SSH Tunnels – Part 3: Network Side

This post is the last in a series of three posts regarding SSH tunneling.  This post will discuss the required configurations and information to connect to an SSH server from outside your network (over the Internet).

 

SSH Tunnel Series

  • Part 1: Client Side:  Discusses connecting to an existing SSH server and using it to encrypt Internet traffic on untrusted networks.
  • Part 2: Server Side:  Discusses creating and configuring an SSH server.
  • Part 3: Network Side:  Discusses configuring your network to allow SSH connections from other networks, and tips and tools to make connections easier.

 


 

Step 1: Find Your IP Addresses

Before we get carried away, there are two important pieces of information we need to determine.  Those are the local and external IP addresses for your SSH server.  Your external IP address will be the server address used in part 1 of this series.  Your local IP address will be used below to configure your network.  If you do not know how to find your external and local IP addresses, you can read one of my other blog posts which explains how to do so on Windows, OS X, and Linux.  Write down both IP addresses for reference.

Step 2: Forward Port 22 to Your Server

Nearly all home routers include a built-in firewall.  If you don’t know what a router is, it is one of those boxes used to provide your Internet connection.  Depending on your exact setup, you might have one single box, usually provided by your Internet service provider, which combines a bunch of functions into one, or a collection of devices of which one is your router.  If you have more than one device, the router is probably the one with antennas on it and/or the one with a bunch of ports on the back (usually 4 or more).

A firewall is simply a program running on your router that prevents some of the evil people on the Internet from accessing your computer in ways you don’t want.  Firewalls provide security.  Unfortunately, in the process of providing security, they will also block your SSH tunnel if you attempt to use it outside of your home network.  In order to prevent this from happening, we must forward the SSH port of 22 to your SSH server.

 

The exact procedure for this varies widely from router to router.  Fortunately, there is a website dedicated to providing instructions on how to forward ports on nearly every router out there.  That website is http://portforward.com.  If you do not know how to forward ports using your router, find the manufacturer and model number of your router (usually located on a sticker on the bottom of the router), and then click that link to portforward.com.  Once there, click the link for the manufacturer of your router (mine is DLink for example), then choose the model of your router from the next list.  And finally, scroll down the list of programs and find the entry for SSH.  You should then be given a detailed list of steps for forwarding port 22 to your computer.

 

 

 

That’s it!  You should be able to refer to part 1 of this series for instructions on how to establish an SSH tunnel and use it.  This concludes the series on SSH tunneling.  I hope it helped.  If you have any questions or suggestions, let me know in the comments.  I also love to hear success stories and interesting use cases!

3 Comments

Leave a Reply