How to dynamically port forward for ISPConfig update?

Discussion in 'General' started by asgare, Nov 7, 2022.

  1. asgare

    asgare Member

    Hi everyone
    I hope you are all keeping well.
    You may know that we have been facing Internet censorship in Iran due to women's freedom for around two months and because of that all applications such as Facebook, Telegram, WhatsApp, and millions of App bands in Iran. Even we can't update servers, mobiles, or windows operating systems.

    According to the above-mentioned issue, I can not update my server and also I can't install ISPConfig on my brand-new server.

    For solving my problem, in a very hard situation, I bought a VPS from Germany ( that's because Iran network fibers come from Germany and due to that ping time goes below 200 ms ).

    Now I want to make SSH from the Iran server to the German server to solve and bypass censorship.

    Iran IP:
    German IP:
    nohup ssh -4 -D [email protected] &
    This command in many shapes gives me an error. I would appreciate it if you could help me to grant my network freedom.
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    What is that error?
    Are you creating an SSH tunnel with that command?
    If you just want to open SSH session from your host to the VPS host, the command is
    ssh [email protected]
    or if root login from remote is not allowed (this is the usual case, not allowed using password unless you open it previously), use some other account that you have created on the vps host.
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    There is no need that your ISPConfig server can reach our systems to install updates, it does not even has to be connected to the internet for that. Just grab a copy of the ispconfig source, unpack it and run update.php. This manual update procedure is described at the end of each release notes too.
  4. asgare

    asgare Member

    Hi till

    well, actually nothing working in here. ISPConfig has lots of dependencies that must be installed. Our challenge is not ISPConfig itself now.
  5. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    If you are using Debian GNU/Linux on that host, there is
    Debian is available as a set of DVD disks, that contain all the packages. Use that to install, then apt-offline to keep system updated.
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    You can configure apt on Debian and Ubuntu to use proxies for downloading software.
  7. asgare

    asgare Member

    Thanks for your reply

    I really don't know how to make a proxy, I need step by step solution.

    What I post over there is an example of people's usage that I heard.
  8. asgare

    asgare Member

    Do you have any step-by-step solution for that?

    I installed the "U-XI" server, a Chinese proxy solution that helped me bypass through mobile and window using the Vmess protocol but I couldn't connect it via Debian to Debian.
  9. asgare

    asgare Member

    till even I need the proxy to connect to the Howto website :Do_O

    very ridiculous situation
  10. till

    till Super Moderator Staff Member ISPConfig Developer

  11. asgare

    asgare Member

    I know, normal countries think of wealth and well being of people not blocking countries from others.

    those who were in our business recommended I use SSH port forwarding, as they did but I can get the most help out of that.
  12. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    can you not use vpn software like cyberghost or nordvpn?

    i don't see port forwarding ssh being very helpful to you, unless it's for something you normally access via ssh anyway.

    if you can get a vps in germany and access that, if you can't use vpn software, i would suggest just getting a linux vps in germany, install ubuntu-desktop (if using ubuntu, not sure what the debian equivalent is) and then install vnc-server on it. ( or xrdp)
    install a vnc client on your local computer, and use that to connect to the vnc-server. you know have full gui access to the vps in germany. use that as normal to browse sites / download software etc. and then you can locally download any files you downloaded to the server using ssh.
    for server updates and package installs, you can also use this german vps as an apt-proxy as suggested by @till
    ahrasis likes this.
  13. asgare

    asgare Member

    Thanks for your reply

    Iran's filtering system is based on AI/ML. Every month find IPs connecting to abord and filter them. I must buy very cheap VPSs to set up and put in running.

    I found some businesses in our same field in other cities that use SSH dynamic port forwarding. I asked them for help they mentioned network technicals did for them when I ask them for the contact number of that person they are denying me.

    very awkward situation
  14. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    If SSH port forwarding and APT proxy is not doable, what about my suggestions in #5?
  15. asgare

    asgare Member


    I am not a professional in Linux systems, all ideas I had learned about Debian are back to ISPConfig. It was my starting point to come into Linux base systems. Thanks to "till" and others. I mean it, really.

    As you know debugging is a very frustrating and hard issue. After installation, software needs update, including antivirus Calm, and many others.
    I can't handle pice by pice. I need to solve this in any way.

    I know some private companies in Iran that solved by socks proxy of SSH dynamic port forwarding but I don't know how! they just gave me the structure of command without much explanation.
    nohup  ssh -N -D [Iran IP]:8080 -i /root/.ssh root@[German IP] &
  16. pyte

    pyte Well-Known Member HowtoForge Supporter

    If you need this to update the system, you could simple setup a wireguard gateway on the german VPS and add your server as a client. When the server is connected all traffic is routed through this wireguard gateway. While connected with WG you can update the system and close the wireguard connection after it.

    If you want to use ssh take a look at:
    ahrasis likes this.
  17. asgare

    asgare Member

    Thanks, pyte
    Nice resources

    I read both but I need to work on how to implement them in my servers.
    Sadly, I must read a lot and playground with this to install and run it. Thank you anyway. I never heard about both of them. It is worth trying it.
  18. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I still say my solution in #5 is simpler that apt proxy or ssh tunnels or port forwarding. Even if other server admins in your country use VPN you do not have to use the same solution, especially if the admins are not willing to tell you how it is done.
    pyte likes this.
  19. pyte

    pyte Well-Known Member HowtoForge Supporter

    To be honest i am a bit confused, and not really sure what OP is trying to achieve here exactly, but there are lots of options in this topic.
  20. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    I undestand there are two problems where the first is the cause but more general and the second one is a specific problem related to keeping his server updated or allowing him to setup new ones.

    I do further see all solutions given as useful but what he needs in other specific is step by step for the suggested solutions where he could simply follow.

Share This Page