Providing an Internal Network Service on the Public Internet

This uses SSH tunneling, which I discussed in early 2005 on this blog. If you have one machine that acts as a gateway and others behind it, it is possible to get behavior like port forwarding on broadband routers using the following:

(run this on gateway machine)

ssh user@localhost -g -L interal_port:internal_ip:external_port -N -f

This is standard tunneling but with the -g option, which allows connections on the local machine from *any* host. Normally when you tunnel using the -L option, you can connect to localhost and access a service on another machine. No one else but you can use these forwarded ports however. -g opens up the tunnel.

You may need to allow tcp forwarding in etc/ssh/sshd_config. Add the following line:

AllowTcpForwarding yes

Also, you will need to have the external port open on the gateway machine's firewall. This is very OS specific. On Redhat Enterprise Linux, run the following in X:

system-config-securitylevel

And add the port as an 'other port' using tcp or udp.