Firewall traversal using SSH

From VuzeWiki
Jump to: navigation, search

Firewall Traversal Using SSH[edit]

There is a method of getting around the "NAT issue" with TCP incoming connections, by using ssh.

If you have access to an OpenSSH server (can be anywhere on the net) that has (or you can talk the admin into turning on) ~GatewayPorts, then you can redirect 6881 inbound to your Azureus client. This should work even if you're NATing your own network, or behind a denyall fireway and forced to use a SOCKS server. Should also work on all platforms.

When setting up your SSH connection to the server, you want to setup "remote port forwarding"; in openssh that's the -R flag: example: ssh -R 6881:localhost:6881

If you're using a windows box, a few things to note:

  • Windows doesn't seem to include when binding to So in Azureus' Options, set the Bind port to I haven't tested in Linux, but this shouldn't be a problem.

To configure the client:

  • in the Options panel, under transfer, allow multiple connections from same IP, as all inbound connections appear to come from to the client
  • in Options, Connection, Override Options, configure the IP/port you will be useing on your SSH sever

Some things to note about SecureCRT:

  • if you're trying to use SecureCRT, I recommend installing cygwin, and use OpenSSH instead. SecureCRT seems to die after so many inbound connections are opened.

If you're going to use secureCRT anyway, you will need to open up the inbound filter. By default, remote connections are only allowed from the remote's loopback IP. You will need to modify your profile .ini file to allow all IPs; ",0"

Read the Azureus FAQ