0

Setup

At home, I have a little Raspberry Pi 3 that runs services that are exposed to the internet. For example, it is running a HTTP server. I will call this server raspberry. I can manage raspberry remotely via SSH: I have opened port 22 on my router at home and therefore traffic to my public IP for this port is forwarded to raspberry. So far so good.

raspberry's architecture is arm64 and it runs FreeBSD which makes it impossible (apparently, I tried hacking around, but no dice) for me to run a game server (UrbanTerror 4.3) on it.

I also have another machine, which is a ThinkPad (later on: thinkpad) running OpenBSD and it has an amd64 architecture, which does in fact allow me to run the desired server. From thinkpad, I can access raspberry by using SSH.

Question

I am currently not at home, but on a different network, actually abroad. I have an irresistible urge to host my server now, but I couldn't manage to do it on raspberry, as I said.

Would it be somehow possible to run the server on thinkpad and tunnel all traffic through raspberry (since I can expose that to the internet, whereas here, abroad, I do not have administrator rights to the router)?

Essentially, what I want is to run the server on thinkpad as if I were running it on raspberry in terms of networking. That is the server would appear in server browsers and players would be able to connect: the traffic would arrive at raspberry through port eg 27900 and it would be sent over the internet via SSH to thinkpad.

PS I realize this would probably result in poor performance due to relaying the traffic through SSH but I would still like to try.

Thank you in advance and sorry for the long post!

EDIT 2018-12-14: Here is what I have already tried

So I need a reverse SSH tunnel for this. I created a tunnel from thinkpad like so

ssh -N -R :27960:localhost:27960 <raspberry's public IP>

The tunnel is created successfully. I checked with netstat on raspberry and it is indeed listening on *:27960 (but TCP; is this a problem? UrbanTerror, like other games, uses UDP). Now I launched the server on thinkpad and again, with netstat, I saw that it's listening on *:27960 (UDP).

I tried opening an UrbanTerror client on thinkpad and connecting to <raspberry's IP>, but it didn't work. To debug, I tried the same while running

tcpdump -n -e -ttt -i ue0 | grep 27960

on raspberry. When I attempted joining my server through raspberry from UrbanTerror, the following appeared in the dump:

188.112.111.89.27961 > 192.168.0.33.27960: UDP, length 16
192.168.0.33 > 188.112.111.89: ICMP 192.168.0.33 udp port 27960 unreachable

(I stripped the output for brevity)

188.112.111.89 is the current public IP of thinkpad and 192.168.0.33 is of course raspberry. Why is port 27960 unreachable? Clearly, according to netstat, thinkpad is listening on that port.

Just to test connectivity, I tried running nc -l 27960 on thinkpad and nc localhost 27960 on raspberry: I could communicate in both directions w/o problems.

I think it's also worth mentioning that I have OpenBSD's pf packet filter running on both machines but I have disabled it for troubleshooting.

Improve this question
3
  • What have you tried so far? Does "remote port forwarding" ring a bell? Have you read man ssh? In this question the setup is similar (translation: "Plex" -> "thinkpad"; "remote server" -> "raspberry").
    – Kamil Maciorowski
    Commented Dec 13, 2018 at 19:14
  • 1
    Yes, you can do that. Keywords are "ssh" and "tunnel" (unsurprisingly). Both the man page and the web have lots of details. If you can't set it up, edit your question with what you've tried, and what doesn't work.
    – dirkt
    Commented Dec 13, 2018 at 19:33
  • @dirkt I have updated my question as you asked.
    – bp99
    Commented Dec 14, 2018 at 12:30

2 Answers 2

Reset to default
1

There are several ways you can do this. Easiest is to temporarily create ssh tunnel to router web interface via raspberry. Open UDP on router to thinkpad (UrbanTerror server only uses UDP and default port is 27960). After that, players would be able to connect to your public IP.

If you don't want to open another port on router. Each players will have to have access to SSH to your raspberry and make SSH port forwarding tunnel via TCP port 22 and perform UDP to TCP relay on their machine. You can do this with socat:

Raspberry side: socat tcp4-listen:27900,reuseaddr,fork UDP:`thinkpad`:27960

Players side: socat -T15 udp4-recvfrom:27960,reuseaddr,fork tcp:localhost:27900
Improve this answer
1
  • Sorry, either I wasn't clear enough or you have missed something. I cannot open the port to thinkpad as that box is not even on my home network. I am not sure about the second solution you provided, I would like everybody to be able to connect, without having the need to SSH.
    – bp99
    Commented Dec 14, 2018 at 12:13
0

If I understood you correctly, you and your thinkpad are abroad, the raspberry is at home, and you can remotely configure your router at home to open new ports on the raspberry.

TCP vs UDP makes a big difference, because ssh can only tunnel TCP. So you additionally need to convert between those.

The latency in the complete setup will be very noticeable.

You need to

1) Configure your router at home to forward UDP port 27960 to the raspberry.

2) On the raspberry, convert with socat between UDP and TCP, the latter say on port 27900.

3) Create a ssh tunnel from the thinkpad to the raspberry; the direction will depend on the socat commands. Say, port 27900 on both sides.

4) On the thinkpad, use socat again to convert between TCP 27900 and UDP 27960.

IIRC you have to be a bit careful which of the UDP variants to use with socat so it works in both directions. I'd need to test this, but I don't have the time right now, so I can't give you concrete commands right now. You also have to set it up on the correct order, so that the "listening" services are started first, before they get a connection from the other steps.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .