Saturday, 16 July 2022

gcloud command for free port forwarding from Google Cloud account, using reverse SSH, along with Windows batch scripts to automatically restart the SSH tunnel

gcloud compute ssh tunnel --ssh-flag "-R 43022:localhost:22" --command "sudo sshpass -p WindowsPassword ssh localhost -N -p43022 -l WindowsUsername -L:80:localhost:80 -L:443:localhost:443 -L:8333:localhost:8333 -L:8334:localhost:8334 -L:8335:localhost:8335 -L:50001:localhost:50001 -L:50002:localhost:50002 -L:50003:localhost:50003 -L:50004:localhost:50004"

Port forwarding is necessary for Bitcoin nodes to accept inbound connections, Fulcrum (Electron-Cash) servers, serving web-sites from PC & setting up a Tor relay. Unfortunately many of us like myself can't forward ports properly from fiber modem. Unlike VPN port forwarding, Google Cloud is free to try! PureVPN otoh may involve a 24 month contract. Every Google account with a proper debit card # gets 3 months free with $300 credit. I've only used $22 in 9 days, including VM setup.

Ports 80 & 443 are for HTTP & HTTPS. Ports 8333→8335 are for BCHD (full node). Ports 50001→50004 are for Fulcrum, an EC server. Port 22 is for Windows OpenSSH Server. Seeding torrents may require yet another port.

The problem is that it's quite difficult for ppl to figure out how to forward ports reliably using ssh, even if it is free. The above command requires a few things:

  1. "tunnel" refers to a working VM inside the cloud. gcloud compute instances create can be used from PowerShell, since the gcloud website is too confusing imo. There might be a firewall rule needed at gcloud's website, though.
  2. sudo apt-get install sshpass is necessary, after gcloud compute ssh tunnel from PowerShell. sshpass allows combining everything into a single cmd command.
  3. In Win10 go to Manage Optional Features & install OpenSSH Server. Optionally if you go to the Windows Services app you can check that OpenSSH Server is running properly.
  4. Replace WindowsPassword & WindowsUsername with your Win10 login credentials. A more secure, more complicated, option is to create a secondary non-admin account for port forwarding (always logged in). Same sort of thing should also work for local Linux or macOS.

I recently posted a batch script to auto reset failing Wi-Fi adapters. This can be combined a new batch script which reboots the gcloud tunnel & then resets the ssh port forwarding. Copy the following into notepad & save as MaintainSSHConnection.bat

call gcloud compute ssh tunnel --command "sudo reboot" TimeOut 15 call gcloud compute ssh tunnel --ssh-flag "-R 43022:localhost:22" --command "sudo sshpass -p WindowsPassword ssh localhost -N -p43022 -l WindowsUsername -L:80:localhost:80 -L:443:localhost:443 -L:8333:localhost:8333 -L:8334:localhost:8334 -L:8335:localhost:8335 -L:50001:localhost:50001 -L:50002:localhost:50002 -L:50003:localhost:50003 -L:50004:localhost:50004" 

replacing the password & username with your own. It takes btwn 10 & 15 secs to reboot the Linux VM (maybe 20 is safer). I'm not sure why call is necessary. Then create MaintainInternetConnection.bat:

cd C:\ :GoTo TimeOut 1 Ping -n 1 www.msftconnecttest.com | FindStr /n ^^ | FindStr "^[2-3]" If %ErrorLevel%==0 GoTo GoTo netsh interface set interface Wi-Fi disabled netsh interface set interface Wi-Fi enabled TimeOut 5 start cmd /k "%~dp0MaintainSSHConnection" GoTo GoTo 

Right-click this one & Run as Administrator (to turn Wi-Fi off & on if it fails). %~dp0 properly addresses the other .bat, for example. It's quite tricky to get all this perfect, so maybe PureVPN port forwarding + better wi-fi adapter is the simpler more secure option!

I'm running a Fulcrum server at bchd.tk, as well as a BCHD SLP-GraphSearch server. There's a timeout problem with the bchd-mainnet.electroncash.de server, so EC-SLP users might need an alternative! Using free gcloud port forwarding anyone can run their own graphsearch server, etc. gcloud could be like gmail for VPN! A Tor relay could also be run on the VM, possibly helping to improve the Tor network.

Edit: It just occurred to me that MaintainSSHConnection.bat should be a completely separate script with its own GoTo loop. If the SSH connection breaks for any reason, it just restarts with sudo reboot, etc. Maintaining SSH could be its own problem if the tunnel gets attacked somehow, e.g. DDoS.

submitted by /u/TinosNitso
[link] [comments]

source https://www.reddit.com/r/btc/comments/vzx4i5/gcloud_command_for_free_port_forwarding_from/

No comments:

Post a Comment