I sometimes have an OS-X machine behind NAT that I want to get back to when I’m on the internet.
One way to achieve this is to set up an ssh tunnel on a machine with a known IP.
I put this file in “/Library/LaunchDaemons/com.example.ssh-tunnel.plist”:
<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple Computer//DTD PLIST 1.0//EN”
“http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<dict>
<key>Disabled</key>
<false/>
<key>Label</key>
<string>com.example.ssh-tunnel</string>
<key>ProgramArguments</key>
<array>
<string>/usr/bin/ssh</string>
<string>-R19922:localhost:22</string>
<string>-Nn</string>
<string>remote_user@tunnelhost.example.com</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<dict>
<key>NetworkState</key>
<true/>
</dict>
<key>UserName</key>
<string>root</string>
</dict>
</plist>
In this example, tunnelhost.example.com is the globally known server, and remote_user is set up with ssh keys to allow passwordless access.
Now if I ssh to tunnelhost.example.com and then ssh to localhost:9922, I get back to the NATed machine.
Filed under: Uncategorized
