How to bypass corporate firewall with reverse ssh port forwarding - ilya-khadykin/notes-outdated GitHub Wiki

• RDP port - 3389
• Machine behind corporate firewall (you want to connect to it)
• Home machine

Be able to connect to corporate machine via RDP behind corporate firewall from the Internet

1. Set up a VPS with ssh daemon listening on port 443 and 'GatewayPorts' option set to 'yes' (GatewayPorts yes) in /etc/ssh/sshd_config GatewayPorts allows connection to ports from the Internet

2. Connect to prepared VPS from the machine which is located behind firewall or HTTP proxy by creating the following ssh tunnel:
   ssh -R 0.0.0.0:3389:localhost:3389 46.101.x.x
   (46.101.x.x - VPS; 3389 forwarded port from local machine (RDP))
   46.101.x.x should be a static IP accessible from the Internet

3. On your home machine forward any local port (say '5555') to 46.101.x.x:3389 and connect to VPS via ssh. After successful connection to VPS you can connect to 127.0.0.1:5555 using RDP and all traffic will be redirected to corporate machine bypassing corporate firewall through established ssh tunnel.

You can use an existing HTTP proxy to connect to your VPS via ssh (ssh daemon should listen on port 443 for this option)

It's essential to automate the following:

• establishing connection to VPS via ssh when machine restarts and reconnect to it in case of any issues
• keeping VPS up to date and alive