Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

SSH port forwarding and Classic Classic
So, in expectation of many folks heading to MacWorld, I thought I'd post my experiences in ssh port forwarding and the Classic environment. This comes about because I still prefer Claris Emailer over Apple's Mail.app, and my employer uses FirstClass, which only exists in Classic. Since I have to fire up Classic anyway for the work system, there's no incentive to ditch Emailer yet. I really wish they'd release the source and let somebody carbonize it... ;-) Note that if you're using Apple's Mail app, or some other OS X native mail app, you'll want to do your forwarding in the OS X environment, which is documented in this MacOSXHints article. Read on for more on the Classic side of the equation...

Background: before heading to the Blackhat Briefings/Defcon last summer, I spent a lot of time preparing my system to be secure, as the destination network was obviously going to be hostile. I found that the Classic and OS X tcp stacks don't behave as expected. Specifically, if you create a port forward via the terminal in OS X, Classic can't see it. You can use it in X just fine, but that doesn't help if you're an old codger running Emailer. The following instructions assume that your SSH server and your POP/SMTP server are the same box. However, SSH is flexible, so if your POP/SMTP host(s) are not the same box as the SSH machine, but on the same network, you can still tunnel your passwords over the internet to the SSH host, which will then cleartext the passwords over your LAN. To do this, simply substitute the domain name or IP address of your POP/SMTP hosts where I specify "localhost" in the MacSSH section.

The solution is to use MacSSH in the Classic environment. You'll probably want to setup a favorite to do the login and port forwarding for you. So, under the Favorites menu, choose Edit Favorite, and fill in the blanks as needed. For port forwarding, select the SSH2 tab, and the pop-up labeled "method" will give you an option for "local tcp port forward". The ports you'll likely want to forward are 110 and 25 (pop3 and smtp). So, you'll want to put 110 in "local port", localhost in "remote host", and 110 in "remote port". Since you can only do one in the pretty GUI, you'll have to do the other as an LSH argument. This is under the Security tab, bottom box. In that box, you'll want to type the following:
  -L 25:localhost:25
So, once you select your new favorite, and get a shell prompt in your MacSSH window, you have a secure tunnel from your local Classic environment to your mail servers(or ftp or whatever else you want tunneled).

One other piece of the puzzle here is configuring Claris Emailer; if you're using another Classic app, you can ignore all this and experiment with your own app. But if you're wanting to tunnel Emailer, here's how to config it. Under "setup:accounts", you either need to create a new account or edit your existing one, depending on whether you will want to tunnel SSH all the time or just at MWSF. The tricky part is the "email account" field. Obviously, you want to redirect this to localhost, so that MacSSH can tunnel it to the server. But, in emailer, if you put in "me@127.0.0.1", it will complain that this is an invalid entry. My workaround for this was to create a dummy host-localhost.hintz.org-which resolves to 127.0.0.1, so Emailer is happy. Curiously, it doesn't care about the smtp server field, so you can simply type in 127.0.0.1 there and it will all work fine. Feel free to use localhost.hintz.org to do your redirect if you don't have the ability to create your own DNS entry for 127.0.0.1.

Lastly, to increase the security and ease of use, you can use public/private keys to make the SSH connection-this is documented by the MacSSH folks here.
    •    
  • Currently 3.40 / 5
  You rated: 3 / 5 (5 votes cast)
 
[19,515 views]  

SSH port forwarding and Classic | 2 comments | Create New Account
Click here to return to the 'SSH port forwarding and Classic' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Carbon FirstClass
Authored by: cz on Jan 02, '02 11:21:34PM

There is a beta of carbonized FC floating around. Its rather easy to find.. ;)



[ Reply to This | # ]
Re: Carbon FirstClass
Authored by: Anonymous on Jan 03, '02 02:07:08PM

OK, minor rant. I've been pestering our sales rep for an OS X version for months. Nothing is more annoying than discovering I can get it on carracho or something, when our sales rep won't pass it on. On a related note, they've got a Linux beta out there, but it doesn't work on newer versions of Mandrake, and they don't seem to be doing any active devel. on it now. Very annoying when they already have the products but don't make them available or continue to keep them current...



[ Reply to This | # ]