SSH-Tunnel and port-forwarding in usermode

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I have a question concerning port forwarding and SSH-Tunnels. My sister has
a laptop with Linux installed on it. She doesn't know so much about
so I sometimes logged into her computer to fix problems or install
This did work fine a long time. But a few months later the residence she
in installed a firewall. This firewall bars me from logging into her
directly via ssh. So I had the idea of an SSH-Tunnel using pppd. If I want
log into her computer, she has to type in the following

/usr/sbin/pppd noauth silent nodeflate nobsdcomp mru 1500 nodefaultroute
10 ipcp-restart 10 netmask pty "ssh -t <my-ip-address>
'/usr/sbin/pppd nodetach '" nodetach

This opens a private Point-to-Point connection between my computer and my

This was very fine for some months. I could log in to her laptop using the
SSH-Tunnel. But now, I have moved to a student's residence also, and
unfortunately there's a firewall also which won't let my sister initiate
SSH-Tunnel connection to my computer.

Now there's the problem that I can't reach her computer and she can't
reach mine.

But maybe there's a solution. The network I use, looks like this:

my Computer ---- Firewall ---- Uni Network ---- Internet ---- Firewall
---- My sister's computer

I can log on some linux servers within the Uni Network but I don't have
privileges there. I thought of the following: I could start some program
on the
Uni-Server in user-mode which connects to some port, e.g. 2000. Then I
tell my
sister to start her ssh-client with "-p 2000" and the name of the
Uni-Server. The
little program (which I hope exists) could (maybe?) forward all incoming
data to my
computer as if it was a SSH-Connection from the Uni-Server to me.

Is there some program which can do that? I don't have root access. If I
had, I would
simply use Linux port forwarding. But I think there should be a programm
which does port
forwarding in user-mode.

Any ideas?

Thanks a lot!


Re: SSH-Tunnel and port-forwarding in usermode

Quoted text here. Click to load it

I do this a lot.  I suggest just running a program on each (or either)
computer that contacts the university machine and establishes a tunnel.
Something like
    % ssh uni -R 22000:localhost:22
will do it but you might want to put it in a script that automatically
restarts it if it fails, or use Reliable SSH, etc.  Once it's
established, you can get to that computer by ssh-ing to uni, port 22000
from anywhere.

I also suggest using limited public keys to do this.  Enter lines like
    command="cat" [some new key]
in your authorized_keys file on the uni computer.  That'll allow you to
easily establish the connection, but you (or someone else) won't be
able to do anything with the connection other than create tunnels.

Quoted text here. Click to load it

What Linux port forwarding requires root access?  Xinetd?  (It *can* be
run as a normal user, I think.)  Socat and Netcat don't need root.

Quoted text here. Click to load it

Yes, it's ssh.


Re: SSH-Tunnel and port-forwarding in usermode


Quoted text here. Click to load it

Thanks so much! I didn't expect this could be so easy...

Quoted text here. Click to load it

some years ago I used the portfw modules with Kernel 2.2, which of course
(like all modules) require root privileges. I didn't know this could be
achieved by other programs.


Site Timeline