Reverse SSH Tunnel

Without the ability to port forward a network under a NAT, your server is useless. In the case that you are incapable of allowing incoming traffic to certain ports into your network, you can use a reverse tunnel to give tunnel necessary services through another server elsewhere.

On the proxy server, edit.

$ sudo nano /etc/ssh/sshd_config

If it doesn't exist already, add the following line: GatewayPorts clientspecified

Now restart the SSH daemon. Note: non Debian/Ubuntu systems use $ sudo systemctl restart ssh

Finally, you can create the tunnel on the client. The format is

$ ssh -N -R :9000:localhost:22 user@example.org

Creating a persistent tunnel
Using the command above does not keep the connection alive if the connection is lost. To make it a persistent connection, we can use.

sudo apt install autossh

or

sudo yum install autossh

Then, to start it run: autossh -M 20110 -o ServerAliveInterval=20 -R :9000:localhost:22 user@example.org & >/dev/null 2>&1

Resources

 * LinuxHostSupport- How to setup a reverse SSH tunnel on Linux
 * superuser - How to reliably keep an SSH tunnel open