![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 34%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
46,186 questions
NAT located on the computer that i want to manage. So NAT rules only say i block and drop all inbound package but outbound still goes out. Therefore remote computer throught relay server (public ip and allowed incomming rule for manage ssh tunnel) able to connect to remote host.
So it is a Windows computer so please not send me linux commands. And it is a Home computer but the relay server is an EC2 Amazon linux server. Problame with this only that this plan allow limited network resources and what is more important the bandwith limit is so little. Only command base management without GUI has worth.
And the above command can be modify to do that:
ssh -fN -R 100.100.100.1:12345:localhost:22 ******@18.45.23.XX -P 4567
So if we interpret this it say: forward from 100.100.100.1:12345 to localhost:22 (that is the relay server internal or Nat network's address) by authentication data of relay server on 4567 ssh port (conenctions started from HOST not from client where we want to conenct back to tunnel other End-point. ).
And when we initialize the ssh connection from remote client we will call the 18.45.23.XX where gatway will forward to internal 100.100.100.1 that is return back to Host ssh tunel original end.
If we want to wrap some protocol inside the SSH tunel we also need an Loopback adapter on HOST. Tested with SMB. Connection encrypted all the way of route. The protection only depends from private key complexity, so from the key managment. Even if the network is attacked the enscripted data stay enscripted if you not cashed that sensitive information or laked wherewith able the attacker to descript anything.