How to Forward Traffic from a Public Server to a Private Computer

port-forwardingsshssh-tunneling

My home computer is behind an ISP-level NAT which does not allow me to host game servers as a result.

I have a VPS which I use as a web server. I want to host a game server of Minecraft, but the VPS isn't powerful enough.

Both my computer and my VPS are running Linux. My computer can connect to my server, but the server can not open connections to my home computer.

What I would like to achieve is this:

  • Some user connects to port 27015 on my server.
  • The server then forwards all traffic from port 27015 on the server to port 27015 on my home computer via some connection that I opened with my home computer.

Can ssh do this? I know it can do the reverse. Is there some other program that does this if not?

Best Answer

Short answer: yes, ssh can do this. The answer's in your question: "reverse" tunneling. See the -R option to the ssh client:

-R [bind_address:]port:host:hostport
Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side. This works by allocating a socket to listen to port on the remote side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the local machine.

More reading at the ever-useful How To Forge (Reverse SSH Tunneling), but the basic principle is you ssh from your private host to your public one, specifying the port to map back. Remember to set your bind address in the command, otherwise it will only be bound to the local loop by default.

Related Question