# Complex port forwarding problem

## Gunnay

Hello, 

A friend and I have a problem concerning port forwarding.

His Windows computer is connected to the internet through a VPN and a proxy. What we intend to do is redirect some connections to specific services (games) on a single opened port, then through my own computer and then to the game server.

Here is a diagram to represent data flows.

http://img200.imageshack.us/img200/797/dessin1p.jpg

Is it possible to do this? If it is, can you suggest us some programs or things to consider for programming to build this architecture.

Thanks for your attention.

----------

## Moriah

Why doesn't he just ssh thru both his firewall and proxy and connect directly to your machine, mapping the desired port in the process?

```

ssh -L <port#>:game.server.com:<port#> hisuname@your.server.com

```

This command should connect him to your machine, and map his port <port#> to that same port number on the game server.  Wouldn't this do the trick?

----------

## Hu

 *Moriah wrote:*   

> Wouldn't this do the trick?

 If the game is based on UDP, then no.  As far as I can tell, ssh can only forward TCP ports via -L/-R.  An ssh-based ad-hoc VPN could forward arbitrary traffic, but I think that would require net-misc/openssh on both ends.  Use of Windows makes that difficult.

----------

## Moriah

The addition of cygwin to window makes it easy.    :Cool: 

----------

## Gunnay

Well, the main problem is I don't know if data passed through an only port of the vpn would be able to be correctly redirected when received by my computer. This (these in the best case) game(s) requires a lot of port to be open.

For example, if he wants to send data on two different ports, do my computer recognize the destination ports, even if every data received by my computer comes from an only port?

Possible or not, I thank you for the responses you have given to me   :Very Happy: 

----------

## devilheart

That diagram is not really clear. It seems that to reach the proxy you have to go through the internet. Could you clarify your network topology?

----------

## Gunnay

Indeed, my computer has to act as the proxy which redirect data from my friend's computer. The only way for him to reach my computer (==proxy) is passing through the internet (via tunneling).

I hope I clarify a bit the situation.

----------

## Moriah

If you need lots of ports, use openvpn over an ssh tunnel thru his VPN.

----------

## Gunnay

Going to check it.

----------

## Moriah

Openvnc runs on Linux and win doze, so it should bea good fit.    :Cool: 

----------

## Hu

 *Moriah wrote:*   

> The addition of cygwin to window makes it easy.   

 The VPN support in net-misc/openssh uses the TUN/TAP support in the Linux kernel.  Porting the openssh program to Windows is not sufficient to enable a Windows user to use the ad hoc ssh VPN mode.

----------

## Moriah

No, its not, but I was only referring to using the cygwin port of openssh to map a single port, which was before he siad they needed a numbe rof ports.

However, using ssh to map port 1194 -- the port openvpn uses -- would allow openvpn to tunnel thru the other vpn and connect to the linux machine in question, which could then forward those ports wherever they needed to go.

This approach ought to be workable on both linux and windoze machines, since the cygwin port of openssh works well enough to map a single port, and openvpn works well on both systems.    :Cool: 

----------

