Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How to share local server port under NAT with my vps
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How to share local server port under NAT with my vps

Hello,

I have home server under NAT. It's GNU/Linux machine. It's running app that open tcp port locally, but this app request external ip. I want to use my vps to share it IP to network. Something like tunneling/raw proxy, but there are some difficulties.

I think it's can be done with "ssh -R 0.0.0.0:7777:1.1.1.1:17777 [email protected]" where is 1.1.1.1 vps ipv4. If I'm right with this command. But I'm not sure that this tunnel will be stable. Also I want only to connect to vps through it ip4v (1.1.1.1) address, but bind my app to vps ipv6 address.

How can this be archived?

p.s. In other words I can't run this app on vps, because it request a lot of space and memory, but I want to share ipv6 of my vps with my home server.

Thanks

Comments

  • @Milon said:
    Hello,

    I have home server under NAT. It's GNU/Linux machine. It's running app that open tcp port locally, but this app request external ip. I want to use my vps to share it IP to network. Something like tunneling/raw proxy, but there are some difficulties.

    I think it's can be done with "ssh -R 0.0.0.0:7777:1.1.1.1:17777 [email protected]" where is 1.1.1.1 vps ipv4. If I'm right with this command. But I'm not sure that this tunnel will be stable. Also I want only to connect to vps through it ip4v (1.1.1.1) address, but bind my app to vps ipv6 address.

    How can this be archived?

    p.s. In other words I can't run this app on vps, because it request a lot of space and memory, but I want to share ipv6 of my vps with my home server.

    Thanks

    Connect your home server with VPS using wireguard.

  • MilonMilon Member
    edited November 2020

    Connect your home server with VPS using wireguard.

    If I will what next to do to bind localPost:7777 to vps_ipv6:7777 port?
    ps. If I correctly understand than wireguard will redirect all my home server traffic to vps? I would like to avoid this. Only this APP traffic

  • @Milon said:
    Hello,

    I have home server under NAT. It's GNU/Linux machine. It's running app that open tcp port locally, but this app request external ip. I want to use my vps to share it IP to network. Something like tunneling/raw proxy, but there are some difficulties.

    I think it's can be done with "ssh -R 0.0.0.0:7777:1.1.1.1:17777 [email protected]" where is 1.1.1.1 vps ipv4. If I'm right with this command. But I'm not sure that this tunnel will be stable. Also I want only to connect to vps through it ip4v (1.1.1.1) address, but bind my app to vps ipv6 address.

    How can this be archived?

    p.s. In other words I can't run this app on vps, because it request a lot of space and memory, but I want to share ipv6 of my vps with my home server.

    Thanks

    how much ram or memory this app required?
    if vps not sufficient then buy dedicated servers.

  • yoursunnyyoursunny Member, IPv6 Advocate
    edited November 2020

    @Milon said:
    I think it's can be done with "ssh -R 0.0.0.0:7777:1.1.1.1:17777 [email protected]" where is 1.1.1.1 vps ipv4. If I'm right with this command. But I'm not sure that this tunnel will be stable. Also I want only to connect to vps through it ip4v (1.1.1.1) address, but bind my app to vps ipv6 address.

    On the SSH server, edit sshd_config and restart the SSH server:

    sudo vi /etc/ssh/sshd_config
      GatewayPorts clientspecified
    
    # see `man sshd_config` for explanation
    
    sudo systemctl restart ssh
    

    Then, the SSH client command should be:

    ssh -R [2001:db8::1]:7777:127.0.0.1:7777 [email protected]
    

    Note that the -R parameter differs in two places from what you wrote:

    • The first part should be the IPv6 address you want to listen on. You may use [::] to listen on all IPv6 addresses. If you want to also listen on IPv4, you can write another -R parameter with the IPv4 address.
    • The third part should be the local address. It may be either IPv4 or IPv6, and does not have to be the same as first part.

    You probably want to run this command through systemd or pm2, so that it can automatically restart after the connection drops.

    Aside 1: when you write example IP addresses, use an address from a prefix reserved for documentation, not a live address assigned to someone else. See RFC 3849 and RFC 5737.

    Aside 2: for one-time interactive debugging, ngrok is an easier choice.

    Thanked by 1Milon
  • MilonMilon Member
    edited November 2020

    @yoursunny thanks for your explanation! So "ssh -R is the best solution? No reason to search for something else?

    asides also noted.

  • yoursunnyyoursunny Member, IPv6 Advocate

    ssh -R is easy to setup and uses only built-in software.
    Its drawback is that it runs TCP over TCP. When congestion / packet loss occurs between SSH client and SSH server, both outer TCP (the SSH tunnel) and inner TCP (the forwarded service) would react, causing even more congestion.

    VPN based solution is more complicated to setup.
    If the VPN does not run over TCP, you can avoid the above drawback.

    Thanked by 1Milon
  • @yoursunny Thanks for another explanation. I also through about docker container for app. Then it seems it will be possible to setup VPN (wireguard) tunnel as suggested above at the same docker container and only redirect app traffic this way.

Sign In or Register to comment.