@j.dawg
Same problem for me.
Definitely the case @Christopher Hostage mentioned is quite common but not what I am aiming for.
i.e. I need to let a computer outside the LAN to access the linux VM that is inside a host (windows) that is inside the LAN.
Here is my short answer to this question, refer to this brilliant article by Michel Blancard:
One approach is config the router or NAT gateway of the LAN:
- use DMZ in router to expose the VM. (risky: only if you are confident to expose this VM to outside world)
- A Better way is to use Port Mapping.
Another approach is tunneling
- Commertial services
- Or SSH remote port forwarding to an enabled SSH server.
Some detail for my adopted solution (more detail please check the article)
SSH remote port forwarding
Make sure that the following options are set in the /etc/ssh/sshd_config of the remote server and reload the SSH server if needed:
AllowTcpForwarding yes
GatewayPorts yes
Set up remote port forwarding (the tunnel) from the local workstation:
ssh -nN -R 8888:localhost:8889 [email protected]
Here :
- 1.2.3.4 is the public IP address of the remote server
- 8888 is the port the server is listening to
- 8889 is the port of your workstation that you want to expose
- remoteuser is the name of a user that has the right to connect to the server using ssh
-n
prevents reading from stdin, because you don’t want to use the tunnel from the command line
-N
means that you do not want to execute remote commands, just do port forwarding
-R
(as Reverse or Remote port forwarding) means that the connections are forwarded from the remote server to your local workstation, instead of port forwarding where the end that initiates the tunnel is also the one that initiates the communications across the tunnel.
- optionally, you can use a specific ssh key instead of the default ~/.ssh/id_rsa : -i ~/.ssh/id_rsa_2
Test
Listen on the destination port of the workstation :
netcat -l -p 8889
Send message from anywhere in the world :
echo “abc” | nc -v remoteserver 8888
You should receive “abc” in your workstation’s terminal.
Troubleshooting
If the message is not properly conveyed, the verbose option of the ssh client (-v) is of great use. You can also verify that everyone is listening as expected using netstat:
netstat -pln