Several months ago I was given access to a free, moderately powerful virtual private server (VPS) with the catch that the server sat behind a firewall which denied all incoming connections. The company hosting the VPS provided a web interface for accessing the server via a VNC connection which they routed internally. This was the only way to interact with the server.

Upon getting access to the VPS I immediately tried the first thing anyone would try, and that of course was running a Minecraft server on it. I was very excited about the possibility of hosting a completely free Minecraft server for my friends and I to enjoy, until I realized that it was impossible to connect to the server from the Internet.

So, I gave up and ran my Minecraft server on AWS instead. Thanks for reading.

Just kidding. I came across SSH reverse tunnels instead.

SSH is an incredibly powerful tool which is capable of doing a lot more than just being a secure shell to a remote machine. One of the additional features it has is reverse tunnelling.

Imagine you have two machines: MachineA, and MachineB.
MachineA can create outgoing connections, but can not accept incoming connections.
MachineB accepts both incoming and outgoing connections.

MachineA establishes an SSH connection to MachineB, and configures MachineB to forward all requests to port 8080 over to MachineA’s port 2020 (using the same SSH connection).

It looks something like this:

MachineB <—SSH—- MachineA // Establish the connection MachineB:8080 —SSH—> MachineA:2020 // Port forwarding over the established connection

This works fine because MachineA is not relying on any incoming connections made directly to it, but rather is able to accept incoming connections which arrive at MachineB. Now all I needed was another server which is not behind a firewall to act as MachineB.

Fortunately I have several small, inexpensive servers which were perfect for the job.

Using this functionality of SSH, I was able to piggy back one of my weaker servers to act as a proxy for the stronger server which was running Minecraft. My friends would connect to my weak server port 8080, and get forwarded over the SSH tunnel to the Minecraft server sitting behind a firewall on port 2020.

Alas, we were finally able to play Minecraft.


I'm 25 years old and I do stuff with computers.