how to host a server when your ISP blocks all ports

Ever have an ISP which decided to block all your ports. This quick guide will tell you how to have servers bypass port blocking restrictions on the cheap.

Step 1, Get a VM in the cloud

While services like GCP and AWS are great, they charge a lot for bandwidth. And if you're like me, you want to access your NAS from remote locations, which will quickly rack up charges.

So I reccomend digital ocean's $5/month VM which gives you 2TB of traffic. Should be more than enough for what we're doing.

I reccomend using ssh keys for logging into the VM, as it'll make life easier and be more secure.

For example purposes let's assume that your VM's ip address is 100.111.123.1.

Step 2, Configuring SSH

First let's ssh into our vm:
$ ssh [email protected]

SSH by default does not allow external traffic to access forwarded ports. To fix this, simply run the following command in your VM.
$ sudo echo "GatewayPorts yes" >> /etc/ssh/sshd_config

Step 3, Setting up your SSH Socks Proxy

The -R flag in the ssh command line utility allows us to take traffic from a remote machine and forward it to a local port. Using a -D flag, we can also create an SSH Socks proxy so that all of our outbound traffic is forwarded through the remote machine as well.

So let's say my home machine has a nodejs server running on port 3000, and I want an SSH Socks proxy running on port 8080. The SSH command would look like:

$ ssh \
    -R 3000:localhost:3000 \
    -D 8080 \
    -C \
    -N \
    -f \
    [email protected]

btw, -C = Compress, -N = do not execute remote commands, -f = run in the background.

But now let's say we want to forward our home computer's ssh server. We've got a port conflict as both the VM and home computer are both running SSH on port 22. Well, the remote and local ports do not need to be the same :D, so let's have traffic on port 23 of the remote machine be routed to our local machine's port 22.

$ ssh \
    -R 23:localhost:22 \
    -R 3000:localhost:3000 \
    -D 8080 \
    -C \
    -N \
    -f \
    [email protected]

To ssh into your home computer it's as simple as running:
ssh <username>@100.111.123.1 -p 23

And to ssh into your server its:
ssh [email protected]

Step 4, Have home computer auto connect to Socks proxy

Crontab is the most simple stupid way I know of to do this.

First, let's create a bash script in our home directory that creates the SSH proxy:

$ echo "ssh \
    -R 23:localhost:22 \
    -R 3000:localhost:3000 \
    -D 8080 \
    -C \
    -N \
    -f \
    [email protected]" > ~/start_tunnel.sh

Now let's give the script executable permissions.

$ chmod +x ~/start_tunnel.sh

And Finally let's execute this script on bootup by entering into our crontab configuration:
$ crontab -e

And adding the following line to the end:
@reboot ~/start_tunnel.sh 2>&1 > /dev/null

Thats it, all your internet traffic and servers will be going through your $5 digital ocean VM. All with SSH and a few bash scripts.