Introduction
This guide explains how to remote port forward using a VPS you control. This is useful for many things, including hosting multi-player peer-to-peer games, Remote Desktop connections, etc. This is useful because it allows you to do this from any network, even those where you have no direct control. As such, you can't use standard port forwarding. This is also useful for cellular networks where you're usually behind many layers of NAT that also prevents traditional port forwarding.
Before continuing, it's expected you have a basic to intermediate understanding of Linux, its command line, and how computer networking works. This essentially uses your Internet-facing server as a middleman. Incoming connections reach the server, which redirects them to a local port on your computer. This works because your computer is connected to the server, so it accepts data coming back from that connection.
TCP Forwarding
TCP forwarding is the easiest method, as you can use SSH. The following instructions use PuTTY on Windows, but you can use any other method you wish. The reason I use PuTTY is because it's very easy to configure and you can create a profile that forwards one or many ports automatically when you connect to the SSH server.
Start by installing and opening PuTTY. Fill in the server address and port information as usual, then move focus to the list of categories. Select and expand the SSH category, then find Tunnels. Fill in the following information. Type the port you want to use in the source port box. This is the TCP port the server will listen on. Anything directed to this port from the Internet will be forwarded using the SSH tunnel to the destination you specify in the next box.
IN the destination box, type the IP address and port you wish to use, separated by a colon. For example, if you wanted the destination to be your local computer on port 13000, it would look like this.
127.0.0.1:13000
Note: some programs such as Top Speed 3 may have problems or refuse to connect when you specify the localhost address. In this case, replace it with the private IP address of your computer.
Select remote from the radio button group. This is very important, as the idea is to configure remote port forwarding, not local.
You can leave the next box set to auto, or specify which version of IP you want to use. Most applications still use IPv4, but if you want to be safe, leave it set to auto.
Finally, select the add button. The list should update to reflect your new rule. You may continue adding rules using the same procedure if you want to forward multiple ports at once. When you're done, go back to the list of categories and select session again. With all the server and port forwarding information filled out, type a description name into the saved Sessions box and choose save. From now on, use this session to connect to your server, and the ports will automatically be forwarded.
Server Configuration
On the server, you'll need to make some changes to the sshd_config file. The following instructions assume you're using Debian, Ubuntu, or one of its other distributions based on these, so adapt this to any other distribution you may be using. Run the following commands and make the necessary changes listed below.
sudo nano /etc/ssh/sshd_config
Modify the following lines to look like this.
AllowTcpForwarding yes
GatewayPorts yes
Save the file with Control+x, y, and enter then run the following command to restart the SSH service to apply your changes.
sudo systemctl restart sshd
At this point, all you need to do is open the ports you configured in the server firewall so Internet traffic can be accepted. If using UFW, run the following command to open the port 13000 for example.
sudo ufw allow 13000/tcp
If you configured everything correctly, all you need to do is start the server on your local computer and connect using the public IP address or domain name of your server. As long as the PuTTY window and SSH connection are open and active and everything has been properly configured, people should be able to connect. Now you can do things like securely tunnel Remote Desktop or play games using your server as a middleman.
UDP Forwarding
UDP forwarding is a little trickier and requires a third-party program. Download Secure Socket Funneling from the following page.
https://securesocketfunneling.github.io/ssf/#home
You'll need to download both the Windows version and the corresponding version for Linux. If you have issues with the program being flagged as a virus, download it to an excluded folder.
Server Configuration
Once you've downloaded the Linux version, it's time to configure the server. The server will listen on TCP 8011, so make sure you open it on the VPS before continuing. You'll probably want to run this in screen so it runs in the background. Run the following commands to open ports and configure the server. For this example, we're assuming you want to forward ports for Manamon, which requires UDP ports 15000 and 15001. The fact this has to be done for a commercial product is ridiculous and highly unprofessional, but I digress. At least you as the tech-savvy user will be the only one required to do this, everyone else can connect normally.
sudo ufw allow 8011/tcp
sudo ufw allow 15000/udp
sudo ufw allow 15001/udp
screen
cd <path to the SSF folder>
chmod +x ssfd
./ssfd -g
You should get a command line window stating the server was successfully started and is listening on port 8011. Press Control+a then d to detach from the screen window. The server is running, so the rest of this process will be done from your computer.
Computer Configuration
On your computer, open two command line windows and cd to the folder containing the ssf executables. Run the following command, substituting the port numbers. If you need to forward multiple ports, open multiple windows and run multiple instances of SSF.
The following syntax examples will forward UDP 15000 and 15001 to a server with the public IP address 1.1.1.1 and localhost on your computer. As stated previously, if localhost doesn't work, replace it with the private IP address of your computer.
ssf -g -V 1.1.1.1:15000:127.0.0.1:15000 1.1.1.1
ssf -g -V 1.1.1.1:15001:127.0.0.1:15001 1.1.1.1
As long as these command line windows are open, traffic coming to the server will be redirected to local UDP ports on your computer.
Conclusion
Hopefully this is useful. While it's a bit complicated, the advantage is that it can be performed from anywhere and doesn't require other people to do anything except connect to your server. It's much easier than configuring a VPN and trying to get everyone connected to it. Have fun!