Firewall – Access internal server from Internet without modifying firewall

firewalltunnelingvpn

I have a server on an internal network that publishes web pages. I need access to these web pages from random clients on the Internet. The problem is that I don't have control of the firewall this server is behind. On the other hand, I do have access to a public server on an entirely different network. (OSes are flexible: I have access to both Windows and Linux servers on both sides.)

Here's what I'm sort of looking to do:

Is this possible?

That is:

Client hits a port on my public server.
That port is forwarded (tunneled?) to the internal network.
Web page is served back to the client.

SSH tunneling doesn't seem quite right. Would a site-to-site VPN could do the trick? Is there a simpler option?

Best Answer

@embodo: SSH tunneling seems to rely on an SSH client forwarding a port to a remote server via SSH, but in my case there is no route through the firewall to the internal server (by SSH or whatever else). Feel free to show me how it might be done, of course!

OK, I'll make this an answer then. I assume the internal server you control (ISIC) is allowed outbound ssh to the public server you control (PSIC). From ISIC ssh to PSIC like so:

root@ISIC # ssh -R '*:80:localhost:80' PSIC

This causes ssh to listen on port 80 of PSIC because of *:80 and then forward that to port 80 on ISIC because of localhost:80. It functions exactly like X forwarding.

Best Answer

Related Solutions

Lightweight reverse tunnel

Ssh – Exposing a WebServer behind a firewall without Port Forwarding

Related Topic