I'm setting up a Debian web server in my school that people need to be able to access outside of the school (i.e. website needs to be accessible from outside the local network).
The problem is, they don't have port 80 open (or really any port except 1723), and they aren't allowed to open it since the school board won't allow it.
My question is: is there any way to do this without port forwarding? I know port 1723 is for PPTP, so is there any way I could use that to make this possible?
I know I could just have the server outside the school and just have it be remotely accessed from everywhere, but the students on the schools WiFi get a very little amount of internet access since it's usually being used by the school's devices, but if they could access the server locally while they were on the school's WiFi then there wouldn't be that issue.
Answer
If you have another server elsewhere, you could use a ssh tunnel to hop across nat and the firewall:
+--------------------------------------------+ ||| +----------------------------------+
| Server at school | ||| | Server outside network |
| 10.2.3.100 | ||| | 1.2.3.4 |
| HTTPD on 80 |--SSH through fw--> | HTTPD 80 proxy -> localhost:81 |
| ssh -R 81:localhost:80 holepunch@1.2.3.4 | ||| | sshd |
| dns mywebsite.com -> 1.2.3.100 | ||| | dns mywebsite.com -> 1.2.3.4 |
+--------------------------------------------+ ||| +----------------------------------+
^ ^
| |
+--------------------------------------------+ +----------------------------------+
| Client at school looks up mywebsite.com | | Client outside school looks up |
| and connects directly to the server | | mywebsite.com and gets 1.2.3.4 |
+--------------------------------------------+ | which is either served from |
| proxy or forwarded over ssh |
+----------------------------------+
No comments:
Post a Comment