![]() ![]() Now I can access my hello world app that is running on port 3000 locally as normal, or port 4000 via one tunnel to port 9000 on the pi and back through the other tunnel from the pi to my local machine. And then another one, exposing my local port 4000 to my remote pi on port 9000. A remote one exposing my localhost:3000 to 9000 on my remote pi. If you want to see some real voodoo take a look at this. ![]() ![]() Accessing my hello world app running on my local machine This will ssh into the pi as before but creates a reverse tunnel, meaning anyone browsing to the pi inside my home network on port 9000 will be accessing my machine on port 3000. Lets see it in action from my machine to home. They ssh into your server and you access it that way, this bypasses NAT, inbound firewall rules and tears down the moment they kill the ssh tunnel. They could be in a coffee shop, a friends house or another environment where they can't just open up ports so you can have a play with their latest hello world app they just built in node.js running on port 3000 Lets say you have a friend who wants to give you access to something in their network. These are awesome too, it's the same but in reverse, but lets have a use case for them so we know how they can be used. I think you get the gist by now that using ssh tunnels is pretty neat. What about accessing that webcam? Easy: Creating a SSH tunnel to my Webcam Accessing Pi-hole through the SSH Tunnel Lets access the pi-hole so I can unblock a false positive for the family: Creating a SSH tunnel to my ph-hole Accessing Pi-hole through the SSH Tunnel Accessing Synology NAS through the SSH Tunnel Now I browse to and a tunnel is created from port 9000 locally, through the tunnel where it then maps to inside my network. Ssh -L 9000:synology.localdomain:5000 Creating a SSH tunnel to my Synology NAS Device I find myself on a public wifi and I want to access it from there: Lets say I want to use this tunnel to connect to my synology NAS that is inside my home network which I usually access by typing synology.localdomain:5000 when I am in my house. These sweet things allow you to map a port on your local machine, the one you are sitting at, to anything inside your remote network at home. You want to be forwarding a port from your router to the internal IP address of your raspberry pi on port 22. ![]() Your router may have other dynamic DNS capabilities like dyndns built in though so you should check those out. I have used previously which will give you a nice name like which will point to the IP of your house. If possible it would be a good idea to setup somekind of dynamic DNS solution so you can access your home by name. Port forward port 22 from your firewall to your raspberry pi. PermitRootLogin no Configure the firewall #SSH TUNNEL RASPBERRY PI PASSWORD#Setting up sshįirst ensure your public keys are over on your server/pi by copying the contents of your ~/.ssh/id_rsa.pub file on your computer (mac in my case_ to the ~/.ssh/authorized_keys file on your pi.Ī super quick way to do this is use $ ssh-copy-id Ĭheck it works by ssh $ ssh if all works well without prompting for a password it's time to disable password authentication, this will prevent others accessing it by guessing your password/bruteforce or whatever. Note: I do have a VPN which is the primary entry point, but it's good to have another way in should VPN traffic be blocked by the network I am on or something goes wrong with the VPN software/certificates. Remote desktop my home computers (PC and MAC).Whitelist something that is blocked on the pi-hole that is affecting someone at home, such as a false positive.One thing I like to do is have ssh open so I can connect to it from anywhere and use it as an entry point into my network using tunnels to access devices that aren't open to the internet. Once you have a raspberry pi running in your home network that is always on you can put it to other uses. The speed, privacy and protection they provide is awesome. If there is one thing I would recommend to everyone who wants to improve their internet experience and protect their children online, it would be to setup a pi-hole. I was explaining to a collegue some uses of a raspberry pi and did just that. Essentially when you are helping someone with a problem, you think about how those keystrokes could be shared more widely to help others. I was listening to a podcast by Scott Hanselman that talked about not waisting your key strokes. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |