# how to get to PC behind the NAT

## jancici

HI

Is there any way how to get into PC behind NAT? 

Let's say that ssh is enough.

The PC is in community network and it is very complicated to forward any port from outside to that PC.

PC belong to my sister and she can run any scripts if necessary. 

thanks for help and tips

----------

## cach0rr0

if you cannot change NAT/port forwarding settings, your sister would need to first make an outbound connection to your machine via SSH, and from there you would use SSH tunnels

So, for example, she could start up sshd on her PC, open an ssh connection to your server, and make sure her ssh connection tunnels port 22 traffic on her PC, to say, port 22222 on your server. 

e.g.

```

ssh -L 22:localhost:22222 user@yourserver.yourdomain.sk

```

you could then logon to your server, and connect to her PC's sshd through the tunnel

```

ssh -p 22222 heraccount@localhost

```

hope that helps? SSH tunnels are really one of the only reliable ways to do this if you cannot change port forwarding settings.

----------

## Hu

That command looks backward.  As written, you direct ssh to bind port 22 on the client machine and forward it to port 22222 on the server.  Port 22 on the client is likely to be busy due to sshd, as well as being privileged.  I suspect you meant -R 22222:localhost:22, which will bind port 22222 on the server and forward any connections it receives to port 22 on the client machine.

----------

## cach0rr0

 *Hu wrote:*   

> That command looks backward.  As written, you direct ssh to bind port 22 on the client machine and forward it to port 22222 on the server.  Port 22 on the client is likely to be busy due to sshd, as well as being privileged.  I suspect you meant -R 22222:localhost:22, which will bind port 22222 on the server and forward any connections it receives to port 22 on the client machine.

 

probably. to be honest before i do this i always end up having to consult 'man ssh' to remember which is which. It was not convenient to consult the man pages before I posted unfortunately  :Smile: 

----------

## jancici

thanks, it is nicely working

a)

-R 22222:localhost:22 is correct  :Smile: 

b)

I did need to add new line into sshd_config at server : GatewayPorts yes

what about timeout for session from her PC to server?

----------

## cach0rr0

 *jancici wrote:*   

> 
> 
> what about timeout for session from her PC to server?

 

sending keepalives should do the trick

http://www.openssh.org/faq.html#2.12

----------

