Hi folks,

is there any solution how can I access my wrt router behing NAT? I am looking for solution without port-forwarding. I thought that router can access to my server on the internet and I could connect then to my router through this server...
thanks

Miamia:

There is an emerging standard for reverse http that can help you here. Essentially, what needs to happen on your router is to have it "dial out" to a known location (e.g., where you are or can access the web) using http to announce your presence and grab the stream. Alternatively, using another protocol (e.g., like SIP) which is already going to the router on a constant basis, you insert a request to have the reverse http stream commence to the desired IP address.

Sorry if this is a little technical, but this is not really yet a feature

The other thing you can do if the upstream router supports UPnP is to either program the UPnP IGD to recognize and forward your requests to the device you are trying to manage behind the router. But this is sort of like automated port forwarding

marc.

hi Mars, thanks for your answer. What do you think about SSH or VPN? maybe router could establish connection via SSH (tunnel) with remote server... it could work, isn't?

You can do the same thing Marca has described with SSH.

The router establishes an SSH connection with a remote server. You establish an SSH connection with the remote server, and through that, establish an SSH connection to the router.

From the router:

ssh -R 9999:localhost:22 user@your_remote_server

SSH into your remote server, and then:

ssh localhost -p 9999

Boom, you're in your router now.

(Last edited by aport on 26 Feb 2010, 21:49)

Aport, many thanks. please can you explain me which parameter in your nice example will provide for example this scenario:
I open in browser address:80 in pc (connected to remote server) and it should retrieve communication from webserver on first LAN port on the router. Similar example will be with ftp on second LAN port, etc.
And which parameter must I use when I want to open default router's administration login page?

thank you.

By the way:  I think main disadvantage is when connection between server and router crashes. Propably vpn can be better for this.

miamia:

with aport's example, it's access via ssh, not with a web browser. If you are comfortable with the command line and vi, you can do all that you want very easily with this method.

The reason I focused on reverse http is that most people are not comfortable with the Linux command line, ssh and vi.

With respect to VPN access, that's what aport is showing you. ssh, while commonly thought of as a secure replacement for Telnet, is just as useful as a sort of VPN. You can use it to tunnel different protocols like TCP or HTTP as well as to transfer files using SCP.

marc.

(Last edited by marca56 on 26 Feb 2010, 22:12)

Remember, NAT has been broken until r19761, so it might not be very reliable.

An alternative would be to use a VPN on UDP and use UDP to tunnel out.  Basically you inform the router of your IP and UDP client port number.  The router sends about ten UDP packets to the IP/port specified with the VPN server's port as the return address.  Simultaneously, you try to connect to the VPN on the router, retrying as needed.  The various NAT layers between should eventually think there's a UDP session going on, and start routing packets back and forth rather than block them.

The advantage of this method is that you have a "direct" connection so your ping time is lower, throughput is better, and you don't even need your own server (IRC would work as the go-between just fine).  OTOH, it's more complicated and I have no idea if there are ready-made packages to do this.  Connecting to the VPN would also be a more transparent solution than using SSH to tunnel.

(Last edited by izomiac on 27 Feb 2010, 03:51)