I recently moved to an apartment block which has a fibre Internet connection. The drawback of which is that it's behind a NAT, precluding my ability to host game servers on my own computer. I sometimes like to host servers when I want to play games with family and friends.
However, if you're in the same situation, and happen to have access to a Linux server (in my case this very Linode) you're in luck. You can use the server as a "middle man", making a port available locally accessible on the remote server by use of an SSH tunnel.
How You'd Normally Do It
Image may be NSFW.
Clik here to view.
You'd normally forward the appropriate ports on your router to the LAN server and voilà, remote clients can connect. However, you can't do this when you don't have control of the router in question, such as my position.
With SSH Tunnelling
With SSH tunnelling, the traffic is transported via an SSH tunnel, and then made available on a remote port of the server you're connecting to.
Image may be NSFW.
Clik here to view.
So if you're hosting a local web server on port 8080, you can set up an SSH tunnel that makes port 8080 available on your remote server. When clients connect to remoteserver:8080 the connection will be forwarded via the tunnel to localhost:8080 on your machine.
Setting it up with plink
Before we start: you'll need to disable or open the ports you want to play with on the software firewalls of both your local computer and the remote machines. This means iptables, Windows Firewall etc.
So you'll need to add GatewayPorts yes to the bottom of /etc/ssh/sshd_config on your remote server with your favourite text editor. After you've done that, restart the SSH daemon using the command sudo service ssh restart.
Now, you need to download the plink.exe Windows binary from the PuTTY download page.
plink.exe
Replacing the bits in curly braces with your own data, use the command below on your Windows computer to set up an SSH tunnel:
plink -i "{PATH TO PRIVATE KEY}" -P {SSH PORT} {SSH USERNAME}@{SSH HOST} -R {LOCAL PORT TO FORWARD}:localhost:{REMOTE PORT TO OPEN}{PATH TO PRIVATE KEY}path to your private key (.ppk) file for authentication{SSH PORT}port SSH is running on, generally22{SSH HOST}hostname of the server,1.2.3.4oralanedwardes.cometc.{LOCAL PORT}local port to forward to server{REMOTE PORT TO OPEN}can be the same as{LOCAL PORT}, port to open on the server and forward to{LOCAL PORT}
Example
Say I was running a web server on port 8080 on my local computer and wanted other people to access it:
plink -i "C:\key.ppk" -P 22 alan@109.74.192.204 -R 8080:localhost:8080
So then anything available at localhost:8080 would then be available at 109.74.192.204:8080, accessible to all. Constraints of the NAT: BYPASSED.
Clik here to view.
