#[Solved] Port forwarding shenanigans

M'kay. So. I have an extremely weird usecase for SSH right around here.

My friends play an overly techy minecraft modpack, and they have a server in their virtual LAN. The client for their virtual LAN is not available for Linux, and trying to forward a connection through a Windows VM would be... actually the same as what I want to do here, theory-wise.

So. I have a laptop with Linux, a server which can be accessed from the outer internet, and a friend who has OpenSSH on his Windows computer and is willing to do some magic.

Lets say I forward an SSH port from my laptop to my server, allowing inbound SSH access to the laptop by accessing my server's IP. What kind of shenanigans should my friend pull to pass TCP packets between their "server" and my server, utilizing OpenSSH? Preferably with as little configuration as possible on the friend's end.

wouldnt this be easier to use with something such as tailscale

just forward it to your tailnet and access it

it would, but i cba to connect ALL OF THEM, or their server, to my tailnet

from the laptop

?

i mean. that would require more than zero set up and also the tailscale download repo is sometimes not available in russia

only you would have to set it up on the laptop

which means they will probably not be able to install the tailscale client

i have tailscale, they dont

tailscale has a feature where you can forward ports on the local net to a tailnet

... its your laptop

yeah

so..?

whats the issue lol

and the minecraft server im trying to connect to is not in my tailnet or my lan

hold on imma draw this rq

this is the current state of the system

what i wanna do is this

i already can port forward arbitrary shit to outlander and back, all i need is a minimal-configuration way for friend 2 to forward a port from their server to outlander using openssh

why openssh? because windows 10 comes with it, so noone has to install it

why minimal config? because this will be reused with different independent groups of friends

its shrimple

absolutely it is, except

this. is my laptop

all devices in a tailnet can talk to one another

I FUCKING KNOW

THE POINT IS

THEY ARE NOT ON MY TAILNET

AND I CANT JOIN THEIR VIRTUAL LAN

...

so youre saying thickie isnt always a part of the tailnet or

im kinda confused here

im saying thickie is absolutely always a part of the tailnet

look closely at the image

yes i know

the minecraft server is not a part of the tailnet

your laptop will forward ports from the vlan into your tailnet

you said the laptop would have access to both the vlan and outside internet right

i never said that

indeed i did say the exact opposite, like three times by now, and explicitly specified it in the image

MY LAPTOP. CAN NOT. JOIN. THEIR FUCKING. VIRTUAL LAN.

oh wait i misunderstood

i thought you meant the laptop would be permenantly attached to the vlan

i have a friend who is willing to forward ports using openssh

my apologies

i would absolutely go this route if the vlan software of their choice wasn't proprietary windows-only piece of shit that cant be selfhosted or installed on linux

and getting a windows pc into my tailnet and setting up their vlan on there still leaves me with the issue of having to forward ports from the server to my laptop, which brings me back to the start of this conversation

how exactly do i do that

i suppose this is the simple way

that is exactly what i've shown here

glad we're on the same page now

oki

so i have no clue how to do port forwarding over ssh

but after that it should be simple to forward them into the tailnet

thanks for trying to help i guess, that is the one part that i have trouble with

/usr/lib/electron38/electron received a thank you cookie!

and sorry for yelling

i mean according to this it looks fairly simple

assuming ip addresses and the like are all static

actually yeah, you did help, reversing the forwarding direction should do

yippee

so from what i read on that article

what i've been trying to do previously is expose thickie to the outside and try to port forward to thickie, but exposing the minecraft server and just connecting to it should work better

basically once the ports are forwarded its as simple as exposing them to the tailnet

now i just gotta create a stub account on outlander that is only used for this, as my main account is using authkey only :D

yeah so after you forward it over ssh just do tailscale serve <lo forwarded addr> and it'll be up

i mean it shouldnt need sudo priveliges

wait

actually

as long as the port is not lower than 1024

you need sudo to connect/disconnect tailscale as well

hmm

outlander is always on the tailnet and it is always serving all of its ports

its my goddamn vps

its entire point is to serve

okie

its also conveniently the tailnet host, it runs headscale

so

that also kinda makes it a single point of failure

but eh itll be fine

not like this is an enterprise production deployment

yup, got the algo set up

thanks again

[Solved] Port forwarding shenanigans

why not just use your swrver as a proxy and redirect all incoming traffic on a specific port to their?

nvm. its solved. my bad

too much effort

anyway

ssh -R 0.0.0.0:targetport:serverhost:serverport user@vps

this worked (target port is the one i connect on, serverhost and serverport are the host and port of the minecraft server)