Tag Archives: firewall bypass

Quick and dirty NAT/Firewall bypass using SSH and ngrok

If you have a system that is behind a router/gateway/firewall device that you cannot poke holes in and you want to expose your system to the WAN, I recommend you check out ngrok. You can make a free account, download, and use the tool for free as well (with some limitations).

Once you have followed the simple instructions here, you can then put the ngrok executable into your $PATH (or %PATH%).  Provided if you have ssh listening on port 22 on your system that you’re trying to expose to the WAN, you can then simply run the following command: ngrok tcp 22. The output might look something like this:

Version 2.2.8
Region United States (us)
Web Interface http://127.0.0.1:4040
Forwarding tcp://0.tcp.ngrok.io:15551 -> localhost:22

Connections ttl opn rt1 rt5 p50 p90
0 0 0.00 0.00 0.00 0.0

The beautiful thing about this is that you can see forwarding location by logging into your ngrok.com account and going to status. So this means you could script ngrok (via rc.local, shell:startup, crontab, etc…) to connect out on a regular basis and find the new forwarding location by going to your status page on ngrok.com. The port from my experience is dynamic and changes, but interestingly enough you have to remember to be careful, I was able to find other ssh servers and open ports by scanning  port ranges on 0.tcp.ngrok.io.

Want to access the internal network using a browser? No problem! In this instance you would simply do: ssh -D 8000 username@0.tcp.ngrok.io -p 15551 and then set your browser to use your socks5 proxy on 127.0.0.1 8000.

There are other similar services like like portmap.io and openport.io, but so far I like ngrok the best.