My girlfriend is stuck behind a very restrictive firewall at college. It hides her behind some kind of NAT. No open ports whatsoever. In a way I can understand it; when you have thousands of Windows machines running on a high-speed network, you need all the help you can get. In another way, I just couldn't live with that kind of crippled access. I know I'm not really a typical user, but I needs me my open ports for SSH and whatnot.
We wanted to play ZSNES over the internet, which needs a direct connection between two computers. It took me forever to figure out how to get a reverse SSH tunnel set up, but I finally did. The terminology is always very confusing. "Local" vs. "remote"; is that from the point of view of the client, or the server?
Just so I have a record of how to do this:
ssh -R 12345:localhost:6881 SERVER_NAME
-R means SSH will LISTEN for connections on the REMOTE host ("remote" from the point of view of the PERSON RUNNING THE COMMAND, i.e. the client). (-L is the opposite.) It will listen for connections on port 12345 on the machine where the server resides; it will forward the data to incoming port 6881 on the machine where the client resides.
After getting that working, it turns out we needed UDP forwarding too, so I had to look for something else. I ended up using OpenVPN. That program is pretty amazing. It only took a short while to install, by following the HOWTO. Even on Windows (though it has Linux versions too). I used had to use TAP devices instead of TUN; I have no idea what either of those things is, but TAP seems to create imaginary network devices. The program uses some nice encryption too. And using this program, you can do anything you could do with someone who was physically on your LAN.
Turns out OpenVPN is in portage, too. I wish I'd have noticed it sooner.