# [How To] Use Reverse SSH Tunnel for Web Apps over Verizon 4G!



## Gr8gorilla (Jul 13, 2011)

This is a tutorial on how to access your android device from a PC, without being connected to the same network over wireless. There are several reasons to do this. If you are using Verizon 4G, you do not get a public IP address. This means that many apps that do cool things with the internet don't function properly. Two that I own, that work over 3G are KWS Pro, and Remote Web Desktop. There are others in the market as well. This should work fine for any carrier who doesn't hand out external IP addresses. I understand that sprint is also giving mobile devices IP addresses that are behind a NAT.

What you will need:
Android Phone
Connect Bot (App free in the market)
Android App that needs access to an external IP to function. (KWS, Remote Web Desktop, IP Cam App etc...)
DDWRT Router (Tomato router probably would work, I don't know) that has a built in SSH server, or another SSH server that you have access to.
Preferably a static ip from dydns, no-ip, or if you own an extra domain name you can put it on freedns.org, or zoneedit.com or some other free Dynamic DNS site.You can do this with just the Router's external IP address but it is much nicer with a dynamic DNS.

This tutorial assumes that you already have a home router capable of running an SSH server. I will explain the setup of the DDWRT router, as it is the one I own. I also am assuming that you have a Dynamic DNS set up with one of the above mentioned sites that points to your home router.

1. Configure Router:
Make sure your router is set to run an SSH server and accept SSH connections.
A. In DDWRT you will go to Administration >> Management: Enable SSH remote, Choose a port larger than 1024 and don't 
forget it. We will use port 12345 for this tutorial. Click Save. Then Click Apply Settings.
B. Next go to Services >> Services and enable SSHD and SSH TCP port forwarding. In the port field you will use the same port 
as before, 12345. (You should probably set up key encryption and disable telnet, password logons, and the remote web gui. 
read the ddwrt site/wiki/forums for this sort of security advice.) Click Save, Apply Settings.
C. Open the NAT/Qos Tab.In the fields you will enter a name for a port forward. The next field is the Port from field. This port
is the one visible to the internet. In my case I used port 80 because I want to serve a web page from my Galaxy Nexus. Also
regular HTTP traffic is routed over port 80. This may or may not work for you depending on your ISP. If not there are more
rerouting solutions available such as routing all port 80 traffic to your-domain.com to port xxxxx of your choosing. Under
protocol pick the type that suites your application, likely TCP. In the IP address field enter localhost or your routers internal
ip address(192.168.1.1, etc). Finally in the port to box, enter some secondary random port above 1024, say 56789 (must be	
smaller than 2^16 - 1, or 65,535) Check the Enable box, click Save, Apply Settings, Reboot Router.
Tip: Using Port 80 as your outside port means you can just enter your-domain.com with no port # to access your service!

2. Configure Connect Bot
A. Open Connect Bot. In the field at the bottom, (for ddwrt the username is always root) [email protected]:12345 (the
ssh port we chose at the beginning). Push enter. If all goes well and you connect to your DDWRT router you will get a shell, with
a command line.
B. Press the menu key, Port Forwards. Press Menu to create a new port forward. Enter a nickname for this forward. Choose Remote 
In the Source port box, enter the port you chose from the Port To section in the router configuration, in our case 56789. In the
next box, Destination, enter localhost:xxxx this is the port that your android service is running on. In Remote Web Desktop and 
KWS, you can choose any port above 1024 within the application for the service to run on.

3. Start the service you want to access on your android phone. Enter your-domain.com in the web browser of any computer, and then	
elebrate!

Good luck, have fun with the Geekiness of this. If anyone has anything to add, feel free. I Hope someone gets some use out of this.......


----------



## exarkun (Dec 4, 2011)

This is easier to use for tunneling than connect bot is.

https://play.google.com/store/apps/details?id=org.sshtunnel&hl=en


----------



## Gr8gorilla (Jul 13, 2011)

Maybe so, but the overall purpose here is exposing certain Ports on your 4G phone to the internet so that you can access the services running in them. I don't think either app is any simpler in this regard.

If your goal is simply secure browsing, I could see how the other may be easier. This is more about punching secure holes in enterprise NATs to get to the device behind it from outside.

Both of the apps I mentioned run web servers on your phone but are not accessible from the web on 4G because they are behind	Verizon's NAT.


----------



## ddarvish (Jul 22, 2011)

you can also just use IPV6 because your phone has a globally routed (READ public IPv6) address


----------



## Gr8gorilla (Jul 13, 2011)

True but making that address IPV4 accessible to anyone in the outside world is much more complicated than a reverse SSH tunnel.


----------

