Connect two clients behind NAT

原贴:http://cb.vu/unixtoolbox.xhtml

Connect two clients behind NAT

Suppose two clients are behind a NAT gateway and client cliadmin has to connect to client cliuser (the destination), both can login to the gate with ssh and are running Linux with sshd. You don't need root access anywhere as long as the ports on gate are above 1024. We use 2022 on gate. Also since the gate is used locally, the option GatewayPorts is not necessary.
On client cliuser (from destination to gate):

# ssh -R 2022:localhost:22 user@gate            # forwards client 22 to gate:2022

On client cliadmin (from host to gate):

# ssh -L 3022:localhost:2022 admin@gate         # forwards client 3022 to gate:2022

Now the admin can connect directly to the client cliuser with:

# ssh -p 3022 admin@localhost                   # local:3022 -> gate:2022 -> client:22