Etherarp
Etherarp

Networking, Security, Linux

Share


Reverse Port Forwarding with Bash

I had wondered for a while how SSH reverse port forwarding works. RPF allows you to publish any reachable port upstream to a server. This allows you to act as a server without having to open any external ports.

Rohan MolloyRohan Molloy

I had wondered for a while how SSH reverse port forwarding works. RPF allows you to publish any reachable port upstream to a server. This allows you to act as a server without having to open any external ports.

Setting up the listener

### Define the ports
listen='10.0.0.1 8080'
connect=2222

### Create a FIFO (named pipe)
fifo=$(mktemp -u)
mkfifo $fifo

### Start the listener
ncat -l $listen 0<$fifo | ncat -l 127.0.0.1 $connect >$fifo 

Target connects to '10.0.0.1:8080' and
publishes local SSH to the upstream server

exec 3<>/dev/tcp/localhost/22 && exec 4<>/dev/tcp/10.0.0.1/8080 && \
  bash <(cat 0<&3 1>&4 & ) && cat 0<&4 1>&3

SSH is now reachable on the listener

ssh localhost -p 2222

Host 'localhost' is not in the trusted hosts file.
(ssh-rsa fingerprint [snip])
Do you want to continue connecting? (y/n) 

Reference:
https://www.frameloss.org/2013/12/14/wicked-cool-reverse-proxy-with-bash-and-netcat/

Author

Rohan Molloy

View Comments