how to ssh two computers behind NAT and Firewall, without third computer
pwnat is an open-source tool that supposedly addresses this problem. It says :
pwnat is a tool that allows any number of clients behind NATs to communicate with a server behind a separate NAT with no port forwarding and no DMZ setup on any routers in order to directly communicate with each other. The server does not need to know anything about the clients trying to connect.
There is no middle man, no proxy, no 3rd party, no UPnP/STUN/ICE required, no spoofing, and no DNS tricks.
More importantly, the client can then connect to any host or port on any remote host or to a fixed host and port decided by the server.
pwnat establishes this kind of connection :
Machine A (IP: 192.168.1.3) -> NAT A (IP: 122.x.x.x) -> Internet -> NAT B (IP: 59.x.x.x) -> Machine B (192.168.2.10)
pwnat is distributed only for Linux, but the article PWNAT: Windows Complied Version contains the Windows version. See also, by the same author PWNAT : Example.
The method used by pwnat is unbelievably clever, but there is no guarantee that it will work with your environment.
I personally think that tunnelling is your best option, even though you don't already own a third server.
Amazon EC2 offers a Free Tier pricing option allowing new customers to run a micro instance of Linux/Windows for up to 750 hours / month, free, for one year. I haven't used the service myself but assume that if you only run the virtual server when needed, you get an SSH tunnel up and running for free. You might even find the service cheap enough to warrant paying for?
Hak5 produced a good introduction to tunnelling (with persistence). You could also setup a CRON triggered script to attempt connections to the virtual server so that you have access to the laptop within minutes of starting the EC2 instance...
The best option would be set up port forwarding if you can, but if your campus does the firewalling and you can not do any port forwarding yourself then use this suggestion.
Yes, there is a free 3rd server, and you are already using it, TeamViewer. Make sure you have TeamViewer installed as a service (or whatever the equivalent is for Linux, I only use the windows version). Then install the VPN driver at work and at home. You will then be able to connect using a VPN from work and your home machine will have a 7.x.x.x ip address. Then if you want to get in to a terminal session run SSH over the VPN link.
The install VPN option is under advanced settings.
That will add a "VPN" option for the types of connections you can do.
