831