Use an SSH go-between to connect two firewalled Macs

Jan 30, '03 08:47:33AM

Contributed by: Anonymous

I had a problem at work that I solved through trial and error. The problem was that I regularly have to Timbuktu into a remote user's machine from behind my company's firewall to give that user support. The remote machine is shielded behind both an Airport using NAT, and the firewall of the parent company. To complicate things, I do not have the administrator's help on the remote end (ie I can't reconfigure either Airport or remote firewall).

The solution involved using an exposed third computer with an ssh server as a go-between. We have a linux FTP server on our DMZ. For this to work, the remote user must have a login to the go-between ssh server.

On the remote end, open Terminal and enter the following command:

 % ssh -C goBetweenIP_Address -R 10407:localhost:407 -l username
On the local end, open Terminal and enter:
 % ssh -C goBetweenIP_Address -L 10407:localhost:10407 -l username
On Timbuktu, connect to localhost:10407.

The '-C' command enables compression, which speeds up the connection. The '-R' command on the remote end forwards port 407 from the remote machine to port 10407 on the go-between. 407 is the Timbuktu port, but any service can be forwarded like this if you know the proper port number. The '-L' command on the local end tells the go-between to forward its traffic on port 10407 to your local machines's port 10407. Finally, you tell Timbuktu to connect to the port on your machine that is being forwared the traffic. Use '-l username' if the username at your command prompt is not the same as the name of the account on the go-between server.

Both ends use an ssh tunnel to the go-between server, which acts as a switchboard operator, forwarding ports from one session to the other. The network ugliness on both ends is circumvented.

If anyone has a better suggestion on how to do this, I'd love to hear it...

Comments (12)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20030130054733106