Setup
At home, I have a little Raspberry Pi 3 that runs services that are exposed to the internet. For example, it is running a HTTP server. I will call this server raspberry
. I can manage raspberry
remotely via SSH: I have opened port 22
on my router at home and therefore traffic to my public IP for this port is forwarded to raspberry
. So far so good.
raspberry
's architecture is arm64
and it runs FreeBSD
which makes it impossible (apparently, I tried hacking around, but no dice) for me to run a game server (UrbanTerror 4.3) on it.
I also have another machine, which is a ThinkPad (later on: thinkpad
) running OpenBSD
and it has an amd64
architecture, which does in fact allow me to run the desired server. From thinkpad
, I can access raspberry
by using SSH.
Question
I am currently not at home, but on a different network, actually abroad. I have an irresistible urge to host my server now, but I couldn't manage to do it on raspberry
, as I said.
Would it be somehow possible to run the server on thinkpad
and tunnel all traffic through raspberry
(since I can expose that to the internet, whereas here, abroad, I do not have administrator rights to the router)?
Essentially, what I want is to run the server on thinkpad
as if I were running it on raspberry
in terms of networking. That is the server would appear in server browsers and players would be able to connect: the traffic would arrive at raspberry
through port eg 27900
and it would be sent over the internet via SSH to thinkpad
.
PS I realize this would probably result in poor performance due to relaying the traffic through SSH but I would still like to try.
Thank you in advance and sorry for the long post!
EDIT 2018-12-14: Here is what I have already tried
So I need a reverse SSH tunnel for this. I created a tunnel from thinkpad
like so
ssh -N -R :27960:localhost:27960 <raspberry's public IP>
The tunnel is created successfully. I checked with netstat
on raspberry
and it is indeed listening on *:27960
(but TCP; is this a problem? UrbanTerror, like other games, uses UDP). Now I launched the server on thinkpad
and again, with netstat
, I saw that it's listening on *:27960
(UDP).
I tried opening an UrbanTerror client on thinkpad
and connecting to <raspberry's IP>
, but it didn't work. To debug, I tried the same while running
tcpdump -n -e -ttt -i ue0 | grep 27960
on raspberry
. When I attempted joining my server through raspberry
from UrbanTerror, the following appeared in the dump:
188.112.111.89.27961 > 192.168.0.33.27960: UDP, length 16
192.168.0.33 > 188.112.111.89: ICMP 192.168.0.33 udp port 27960 unreachable
(I stripped the output for brevity)
188.112.111.89
is the current public IP of thinkpad
and 192.168.0.33
is of course raspberry
. Why is port 27960
unreachable? Clearly, according to netstat
, thinkpad
is listening on that port.
Just to test connectivity, I tried running nc -l 27960
on thinkpad
and nc localhost 27960
on raspberry
: I could communicate in both directions w/o problems.
I think it's also worth mentioning that I have OpenBSD
's pf
packet filter running on both machines but I have disabled it for troubleshooting.
man ssh
? In this question the setup is similar (translation: "Plex" -> "thinkpad"; "remote server" -> "raspberry").