You are not logged in.

#1 2020-11-18 19:02:33

Yann
Member
Registered: 2017-11-23
Posts: 235

[SOLVED] Communication between machines behind NATs

Hi everyone,

I would like to be able to run a command on a machine from another one, vice versa, this through any internet connection. I don't think I can do that with ssh as the public router needs to be configured to access the desired machine (private IP), right?

My idea was that every machine at every internet connection sends its private and public IP to one of my server (public). Then every time a machine needs to talk to another it can find the exact address of the other machine by asking the between server. Is it a good idea ? If so, what protocol or program should I use to be able to access a machine behind a router?

Thanks for your time.

Last edited by Yann (2020-11-22 16:45:47)


all different - all equal

Offline

#2 2020-11-18 19:06:07

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,595
Website

Re: [SOLVED] Communication between machines behind NATs

You need to forward the ssh port on the router to the target machine (public IP --> private IP on port of your choosing).  This is done in the router.  See the sshd wiki.


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#3 2020-11-18 19:09:40

Yann
Member
Registered: 2017-11-23
Posts: 235

Re: [SOLVED] Communication between machines behind NATs

Hi graysky. I think you did not read well my question.
I can not configure all the public routers that I don't own ..

Last edited by Yann (2020-11-18 22:02:23)


all different - all equal

Offline

#4 2020-11-18 19:19:12

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,595
Website

Re: [SOLVED] Communication between machines behind NATs

Do you have the ability to configure one of the two routers?  I have used ssh tunneling in the past when I could not configure one of the two.  So long as you can make a connection, in principal, you should have the ability to control the other machine.


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#5 2020-11-18 19:20:06

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: [SOLVED] Communication between machines behind NATs

You want a dynamic dns service - there are a wide range of free options available.  But if you'd really like to run your own on your public server, you can do that to.  Just google "run my own dynamic dns server".

@Graysky, he's asking how to make that connection: the OP specifically said through "any" internet connection.  Presumably at least one of the machines are moving around regularly.  So some sort of dynamic DNS would ne needed.

Last edited by Trilby (2020-11-18 19:21:35)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#6 2020-11-18 19:24:13

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,595
Website

Re: [SOLVED] Communication between machines behind NATs

@trilby - I agree that DDNS a needed component.  If one of the two machines resides behind a router on which the OP cannot configure port forwarding, the tunneling option (out from that machine) would be needed, no?


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#7 2020-11-18 19:32:23

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: [SOLVED] Communication between machines behind NATs

It might be, it might not be.  I suppose if the OP has a public server, setting up tunneling on every machine could be an alternative to DDNS.  So every client would just connect to the same public server, using different port numbers for different final-destinations.  But DDNS seems much simpler.

Last edited by Trilby (2020-11-18 19:33:58)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#8 2020-11-18 19:44:40

GeorgeJP
Member
From: Czech Republic
Registered: 2020-01-28
Posts: 185

Re: [SOLVED] Communication between machines behind NATs

What about WireGuard VPN?

Online

#9 2020-11-18 19:56:14

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,595
Website

Re: [SOLVED] Communication between machines behind NATs

@geroge - Any vpn (ssh tunneling or a real one like WG) will require a forwarded port.


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#10 2020-11-18 20:09:06

GeorgeJP
Member
From: Czech Republic
Registered: 2020-01-28
Posts: 185

Re: [SOLVED] Communication between machines behind NATs

graysky wrote:

@geroge - Any vpn (ssh tunneling or a real one like WG) will require a forwarded port.

Not necessarily ...

My setup:
At home Ubiquity EdgeRouter with Wireguard package (EdgeOS is Debian/Vyatta based) with public static IP.
Two notebooks with Wireguard client (one Win10, one ArchLinux)
Both connecting from different places via public internet access (behind NAT).
I can access all my computers at home from both NB and I can access NB1 from NB2 and vice versa via ssh, rdp...

Online

#11 2020-11-18 20:36:06

seth
Member
Registered: 2012-09-03
Posts: 49,971

Online

#12 2020-11-18 20:39:41

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 1,932
Website

Re: [SOLVED] Communication between machines behind NATs

Yann wrote:

Hi everyone,

I would like to be able to run a command on a machine from another one, vice versa, this through any internet connection.
[...]
My idea was that every machine at every internet connection sends its private and public IP to one of my server (public).

If you have a server, just setup a VPN with either OpenVPN or WireGuard.
Use that VPN to connect between the machines.

Offline

#13 2020-11-18 20:44:13

GeorgeJP
Member
From: Czech Republic
Registered: 2020-01-28
Posts: 185

Re: [SOLVED] Communication between machines behind NATs

This work great, if you know endpoint address.

Online

#14 2020-11-18 20:46:40

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 1,932
Website

Re: [SOLVED] Communication between machines behind NATs

GeorgeJP wrote:

This work great, if you know endpoint address.

That's what DDNS is for. But probably there's not need for this here, since OP implied that they have a several servers  at hand.

Last edited by schard (2020-11-18 20:48:09)

Offline

#15 2020-11-18 21:16:00

GeorgeJP
Member
From: Czech Republic
Registered: 2020-01-28
Posts: 185

Re: [SOLVED] Communication between machines behind NATs

Give me the place to stand, and I shall move the earth. (Archimedes)

If you have public static IP, you can move Earth without DDNS :-)

Online

#16 2020-11-19 12:38:27

Yann
Member
Registered: 2017-11-23
Posts: 235

Re: [SOLVED] Communication between machines behind NATs

Thanks for all the answers.

I don't get the DDNS solution. DDNS seems interesting when I want to access one specific router and the machines behind in my physical home. Do I miss something ?

I am looking for a wilder solution. I have 2 machines, both can move and connect to any wild internet router (anywhere with any physical protocol). How can they communicate to each other if they are both connected to a new router (unknown to me so far) ?

I can use a static server. My idea was to send, at every new internet connexion, the public and private IPs of the machine to the static server. Then, every time I want to access one machine to another, I ask the static server and communicate to the other machine thanks to its IP address.  However, ssh can not connect that way at it can not handle the private IP, right ?

I think you were talking about a way to do that anyway by specifying from the machine to the static server the way to answer (with port specification), is it ?

Why ssh can not permit to connect with the public and private IPs address?
Do you think ssh is the best way to communicate simple punctual commands and I should use it anyway ?

What does OP mean ?

Thanks for your time.


all different - all equal

Offline

#17 2020-11-19 13:25:06

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: [SOLVED] Communication between machines behind NATs

As I read you last post I gather I was wrong in my initial assessment.  DDNS may not solve the problem you are working on.  But it is the closest match for what you actually asked for:

Yann wrote:

DDNS seems interesting when I want to access one specific router and the machines behind in my physical home...
I am looking for a wilder solution. I have 2 machines, both can move and connect to any wild internet router (anywhere with any physical protocol). How can they communicate to each other if they are both connected to a new router (unknown to me so far) ?

This is precisely the problem DDNS solves as is the implementation of exactly what you suggested in your first post: each time each computer connects - regardless of where and how they connect - they update the DDNS server with their current IP address, so whatever name (subdomain) has been assigned to them will then point to their current IP.

Yann wrote:

I can use a static server. My idea was to send, at every new internet connexion, the public and private IPs of the machine to the static server.

This is the part that a DDNS service does for you - it automates all this and provides names to each of the servers, so you can always address computer 1 as bob.domain.tld and computer 2 as jane.domain.tld.  No matter where they connect from, the IP address pointed to by bob and jane gets updated when they connect.  Except for the fact that you can drop the idea of a private IP address.  The public address is all you need to care about.

But here is the real problem:

Yann wrote:

However, ssh can not connect that way at it can not handle the private IP, right ?

This isn't a limitation of ssh, it's a limitation of private IP addresses: they don't mean anything (or they mean something else) on an outside network.  So just use the public IP.

If you are behind a router that prevents outside connections, then it wouldn't really matter whether or not you had IP addresses: then you would have to use something like ssh tunneling (or maybe vpn, I don't have much experience with vpn).

Yann wrote:

Why ssh can not permit to connect with the public and private IPs address?

It can connect to public IP addresses.  That's what it does.  As for private, they are meaningless on the wider internet.

Unless you mean you get the public IP of the router, and the private IP of the machine in the local network provided by that router.  These could only be used if you had ssh access to the router: you'd ssh to the public address of the router, then from there you'd ssh again to the private address of the target machine.  But if you don't control the router, you certainly will not have ssh access to it.  And if you did control the router, you'd still not likely do this: you'd either get the target machine a public address or just set up port forwarding on the router so you could ssh directly to the target machine.

Yann wrote:

Do you think ssh is the best way to communicate simple punctual commands and I should use it anyway?

What do you mean by "simple punctual commands"?

Yann wrote:

What does OP mean?

Original Poster, or the person who asked the question that started a thread.  In this case, you.

Last edited by Trilby (2020-11-19 13:40:56)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#18 2020-11-19 14:52:42

Yann
Member
Registered: 2017-11-23
Posts: 235

Re: [SOLVED] Communication between machines behind NATs

Thanks for the answer.

Trilby wrote:

What do you mean by "simple punctual commands"?

I think in practice, I would like (more or less) the machine A (MA) to ask twice a day to run a particular command on the machine B (MB), vice versa.

I understand the DDNS part, that is probably the cleanest way to know where are the machines at any time.

However, I still don't understand how I can reach a machine behind a wild router. Both machines can reach the static server with ssh, but how MA reaches MB ? Sorry if I miss something.

Thanks for your time.


all different - all equal

Offline

#19 2020-11-19 14:54:49

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: [SOLVED] Communication between machines behind NATs

The above mentioned tunneling (or maybe VPN) would likely be the answer to that.  However I suspect there might be another XY question burried here.

If you want this to happen at certain times of day, you can run timers ... why do you need to the computers to connect?  What are you actually trying to do?  Are you trying to syncronize data between the two machines?


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#20 2020-11-19 15:41:20

seth
Member
Registered: 2012-09-03
Posts: 49,971

Re: [SOLVED] Communication between machines behind NATs

However, I still don't understand how I can reach a machine behind a wild router. Both machines can reach the static server with ssh, but how MA reaches MB ? Sorry if I miss something.

ssh remote port forwarding, see the link I posted.
(I assume the problem is that you've two systems behind NAT'ing routers that you want to connect and a server w/ a WAN IP)

But I agree w/ Trilby that this sounds increasingly like an xy-problem and you do not actually need to do this at all.
So drop that idea for now and please explain which problem you're actually trying to solve w/ the ssh connection.

Online

#21 2020-11-19 15:45:06

Yann
Member
Registered: 2017-11-23
Posts: 235

Re: [SOLVED] Communication between machines behind NATs

I looked at ssh tunneling, it's interesting, but it doesn't seem to permit to access a machine behind a router. Juste to access a server and do other things then. I might have missed something. Did not think about VPN, but I have the impression that the technological problem is the same.

Trilby wrote:

What are you actually trying to do?  Are you trying to synchronize data between the two machines?

Well, this is historically the first reason why I would like to do that. However, I have others ideas of utility behind the head. But, yes, I use rclone to synchronize drive data and I would like to tell the other machine to sync from the remote to itself when the current machine sync itself with the remote. Otherwise, if both machines do it, the last one will erase the changes of the first one.


all different - all equal

Offline

#22 2020-11-19 15:55:13

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,739

Re: [SOLVED] Communication between machines behind NATs

It sounds like you are trying to do what Teamviewer does, but at a shell level rather than a desktop sharing level.
All machines connect to a third party server and wait, When one machine wants to contact another, it sends a request to the third party, and then the third party sets up a reverse tunnel to the destination (but the destination has already established a connection to the third party).

This could be implemented using a cloud service without too much trouble -- there is probably a solution already out there.  Or, use Teamviewer. 

The problem is this is not end to end encryption.  The third party server, is by its nature, a man-in-the-middle; hopefully a benevolent one.

Last edited by ewaller (2020-11-19 15:56:49)


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#23 2020-11-19 16:36:16

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: [SOLVED] Communication between machines behind NATs

Yann wrote:

But, yes, I use rclone to synchronize drive data and I would like to tell the other machine to sync from the remote to itself when the current machine sync itself with the remote. Otherwise, if both machines do it, the last one will erase the changes of the first one.

Oh dear.  Forget absolutely everything in this thread then.  If you are just syncing data to the public server, none of the information in this thread is relevant.  You just need approrpiate syncronization methods that will not "erase the changes of the first one" - there are LOTS of options for this that do not require the two client computers to communicate with each other.

What kind of data are you syncronizing?  Is this a full backup, or is it code, documents, and config files?  If the latter, use a version control system (e.g., git).  If the former, then rsync with the appropriate flags will do what you want.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#24 2020-11-19 18:53:24

Yann
Member
Registered: 2017-11-23
Posts: 235

Re: [SOLVED] Communication between machines behind NATs

ewaller wrote:

All machines connect to a third party server and wait, When one machine wants to contact another, it sends a request to the third party, and then the third party sets up a reverse tunnel to the destination (but the destination has already established a connection to the third party).

So, this should be the easiest. And I can not do that with ssh, right ?

This is surprising as any communication application (whatsapp, etc.) can reach another machine to give information, passing through a third party or not. Everytime the machines in the communication are not static servers and they are able to exchange data through the routers.

Trilby wrote:

What kind of data are you syncronizing?  Is this a full backup, or is it code, documents, and config files?  If the latter, use a version control system (e.g., git).  If the former, then rsync with the appropriate flags will do what you want.

I was managing all these stuffs with git previously, but as these documents are mostly files, I finally prefer a drive. And for different reasons I prefer to sync than to mount. And I don't think I can tell rclone to be notified when there is a change and to trigger a sync on the local machine.. I might be wrong as rclone is pretty extensive.

I am surprised that a feature to communicate between devices even through routers are not deeply implemented. I am surprised that ssh doesn't support that.


all different - all equal

Offline

#25 2020-11-19 19:10:32

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: [SOLVED] Communication between machines behind NATs

Yann wrote:

And I can not do that with ssh, right?

Yes, you can, if that's really what you want.  But I certainly don't see it as the easiest.

I'm not sure why you'd rule out git or another vcs.  That probably is the best solution.  But rsync could work to and just not overwrite newer files:

man rsync wrote:

--update, -u
   This forces rsync to skip any files which exist on the destination and have a modified time that is  newer  than  the source  file.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

Board footer

Powered by FluxBB