[HOWTO] - SSH Tunneling for Mac Users

It won't be on the WAN though - there's still only one WAN IP address to go around, so A will use NAT to let B onto the net.

Assuming you can't just switch which iMac is connected directly to the net, or get a little hardware router (that would likely be the easiest; and they're pretty cheap these days), you might be able to do something with netcat to forward the UDP part. It would probably take more cleverness than I can muster right now though, after a big supper and a big beer...
 
Kinniken said:
ssh 127.0.0.1 -c blowfish -X -L 23978:10.0.1.2:23978
Click to expand...

Kinniken, Ok...so just what exactly are you doing there and why? I am assuming that 127.0.0.1 is the local machine you are on?
 
scruffy said:
It won't be on the WAN though - there's still only one WAN IP address to go around, so A will use NAT to let B onto the net.
Click to expand...

Exactly, that's what I'm doing now.

scruffy said:
Assuming you can't just switch which iMac is connected directly to the net, or get a little hardware router (that would likely be the easiest; and they're pretty cheap these days)
Click to expand...

Sorry, but I can't do that. It's not possible to switch them, and the connection must remain via AirPort. A base station is too expensive to justify the cost.

scruffy said:
you might be able to do something with netcat to forward the UDP part. It would probably take more cleverness than I can muster right now though, after a big supper and a big beer...
Click to expand...

I'll look into it.
 
bossa nova said:
Kinniken, Ok...so just what exactly are you doing there and why? I am assuming that 127.0.0.1 is the local machine you are on?
Click to expand...

Well, since I'm typing this inside an ssh session on iMac A, I assume 127.0.0.1 must be iMac A.I'm probably going to show that I am misunderstanding ssh tunnels completely, but what I was hoping this command would do is forward any connection on iMac A on port 23978 to the same port on iMac B. That way, if B hosts a game and someone from outside tries to connect using A's WAN IP, the connection will be forwarded to the same port on iMac B.
 
You don't have to get an Airport Base Station, BTW. There are some nice cheap 3rd party 802.11x things out there.
 
Well, I would rather avoid buying new hardware at all, especially since I am pretty certain I can do that without it. BrickHouse supports TCP & UDP port forwarding, so I guess I can do it via command line as well (using BH is not an option since that would require me being physically present for the install and I am in an other country currently).
 
Greetings all,

I have a developer who wants to connect to 2 Mac servers on my network to move some files, does some configurations, etc. He is using OSX, and I'm wondering how he might do that, without my having to open ports on different firewalls. Is there a couple of commands he can use to open MacA and then MacB?

Based on the example given at the beginning of the thread, his commands might look something like:

#ssh ssh.mynetwork.com -c timbukto 100.200.111.111

and

#ssh ssh.mynetwork.com -c timbukto 100.200.111.222

Believe it or not, I could do this with PuTTy and VNC if it were Windoze, but I'm still far to new to OSX to do it myself, much less advise on it. As such, any help with this would be greatly appreciated!

Sicncerely,
Herc
 
Er - what is he trying to do exactly? He wants to connect two Macs on the same network? Then why would you have to do anything at your firewall?

Never mind the "-c blowfish" stuff - that's about selecting a cipher.
 
Hi Scruffy,

Well, he's on the other side of the country, so he needs to get into our network, past a few firewalls. However, because he is migrating an app from an old server to a new one, he wants access to both so he can bring one up while taking the other one down. I tried to convince him to do it in one session but he simply can't/won't.

So, if I understand what you are saying, the commands I need to have him issue on his Mac/Timbukto viewer are:

#ssh ssh.mynetwork.com timbukto 100.200.111.111

and

#ssh ssh.mynetwork.com timbukto 100.200.111.222

Thanks alot!
Herc
 
No, you're not there yet.

Let me get this straight - correct whatever I get wrong please

- the two computers are in one network, but your user is outside of this network.
- "ssh.mynetwork.com" is an externally reachable ssh server that the user can reach through the firewall, and that can in turn reach the computers you're interested in.
- "100.200.111.111" and "100.200.111.222" are the internal, non-routable, IP addresses of the two computers he needs to reach
- "timbukto" is - what exactly are you trying to do when you stick that into the command line?

You will need to know
(1)what port does timbukto listen on (and does it use only one port, and does it use TCP only)? Let's say for now it uses only TCP port 3434.
(2)is it possible in the timbukto client to specify an alternate port to connect to? Let's say for now it's done the same as with standard URL specifications.

Then you could have your user go

ssh ssh.mynetwork.com -L 5555:100.200.111.111:3434

and then connect timbukto to

timbukto://127.0.0.1:5555

which will forward to 100.200.111.111 on port 3434

And then run

ssh ssh.mynetwork.com -L 6666:100.200.111.222:3434

and then connect timbukto to

timbukto://127.0.0.1:6666

which will forward to 100.200.111.222 on port 3434
 
You must log in or register to reply here.
Back
Top