« Using Your Treo 755p as a modem on Mac OS X with Sprint PCS is silly easy | Main | Watching and Recording HD video on Mac OS X »



Tunneling with OS X for fun, security, and more

As an internet user used to freedom there are a number of good reasons to create tunnels. A few examples:

So what does a tunnel do? A tunnel is a secure connection made between your computer and another one that is located elsewhere. Instead of having your computer make its connections directly to the websites and services you are trying to reach ALL requests are encrypted and sent through the tunnel to the other computer, THEN relayed to the service you are trying to connect to. Your remote computer will receive the responses and send them back to you in an encrypted form.

So if someone is "watching" you making ordinary connections on a wireless network they will see you connecting to AOL (and probably grab your login), then maybe browse msn.com and cnn.com, etc. If someone tries to eavesdrop on your tunnel connection the most they will see is you making connections to one machine, all of which will be garbled and unreadable. In short: they'll have no idea what you are doing.

There are applications for Mac that supposedly create tunnels but they are hopelessly devoid of any form of documentation and from what I can tell, they are largely special-use tunnels for single apps.

As it was pointed out on paulstamatiou.com, all that you need to dig a tunnel is already built into OS X.

I found his method a little unsatisfying in the way that once the tunnel is open it provides you with...silence. There is no status to let you know that your tunnel is working. In reading the man file I've modified it a bit so that you can have a window that not only allows you to create your tunnel, but also gives you a realtime "pulse" for your tunnel.

In order to create a tunnel you will want to make sure you have two things:


  1. A Mac running OS X

  2. A computer to log into that is running any flavor of Unix or Linux with a static IP address. For my example I am going to create a tunnel between my MacBook Pro laptop and my Mac Pro desktop at home

Here is the walk-through:


First, to prepare the Mac Pro go into the System Preferences -> Sharing and turn on "Remote Login"
remote-login.gif

Next, on the MacBook Pro, open up a terminal window. This will start you out in your home directory. We're going to create a script that you can launch quickly whenever you need a tunnel. Type:

pico tunnel-home

This will create a text document that we'll put our script in to create a tunnel to our computer. Add this to the file:

#!/bin/sh

ssh -D 8080 -f -C -v -N yourname@YourIPaddressOrYourDomain.com

Hit Control-o to save the file. Then click Control-x to close pico.

to run your script type this into the terminal:

sh tunnel-home

...and hit return. This will fire up your tunnel. Since you chose "verbose" mode (-v) it will return results for every command your computer sends through the tunnel. With your display colors set correctly this is the part where you confound your friends by showing them that the matrix does exist, and that you are running it on your computer.

matrix.gif

Now there is one more step left, and that is to set your MacBook Pro to USE the tunnel we've opened up. In your System Preferences -> Network under "Location" choose "Duplicate Location" and name it the same thing with "Tunnel" at the end for easy reference.

Select this new network and choose the Advanced button...
network-dup.gif

Then choose the "Proxies" tab, check the "SOCKS Proxy" box, enter in "localhost" under SOCKS proxy server and "8080" after the colon. Basically this tells your computer to funnel ALL network requests through your tunnel which is running on your machine (localhost) through port 8080 (an alternative http port).

socks.gif

Click OK, make sure your new network is selected and click "Apply". Everything on your computer should be happening through your tunnel.

To test to see if this is working you can visit http://www.whatismyipaddress.com. It should give you the IP address of your REMOTE computer instead of your local network address.

Happy surfing.

Posted by Aaron R. Deutsch on May 1, 2009 8:21 PM

Comments

Hi Aaron,
Have been trying to receive & send email with Mail OS X from behind my work's Proxy server with no success (Proxifier, Authoxy, etc.). Your tunneling how-to seems to be a possibility. What do you think?

Posted by: Michael Woerner at July 23, 2009 10:46 AM

Hey Michael, This should do the trick as it routes all traffic through port 8080 (web) which is presumed to be an open/unfiltered port. (Your remote computer will then initiate the email connections on ports 993, 995, 25, 465 and/or 587 and send the responses back to you via 8080)

Posted by: strayduck Author Profile Page at July 23, 2009 11:51 AM

Is there a simple way to determine my username and domain name?
The yourname@YourIPaddressOrYourDomain.com part is throwing me off, though it's probably simpler to figure out than I imagine.

Thanks!

Posted by: PrineSwine at August 30, 2009 8:58 PM

Hey Prine,

yourname is the login name for your home computer (or server) that you are tunneling to.

yourIPaddressOrYourDomain.com is the way to reach your home computer (or server) that you are tunneling to. Most people don't know how to set DNS for themselves so they opt for the IP address route.

ON your home computer (or server) that you are tunneling to: go to: http://whatismyipaddress.com it will give you the number to enter.

A wildly hypothetical login for you would look something like: prineswine@64.286.99.341

Posted by: strayduck Author Profile Page at April 20, 2010 7:43 PM

Post a comment




Remember Me?

(you may use HTML tags for style)