blackMORE Ops Learn one trick a day ….
Following is a useful command to ssh to machine behind shared NAT network to get network. It assumes that you have an accessible jump host and physical console or drac/ilo/lom etc. access to run the command. Run the command on the host behind NAT then ssh connect to your jump host on port 2222. That connection to the jump host will be forwarded to the hidden machine.
Note: Some older versions of ssh do not acknowledge the bind address (0.0.0.0 in the example) and will only listen on the loopback address.
ssh -NR 0.0.0.0:2222:127.0.0.1:22 user@jump.host.com
More explanation: Reverse Port Forwarding
Reverse port forwarding is less used than forward port forwarding, but it also has its usefulness. It allows remote access to the local system, using a remote system accessible through ssh.
Example where the ssh client will listen on remote-system.domain port 2222 and forward all connections back through the ssh tunnel, out to localhost port 22 :
ssh -NR 0.0.0.0:2222:127.0.0.1:22 user@jump.host.com
This is a typical example where anyone connecting to remote-system.domain port 2222 will transparently be connecting to the system where the ssh client was executed. This can be very useful to enable temporary access to a local system behind NAT or a firewall by using one external system.
Note that if the 0.0.0.0: bind address is omitted, the command will listen on the remote localhost only. We use the 2222 port because it’s very likely the remote system already has its own ssh server listening on port 22.