Connecting to a Remote Computer from your VPS

Tunneling with SSH

Today I had a need to connect my local VPS at my office to a VPS at DigitalOcean. Not only that, the DigitalOcean runs the service I wanted to connect to on a separate network. Here is an example of the network (the IPs are fake, of course):

Creating an SSH Tunnel between a VPS and Local Service on a Remote Computer

This graphic shows the connection I want to simulate which is the one in red with dashes. The red connection shows that there is an Internet connection.

The black lines show direct connections. In case of the VPS, I use a Bridged Network setup. This is very important if you want to be able to access your local VPS through your normal network and vice versa, if you want to give a chance to the VPS (Guest) to access the local computer (Host).

The Local Net is not on a separate computer in my case. It's just that it makes use of a separate network card to connect to other computers on that remote system.

This whole setup was actually dead easy, but I have to say that I did not find it without help (that is, I had to move quickly so I made sure to get the right info quickly). It's a single command. With the IPs as shown above, the command looks like this:

ssh -L 192.168.11.1:200:10.0.0.8:200 8.8.8.8

The line reads:

  • From 192.168.11.1 (Local Computer) Connect to Remote at IP 8.8.8.8 (you most often would have a domain name here)
  • Once connected, SSH creates a listener on 192.168.11.1 (Local Computer) with port 200
  • When someone connects to the listener, SSH proxies the data through the SSH tunnel and sends it to the service running on 10.0.0.8 with port 200

How to debug?

I used the nc tool to try a connection from my Local Computer first. That makes it easier to see whether it is possible to connect because if you add the VPS in the mix, you can't be sure where the problem lies. It looked like this:

nc 192.168.11.1 200

As we can see, I try to connect to port 200 on the machine with IP address 192.168.11.1. Yes. This is the Local Computer IP address. As I mentioned above, you'll connect to that and the SSH client takes care of proxying the data to the other side.

This should get you connected. If you see errors such as Timeout or Connection Refused, then there is a problem. Once that works, you can then try again, with the same command (same IP address), but from your VPS.

If you have a firewall, the SSH connection should work just fine assuming you have permission to connect to that computer with SSH. Everything else should not be affected by your firewall, but please verify that. For example, you may have a rule to block traffic from SSH, the tool (opposed to an IP address/interface).

The nc tool will not be very useful on most services (some will send you data like an FTP sends a message at the start). However, you should see a different behavior and no errors other than connection closed by remote host when you can connect properly. nc also lets you type strings and hit enter to send them to the remote host. Again, in most cases that will be useless. Yet some services expect text as input (i.e. services that accept REST requests in JSON, for example; even our snapcommunicator is a system using text to send messages between local and remote services.)

Source:

What do I need to create to an SSH tunnel to a local network service running on my remote host?

Snap! Websites
An Open Source CMS System in C++

Contact Us Directly