How to make my WebDictate, BroadWave, Broadcam, Axon, ScreenStream, FlexiServer, QuorumWeb, etc. server accessible to the public Internet

The Problem:

You want to run a server behind a NAT router or a firewall and it is not possible to configure it to expose the server on the public Internet.

NOTE: for help configuring your NAT router or firewall, please see here.

In this howto we will refer to your server (the one behind the NAT router) as "YourServer", and the publicly accessible host as "PublicHost".

The Solution:

Secure Shell (ssh) Port Forwarding (sometimes referred to as tunneling). This is where connections to a chosen port on a publicly accessible host ("PublicHost") are forwarded to your server ("YourServer") port via a previously setup tunnel.

What you will need

  1. A publicly accessible host - a host with a well known host name or IP address
  2. A ssh server (see below for suggestions)
  3. A ssh client - we strongly recommend Putty, from: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.
    This howto will use only the plink.exe component of Putty

INSTRUCTIONS

Pre-setup:

  1. Install a ssh server on "PublicHost" (see below for suggested servers and detailed instructions on how to do this).
  2. Make sure the PublicHost's firewall allows connections on ssh port 22
  3. Make sure the PublicHost's firewall allows connections on your chosen port (choose a port above 1000, say 1185)
  4. Download plink.exe from the Putty website: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
  5. Save it to c:\WINDOWS on "YourServer"

When it is time for the forwarding to be active:

At YourServer:

  1. Open a cmd window (Start -> Run -> cmd)
  2. Type in this command:
    plink -N -R 0.0.0.0:1185:localhost:85 PublicHost
    where:
    1185 is the chosen port that your clients will connect to
    85 is the port used by your server process on YourServer
    PublicHost is the hostname (or IP address) of the public host

After you have entered a username and password (valid on PublicServer), this should create a tunnel between port 1185 on PublicHost to port 85 on YourServer. When client programs (such as Internet Exporer) attempt to connect to port 1185 on PublicServer they will in fact end up connecting to port 85 on YourServer.

If there are problems include the "verbose" switch ("-v") to increase debug output. Possible problems include:

  1. The chosen port could be already in use - choose a different one.
  2. Connect or timeout errors generally indicate that the PublicHost name is incorrect (try the IP address), or that the PublicHost firewall is blocking port 22 or the chosen port.
The plink command above could be included in a script that runs automatically on login or some other way.

Test the setup:

Attempt to use you client program to connect to the chosen port on the PublicServer.
For example, to use Internet Explorer to connect to BroadWave normally (using the direct connection):

http://YourServer:85

or, using the setup described above:

http://PublicServer:1185

Secure Shell (ssh) Server setup:

The PublicServer needs a ssh server installed on it. There are several options, some open source and others are commercial offerings. The commercial offerings are generally easier to install and configure and come with technical support. Some commercial options are:
http://www.ssh.com/products/client-server/
http://www.bitvise.com/winsshd

A free option (copSSH) is available here: http://www.itefix.no/i2/copssh

To install and configure copSSH:

  1. Download the installer package
  2. Unzip and run the setup exe
  3. Accept all the defaults during the install
  4. Open this file with notepad or similar:
    C:\Program Files\copSSH\etc\sshd_config
  5. Find the line" "#GatewayPorts no" and change it to "yes" and remove the #, like this:
    GatewayPorts yes
    (This allows other hosts to connect to the chosen port, not just programs running on the PublicHost).
  6. Restart PublicServer