Bypassing firewalls using Putty and a public server

[gandhi39]

Maybe - try it.

Shell accounts don't allow you to edit sshd_config. So no, unfortunately.

Found a VPS for US$6/year. I'll give it a try.

[Blacklamb]

I got this working yesterday on an Amazon EC2 instance, you get a year of your first one free and after that if I only have it running when I’m going to play I will only pay a little more than a penny an hour.

[damned]

Excellent Blacklamb
I would appreciate it if you let me know of any steps in the doco that require refinement.
Especially as things change over time.

[gandhi39]

I got this working yesterday on an Amazon EC2 instance, you get a year of your first one free and after that if I only have it running when I’m going to play I will only pay a little more than a penny an hour.

How did you get a root ssh login/password to edit sshd_config in EC2?

[Blacklamb]

I started with making a server off the Ubuntu image, during that they have you download a private certificate. You can follow Amazon's instructions on getting started and how to log in with it. I did not create a second account so I skipped over all that and Nano was already installed. When you create the image you can also make the security rule to open TCP 1802. Then I used "sudo nano/ssh/sshd_config" to edit that file. They don't use password for anything it's all certificate authentication. I did not mess with IP tables at all, so from the doc I only used the Port Remapping part and the Client Side part changing the -pw to -i and the key file location, of you can just set it up in the graphical putty interface,that's what I decided to use. The other thing I did because Amazon charges you for having your instance down when you have a static IP was to install a Dynamic DNS client and set it up using my DNS providers instructions for setting up Dynamic DNS.

[Blacklamb]

Another quick note when I setup the access security policy for Amazon's instance I set SSH to only work from my Office IP range and Home IP. I set the TCP port 1802 to work from all IPs.

[damned]

I started with making a server off the Ubuntu image, during that they have you download a private certificate. You can follow Amazon's instructions on getting started and how to log in with it. I did not create a second account so I skipped over all that and Nano was already installed. When you create the image you can also make the security rule to open TCP 1802. Then I used "sudo nano/ssh/sshd_config" to edit that file. They don't use password for anything it's all certificate authentication. I did not mess with IP tables at all, so from the doc I only used the Port Remapping part and the Client Side part changing the -pw to -i and the key file location, of you can just set it up in the graphical putty interface,that's what I decided to use. The other thing I did because Amazon charges you for having your instance down when you have a static IP was to install a Dynamic DNS client and set it up using my DNS providers instructions for setting up Dynamic DNS.

Another quick note when I setup the access security policy for Amazon's instance I set SSH to only work from my Office IP range and Home IP. I set the TCP port 1802 to work from all IPs.

Good stuff Blacklamb.

[gandhi39]

Go to https://www.noip.com/
create a free account and copy "your noip username" and "your noip password" to a notepad text file for later use below
create a free dynamic dns hostname and copy "your noip hostname address" to your notepad text file for later use below


Go to https://www.chiark.greenend.org.uk/~...ty/latest.html
download putty.exe (preferably 64-bit)
download plink.exe (preferably 64-bit)
download puttygen.exe (preferably 64-bit)


Go to https://portal.aws.amazon.com/billing/signup#/start
create your account (credit card required, charges apply after 1 year)


Go to https://aws.amazon.com/
sign in to the console
EC2
instances
launch instance
Ubuntu Server 18.04 LTS (HVM), SSD Volume Type - ami...
select
choose one with "Free tier eligible"
next: configure instance details
next: add storage
next: add tags
next: configure security group
add rule / custom tcp rule / TCP / 1802 / Custom / 0.0.0.0/0
review and launch
launch
create a new key pair
key pair name: server-key
download key pair
save as: C:\Users\Public\server-key.pem
launch instances

click on View Instances at the end of the page
copy "your IPv4 Public IP" to your notepad text file for later use below
(you may now close your browser)


run puttygen.exe
load
C:\Users\Public\server-key.pem
ok
save private key
yes
C:\Users\Public\server-key.ppk
close puttygen


run putty.exe
On the Session tab:
Host Name: ubuntu@"your IPv4 Public IP"
Port 22
SSH
On the Connection/SSH/Auth tab:
click on "Browse"
C:\Users\Public\server-key.ppk
On the Session tab again:
name and save your session
click on "Open"
yes

login as: ubuntu
[Enter]
type: sudo nano /etc/ssh/sshd_config
[Enter]
add those lines to the end of the file:

AllowTcpForwarding yes
GatewayPorts yes

hold Ctrl+X
(Y)es
[Enter]
type: sudo service sshd restart
[Enter]
type: sudo apt-get update
[Enter]
type: sudo apt-get install ddclient
[Enter]
(Y)es
[Enter]
use Esc to skip everything until the installation stops
type: sudo nano /etc/ddclient.conf
[Enter]
change the file as follows:

protocol=dyndns2
use=web, web=checkip.dyndns.com/, web-skip='IP Address'
server=dynupdate.no-ip.com
login="your noip username"
password="your noip password"
"your noip hostname address" (ex: yourname.ddns.net)

hold Ctrl+X
(Y)es
[Enter]
type: sudo /etc/init.d/ddclient restart
[Enter]
close your PuTTY session
ok


Create a batch file in the same folder where you saved plink.exe with those lines:
plink.exe -ssh ubuntu@"your noip hostname address" -i C:\Users\Public\server-key.ppk -R "your noip hostname address":1802:localhost:1802 -v
pause


Run the batch file and keep the prompt window open
(store key in cache the first time)
(if you see "1802 enabled" at the end of a line, it's probably working!)
(run it again each time before you host a fantasy grounds game, and keep it open for the whole session)
(your players must use "your noip hostname address" as the Host adress to join game)


Remember to confirm your noip hostname every 30 days by clicking on the link on the e-mails you receive
This should be enough to host your games for 1 year

After one year amazon will charge you for the service
It will cost you a lot less if you stop (not terminate) your aws EC2 instance after hosting each game
You will need to start it again each time before hosting a new game
"your Public IPv4 IP" will change everytime, but noip and ddclient should help you to not worry about that

You can stop or start your instance on https://aws.amazon.com
sign in to the console
EC2
instances
select your instance
actions
instance state

You may also want to terminate your free tier instance (micro) and launch a cheaper one (nano) to replace it
The tutorial should help you again with that
(24 sessions of 6 hours each in a year should cost you a total of less than US$1,00 if you do it right)

[damned]

Thank you gandhi39

[gandhi39]

I started with making a server off the Ubuntu image, during that they have you download a private certificate. You can follow Amazon's instructions on getting started and how to log in with it. I did not create a second account so I skipped over all that and Nano was already installed. When you create the image you can also make the security rule to open TCP 1802. Then I used "sudo nano/ssh/sshd_config" to edit that file. They don't use password for anything it's all certificate authentication. I did not mess with IP tables at all, so from the doc I only used the Port Remapping part and the Client Side part changing the -pw to -i and the key file location, of you can just set it up in the graphical putty interface,that's what I decided to use. The other thing I did because Amazon charges you for having your instance down when you have a static IP was to install a Dynamic DNS client and set it up using my DNS providers instructions for setting up Dynamic DNS.

What do you mean with "Amazon charges you for having your instance down when you have a static IP"?

Could you then please explain how to install the Dynamic DNS client and set it up?