AFP WAN access?

H

hugheba

Registered
In AppleShare IP you used to be able to make shares accessable over the internet. You go to choser type the IP address in and you could mount the share.

I know OSX Server probably has that service but does OSX "client" version?

I want to make a share accessable over the internet?
How are passwords sent? Clear text? What kind of security risk is there? What ports do I need to open?

How would you go about doing that?

Any suggestions.
 
X has basic what 9 had at its prime. AppleShare points are by default IP based in OS X, and thusly internet accessible. They run on port 548, which will concorn you if you have a firewall. Passwords are encrypted, but data is not so much encrypted, so it's better than ftp which sends your password in the clear, but it's not secure in the sense that it encrypts your traffic.

This isn't just server, share anything, access anything via OS X and IP is the prpferred (and often only) way of connecting. There's tons of documentation around, look for it.
 
You could get encrypted (and compressed if you want) data transport by ssh port forwarding port 548.
 
Are you saying there's a reasonable and transparent way to run any port through ssh? That seems a bit oversimplified. I certainly think it'd be the way to go, and Apple should offer such as a truly secure connection, but it's not at all transparent last time I checked.

sftp has to do a couple of setup things before ftp is allowed to use the connection. Am I unaware of something?
 
I guess that depends on what you consider reasonable and transparent. It isn't particularly complicated from a unix perspective. It only takes one command and you can set it up permanently in your configuration files.

FTP is a particularly difficult protocol to tunnel because the server creates a second socket on an arbitrary port. You can only forward passive mode FTP. AFAIK, AFP does not do anything like this. There may be other problems; I haven't tried it with AFP. It works nicely for VNC, even speeding it up a bit if you turn compression on.


http://www.ssh.com/products/ssh/administrator30/Port_Forwarding.html
http://www.acl.lanl.gov/users/technotes/ssh_portforwarding.html

For Classic users, MacSSH does forwarding as well.

http://www.macssh.com/FAQ.html
 
Thanks. It does indeed seem possible, although it's not something I'd plan on doing if convenience is as important as security (education) as it would make explaining things to misguided users WAY more difficult, but it seems totally doable. Thanks.

I'm sure this is going waaaay beyond what hugheba originally wanted. :)
 
Yes this is all good!!! Especially running protocals over a secure protocal (i.e. VNC)

Any how-to's would be greatly appreciated.
 
Well, the links above should give you a pretty good idea how to do it on an ad hoc basis under OS X and MacOS.

This link is a tutorial specific to VNC, although it is really the same info as the links above.

http://www.uk.research.att.com/vnc/sshwin.html

This one talks a little about tunelling PPP inside ssh for a cheap, easy and very cross platform VPN.

http://csociety.ecn.purdue.edu/~sigos/projects/ssh/forwarding/

I usually use SSH not Openssh, so I am not certain of the configuration file differences, but in SSH's /etc/ssh2/ssh2_config you would set up permanent forwards like so:

## Tunnels that are set up upon logging in

# LocalForward "110:pop3.ssh.com:110"
# RemoteForward "3000:foobar:22"


While you are in there, turn off ssh1 compatibility. It is a security hole.
 
You must log in or register to reply here.
Back
Top