Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'SSH Tunnel Manager' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
SSH Tunnel Manager
Authored by: jctull on Feb 25, '05 02:28:11PM
SSH Tunnel Manager v 2.0, a small application that handles ssh tunnels, may be of use for you. I recently created a tunnel to provide afp access to my office server that sits behind a firewall. This machine has a large external fw drive with all of my iTunes music, and I wanted to be able to use that on my wifi network at home. Because afp is blocked outside of the lan, I set this up as my solution.

My settings are:

Login: 'remote user name'
Host: my.ip.net
Port: empty

Local redirections
  • Port: 10548
  • LAN Host: localhost
  • Port: 548

  • Remote redirection
  • empty

    Options... Auto connect, Handle authentication, allow LAN connection, Crypt method: 3des

    Now all I have to do is start SSH Tunnel Manager, and I am prompted with my password for the remote machine. I then connect to server localhost:10548 from the finder, and my remote afp volumes show up. This has been working great for me.

    The command line equivalent of all this is, which is listed in the options panel:
    
    ssh -N -p 22 -g -c 3des 'remote user name'@my.ip.net -L 10548/localhost/548



    [ Reply to This | # ]
  • SSH Tunnel Manager
    Authored by: ekc on Feb 25, '05 04:49:24PM
    There is one more step you can take here that's really pretty cool.

    First add the -g option to your tunnel, which allows anyone on your local LAN to access the remote computer via yours. Then download Network Beacon and create a new beacon. Enter the name of the remote file server for "Service Name", choose "AppleShare Server (AFP)" from the menu for "Service Type", and the local port number you're using for the tunnel (in your example, 10548) for the "Port number".

    When you enable the beacon, the remote server shows up all over the local LAN as if it was a local machine (through the magic of Rendezvous/Bonjour/whatever-it's-called-now) and you can just connect to it the normal way. No more entering afp://localhost:10548 in the connection dialog.

    The only problem is that in my experience, -g doesn't seem to work with the -R option for reverse tunnels. I haven't had to use -R much, but in the few cases I have, I managed to kludge something together using two tunnels. Once you have the reverse tunnel going, you open another one on the local machine along the lines "ssh -gL51548:127.0.0.1:50548 127.0.0.1". Then you use 51548 instead of 50548 for the beacon. Ugly, but it seems to work. If anyone knows a better way, let me know.

    [ Reply to This | # ]

    SSH Tunnel Manager
    Authored by: merlyn on Feb 25, '05 06:11:56PM
    The remote sshd must have
    GatewayPorts yes
    in their sshd config to permit off-box connection to a -R tunnel. Since this is a potential security hole, it's generally turned off.

    [ Reply to This | # ]