An Illustrative Guide to Eternal Terminal Tunnels
A quick learn-by-example tutorial
25 Jun 2020 , by
and
Eternal Terminal is a remarkable remote shell utility. ET has the ability to maintain connections across internet outages and changing IP addresses. mosh offers similar features, except that ET can also create persistent tunnels (essentially port forwards).
Table of Contents
Setup
Consider a simple case where an HTTP server is running on Aadi’s Raspberry Pi.
For example, the command python3 -m http.server
begins a simple HTTP server on the port 8000.
Now suppose that Chinmay wants to access this HTTP server from outside Aadi’s network, say from his house. Aadi could open a port forward allowing Chinmay to reach the HTTP server running on the Raspberry Pi.
This has two major problems:
- The server will be publicly accessible as there is no authentication involved – you only need Aadi’s IP to get in!
- The connection is not encrypted and hence susceptible to snooping and denial-of-service attacks.
Using a tunnel instead will achieve the same privately over an encrypted connection.
Tunnel?
The Linux Command Line sums up what an SSH tunnel is quite well (an ET Tunnel is functionally similar):
Part of what happens when you establish a connection with a remote host via SSH is that an encrypted tunnel is created between the local and remote systems. Normally, this tunnel is used to allow commands typed at the local system to be transmitted safely to the remote system and for the results to be transmitted safely back. In addition to this basic function, the SSH protocol allows most types of network traffic to be sent through the encrypted tunnel, creating a sort of virtual private network (VPN) between the local and remote systems.
In addition to all of that, ET is more resilient to fluctuations in the network.
Installation
Instructions for all major platform are provided on eternalterminal.dev. You will need to install it on both machines. By default, the ET server listens on port 2022. If you can log in successfully via ET1, you should be good to go for creating a tunnel.
Technicalities
-
If the Raspberry Pi has the IP address of
192.168.0.100
on Aadi’s local network, then the HTTP server will respond to requests directed athttp://192.168.0.100:8000
. -
We are using port 8000 in this guide because that is where the HTTP server we want to forward is listening. Use the port of the service you want to forward in place of 8000.
-
We are using the domain
rpi.volect.com
for connecting to Aadi’s server in this guide. Replace it with the IP address (or domain) of your server when using these commands.
Forward and reverse tunnels
The direction of the tunnel is determined by which machine the HTTP server to be tunnelled resides.
If HTTP Server is on | And ET Server is on | A … tunnel | makes HTTP server accessible to |
---|---|---|---|
Aadi’s RPi | Aadi’s RPi | Forward | Chinmay’s laptop |
Chinmay’s Laptop | Aadi’s RPi | Reverse | Aadi’s RPi |
Think about the direction from the point-of-view of the ET Server – forward is sending the port away, reverse is pulling it to itself.
Forward Tunnel
Chinmay can run the following command to create a forward tunnel.
et [email protected] -t 1313:8000
Reverse Tunnel
Swapping the -t
flag with the -r
flag will initiate a reverse tunnel instead.
et [email protected] -r 1313:8000
Now, Aadi can access the HTTP server at http://raspberrypi.local:1313
– as if Chinmay’s server was running on the Raspberry Pi.
This is assuming Aadi’s network is set up such that
raspberrypi.local
points to the local IP address of the Raspberry Pi. Typing in the actual IP address will work here too.
That’s it!
Eternal Terminal’s tunnels (tongue twister, huh?) are a great feature and we hope you try them out. They have significantly improved our collaboration experience while working on Volect, given our patchy internet connections.
If you have any feedback, feel free to reach out.
-
Repeat all the network configuration you did to use SSH to connect to that machine, but for port 2022 (ET). Then you should be good to go. Keep the SSH server running, ET uses it begin a new session. ↩︎