wwwqr-000 · February 27, 2025 20:42
diff --git a/simple_tunnel.txt b/simple_tunnel.txt
 #First we create a new ssh user for our tunnel. In this example we will create a tunnel so a minecraft player can only access-
 #our server using the tunnel connection.

 #On vps (linux) as root user:

 adduser mc_user
 groupadd ssh_tunnel
 usermod -aG ssh_tunnel mc_user

 #Now edit the /etc/ssh/sshd_config file with an editor:

 nano /etc/ssh/sshd_config

 #Add the following lines at the bottom of the file:
 #PUBLIC_IP_OF_VPS is the public IP address of the vps you are currently editing the file in (You could also use it's DNS)

 #If you are planning on using a public-port blocked setup with ufw, and you connect to the inner port of the server, use localhost:25565 to connect to the server service as a client!

 Match User mc_user
 	AllowTcpForwarding yes
 	PermitOpen "PUBLIC_IP_OF_VPS:25565"
 	X11Forwarding no
 	AllowAgentForwarding no
 	PermitTunnel no
 	ForceCommand echo 'Welcome minecraft player! You can connect to the minecraft server by using IP: localhost' && sleep infinity

 #Save the file and run the following command:

 systemctl restart ssh

 #To make the tunnel useful, you should install ufw:

 apt-get update
 apt-get install ufw
 ufw allow ssh
 ufw deny 25565
 ufw enable

 #This will disable the public access to port 25565, but by using the tunnel we created, you could access it as long as you keep-
 #the ssh connection alive by using the following command on a client machine:

 ssh -L 25565:example.com:25565 mc_user@example.com

 #This will create a tunnel, so the client can access the service of the vps (on port 25565) on his own local-ip.
 #localhost:25565 -> example.com:25565 (Still without example.com:25565 port publicly open)



 #There also is a thing called reverse tunnel. With this tunnel type you can host a local process on a extern server.

 #To do this, you have to add the following to the /etc/ssh/sshd_config file:


 Match User mc_server
 	AllowTcpForwarding yes
 	PermitOpen "PUBLIC_SERVER_IP_SELF:25565"
 	X11Forwarding no
 	AllowAgentForwarding no
 	GatewayPorts yes
 	PermitTunnel no
 	ForceCommand clear && sleep 1 && echo 'Tunnel successfully created' && echo 'keep this window open to keep the tunnel open' && sleep infinity

 #Also change the mc_client inner config to deny GatewayPorts
 #restart ssh to update the config

 systemctl restart ssh

 #Save the file and create the user mc_server:

 adduser mc_server
 usermod -aG ssh_tunnel mc_server

 When you run this ssh command from your local server:

 ssh -R localhost:25565:localhost:25565 mc_server@example.com

 The service on port 25565 of your local server will run on the public external server on port 25565
	#First we create a new ssh user for our tunnel. In this example we will create a tunnel so a minecraft player can only access-
	#our server using the tunnel connection.

	#On vps (linux) as root user:

	adduser mc_user
	groupadd ssh_tunnel
	usermod -aG ssh_tunnel mc_user

	#Now edit the /etc/ssh/sshd_config file with an editor:

	nano /etc/ssh/sshd_config

	#Add the following lines at the bottom of the file:
	#PUBLIC_IP_OF_VPS is the public IP address of the vps you are currently editing the file in (You could also use it's DNS)

	#If you are planning on using a public-port blocked setup with ufw, and you connect to the inner port of the server, use localhost:25565 to connect to the server service as a client!

	Match User mc_user
	AllowTcpForwarding yes
	PermitOpen "PUBLIC_IP_OF_VPS:25565"
	X11Forwarding no
	AllowAgentForwarding no
	PermitTunnel no
	ForceCommand echo 'Welcome minecraft player! You can connect to the minecraft server by using IP: localhost' && sleep infinity

	#Save the file and run the following command:

	systemctl restart ssh

	#To make the tunnel useful, you should install ufw:

	apt-get update
	apt-get install ufw
	ufw allow ssh
	ufw deny 25565
	ufw enable

	#This will disable the public access to port 25565, but by using the tunnel we created, you could access it as long as you keep-
	#the ssh connection alive by using the following command on a client machine:

	ssh -L 25565:example.com:25565 mc_user@example.com

	#This will create a tunnel, so the client can access the service of the vps (on port 25565) on his own local-ip.
	#localhost:25565 -> example.com:25565 (Still without example.com:25565 port publicly open)



	#There also is a thing called reverse tunnel. With this tunnel type you can host a local process on a extern server.

	#To do this, you have to add the following to the /etc/ssh/sshd_config file:


	Match User mc_server
	AllowTcpForwarding yes
	PermitOpen "PUBLIC_SERVER_IP_SELF:25565"
	X11Forwarding no
	AllowAgentForwarding no
	GatewayPorts yes
	PermitTunnel no
	ForceCommand clear && sleep 1 && echo 'Tunnel successfully created' && echo 'keep this window open to keep the tunnel open' && sleep infinity

	#Also change the mc_client inner config to deny GatewayPorts
	#restart ssh to update the config

	systemctl restart ssh

	#Save the file and create the user mc_server:

	adduser mc_server
	usermod -aG ssh_tunnel mc_server

	When you run this ssh command from your local server:

	ssh -R localhost:25565:localhost:25565 mc_server@example.com

	The service on port 25565 of your local server will run on the public external server on port 25565
No results found