Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Gain remote access to Macs behind AirPort Base Stations Network
I wound up making this process harder than it actually is, so this hint is to help y'all from making the same mistakes I made. Here's the deal ... you're not at home, but need info on your Mac that is subnetted to an AirPort Base Station that has a (static) IP address.

What you'll need to know: The usual IP address the Base Station assigns to your machine (ie 10.0.1.2), which is easily found in the network system prefs. Using the AirPort Admin Utility, log into your Base Station and "Show All Settings." Click on the "Port Mapping" tab, then click "Add."

For Public and Private port, put 22 (the standard SSH port number), and for "Private Address," put in the usual IP address (ie 10.0.1.2) assigned to your machine. Click on "Update" in the lower right corner, and wait while your Base Station reboots.

Once it does (I had problems doing this remotely from a friend's Mac, so you might want to do this at home), you'll be able to log into your subnetted machine by doing the following:
  ssh username@basestation_ip_address
Once you give your password, you're in! Using the -p command line option of ssh, and modifying the port mapping in the AirPort Admin Utility, you should be able to get access to all your wireless machines. Hope this is helpful!

[robg adds: I haven't tested this myself, though I should as it could be quite useful at times.]
    •    
  • Currently 1.67 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (3 votes cast)
 
[16,715 views]  

Gain remote access to Macs behind AirPort Base Stations | 22 comments | Create New Account
Click here to return to the 'Gain remote access to Macs behind AirPort Base Stations' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Gain remote access to Macs behind AirPort Base Stations
Authored by: Auricchio on May 20, '03 10:35:12AM

Port mapping is a common router function; most routers will do this for you.

Ports 427 and 548, if mapped, will allow Appleshare access.

A useful port list can be found under System Preferences>Sharing>Firewall.

---
EMOJO: mojo no longer workin'



[ Reply to This | # ]
Gain remote access to Macs behind AirPort Base Stations
Authored by: diamondsw on May 20, '03 10:54:59AM

Well, yes, that's how you use port mapping on any router. What makes this more interesting is that you can use dynamic DNS instead of a static IP, and then you can tunnel through SSH to any number of services on your LAN. Right now I have SSH open to my home computer (which has a dynamic IP and a wireless router between the cable modem and computer), and I have a VNC session tunneled through it. Voila, instant secure and free "terminal server".



[ Reply to This | # ]
more please!
Authored by: SOX on May 20, '03 11:45:28AM

Hey would you please elaborate this in to a full hint.

how exactly do tunnel from the outside in to a dynamically assinged IP when using an airport base station?



[ Reply to This | # ]
more please!
Authored by: chko on May 20, '03 03:03:59PM
For info on dynamic IP naming see this hint.
To ssh into your computer (assuming that you've punched a hole in your Airport firewall as this hint describes) and use VNC you can type the following:

ssh -C -L 5901:localhost:5900 username@hostname

-C (optional) enables SSH compression and can allow better throughput

-L local port forwarding. In this case if you try to access localhost on port 5901, it will be forwarded to port 5900 on the remote computer.

Once you have logged into your computer (and assuming you have a VNC server started. See this hint.) just run a VNC viewer and connect to "localhost:5901"

You can also see the VNC page for doing this here.

[ Reply to This | # ]
more please!
Authored by: rbenezra on May 21, '03 05:11:09PM

I'm trying to run all of my apps through the SSH tunnel port 22. I can run most apps through the tunnel (like TB2, filesharing, etc) and then connecting to localhost but the tunnel doesn't seem to pass UDP 3283 for ARD. Any suggestions?



[ Reply to This | # ]
more please!
Authored by: legacyb4 on May 23, '03 02:43:33AM

SSH only handles TCP traffic, not UDP.



[ Reply to This | # ]
Gain remote access to Macs behind AirPort Base Stations
Authored by: Sway2000 on May 20, '03 11:29:46AM
I actually tried to get this working this morning without much success. I enabled Remote Login or whatever it's called and verified this by ssh-ing to myself. That much is set up correctly. I got my WAN IP with...well...MyIP. (As a side note, why wasn't I able to do a traceroute out to yahoo.com or something to figure this out? Traceroutes just came back blank.) So I had to trust MyIP. I was able to ping the IP. So far so good. I set up the port mapping exactly as was mentioned in this hint. However, I'm still unable to connect. I can't telnet over port 22. I can't SSH. That WAN IP just doesn't appear to be accepting any incoming connections of any sort. Any suggestions as to what else I can try?

Thanks,

Sway

[ Reply to This | # ]

Gain remote access to Macs behind AirPort Base Stations
Authored by: mtm on May 20, '03 01:43:38PM

Make sure that you don't have the "Bridge Airport to Ethernet" option checked. I know that seems counterintuitive, but it worked for me.



[ Reply to This | # ]
Gain remote access to Macs behind AirPort Base Stations
Authored by: Brock Lee on May 20, '03 08:43:01PM
One way to get your IP address if it's set dynamically by your ISP is to visit:

http://ipid.shat.net:80/iponly/

B.L.

[ Reply to This | # ]
Gain remote access to Macs behind AirPort Base Stations
Authored by: chko on May 21, '03 02:10:30AM

You won't be able to access you machine (which is behind the Airport firewall) by using your external IP address, from behind your firewall.

In other words using your external IP address to access your own computer won't work. You will need a computer outside of your firewall to test if you have the port mapping correct.

If you have a snow Airport base station (with two ethernet ports) you can connect one computer to the WAN port to act as a computer outside your network. You'll just have to maunally set the IP addresses on the Basestation and the external computer.



[ Reply to This | # ]
Gain remote access to Macs behind AirPort Base Stations
Authored by: rbenezra on May 20, '03 12:55:14PM

Yes this works as advertised but you might want to set the wireless clients to have static ip's in the 10.0.1.100-200 range so you know which macine you're mapping to at all times...DHCP might switch the addresses from time to time depending on how the macs are used....



[ Reply to This | # ]
Gain remote access to Macs behind AirPort Base Stations
Authored by: mayodreams on May 20, '03 01:19:37PM

Static IP's on an Apple base station must be above 201 in order to establish port fowarding. Besides being easier to map ports, static ip's also increase security because the base station just doesn't give anyone an IP to anyone who has DHCP enabled.



[ Reply to This | # ]
Gain remote access to Macs behind AirPort Base Stations
Authored by: rbenezra on May 20, '03 09:41:08PM

I'm mapping fine to 10.0.1.101 on an Airport Extreme so going above 200 doesn't seem necessary as far as I can tell.



[ Reply to This | # ]
Gain remote access to Macs behind AirPort Base Stations
Authored by: mayodreams on May 21, '03 12:05:06AM

At least on the old Graphite ones this was required.



[ Reply to This | # ]
Gain remote access to Macs behind AirPort Base Stations
Authored by: diamondsw on May 21, '03 05:12:52PM

I used .111 on the old graphite one. I believe this had to do with whether or not you had DHCP running.



[ Reply to This | # ]
Gain remote access to Macs behind Net-Sharing Computer
Authored by: benmcgruer on May 20, '03 05:32:04PM

Is there anyway to achieve a similar effect on a standard OS X box, running internet sharing? ie. One computer is connected to the internet, with net sharing enabled- is it possible to connect to something on the local network through it?



[ Reply to This | # ]
Gain remote access to Macs behind AirPort Base Stations
Authored by: clamstrip on May 20, '03 06:30:07PM

using ssh you have command line access as if you were running Terminal. but if you REALLY want "remote access"
install osxvnc on the remote system and use one of the vnc clients to access it. i happen to use "chicken of the vnc."
the cool part is using an ssh connection to tunnel the vnc
port, no need to map an additional port, plus your traffic
will be encrypted!

here's the ssh command i use to connect
ssh -A -C -x -L 5901:localhost:5900 myuid@my.airport.base.ip
login as usual, then if need be you can start osxvnc from the
command line
open /Applications/VNC/OSXvnc.app
switch back to your local vnc client, enter its password and boom, remote desktop appears on your local desktop.



[ Reply to This | # ]
Gain remote access to Macs behind AirPort Base Stations
Authored by: suranyami on May 21, '03 04:57:50AM

This is good advice, but what I'd really like to know is how to get Apple Remote Desktop working through Port Mapping.

I've got port 3283 mapping from the base station to a server with a static IP (10.0.1.60), which is the port recommended by this Apple technote:

http://docs.info.apple.com/article.html?artnum=106439

I've confirmed that remote desktop is working locally by trying it from another machine on the 10.0.1.x network, but when I try to access the machine from outside the basestation, I get a failure to connect. Any ideas?



[ Reply to This | # ]
Gain remote access to Macs behind AirPort Base Stations
Authored by: rbenezra on May 21, '03 05:04:34PM

I've had this working for awhile so I might be able to help. Are you entering the ip address of the basestation (with an ARD admin username and password) when you try to add the computer behind the Airport's firewall?



[ Reply to This | # ]
Gain remote access to Macs behind AirPort Base Stations
Authored by: suranyami on May 22, '03 04:15:07AM

Yes, I am. Why, what should I be adding.

I should also point out that I'm trying to do this on OSX Server (10.2.5). I've managed to get it working before on just plain vanilla OSX, and it worked fine.

As an afterthought last night I tried turning on the OSX Server firewall settings and allowing all ports through. Doesn't seem to have helped.



[ Reply to This | # ]
Gain remote access to Macs behind AirPort Base Stations
Authored by: jreades on May 21, '03 08:19:51PM

Another good use of port mapping is to put common services on non-standard ports in order to defeat the script kiddies. By putting a service such as ssh on a high unused port (say, over 5000) you make it less likely that you'll get hit by the next automated SSH exploit before you have time to update.

It will also work for telnet, but you wouldn't be running that, would you?



[ Reply to This | # ]
Gain remote access to Macs behind AirPort Base Stations
Authored by: wbuelo on May 28, '03 05:18:36PM

To use ssh username@basestation_ip_address

where can i find the basestation_ip_address ?



[ Reply to This | # ]