[iamd3vil]

I think a better option would be to create a Wireguard tunnel between Raspberry Pi and the remote server instead of a SSH Tunnel. Then there is no need to add or change ports and restart the tunnel for every service.

[mercora]

while i think this is true (any other vpn software would work too though) i want to point out that you actually can bring up a tun interface using ssh with the "-w local_tun[:remote_tun]" flag somewhat easily if you want to. It is also possible to make forwarding work in either direction using an integrated socks proxy using "-R" or "-D" flags ...

[anderspitman]

> you actually can bring up a tun interface using ssh

Beware of TCP over TCP issues[0] when using SSH for tun.

[0]: http://sites.inka.de/bigred/devel/tcp-tcp.html

[thespoonbends]

OP's solution sound good enough for their needs.

Solutions can always be improved, but it's not always worth doing that.

[iamd3vil]

OP has literally written in the gist about exploring a way to map entire port range and avoiding doing this, so the non hacky way of doing this is setting up something like a wireguard tunnel. That's the reason I suggested doing this instead of a tunnel which has other disadvantages like doing TCP on TCP.

[sneak]

SSH tunnels do not run TCP inside of them, just the bytes of the connection data itself.

The only TCP in use is the TCP connection of the SSH connection between hosts.

[iamd3vil]

Ohh TIL but my other point still stands.

[xorcist]

It used to be common (at least not unhead of) to run ppp over ssh, which has this problem.