Internet Proxy and a Trusted Shell

Whilst out and about, using other people’s Internet access (companies, train stations, cafĂ©’s, and the like), you may not want your Internet surfing to be seen to the network who is hosting you. Or, you may need a shell account on a machine that you own and trust. Or, you may have specific services (bitmining and remote desktop) that you don’t want exposed on the Internet, but accessible to you remotely.

It all starts with a MacBook Pro on OS X Mountain Lion and a DSL connection.

In this case I host my own machine (a MacBook Pro) on my consumer grade DSL. My provider (Free) actually assigns static IPs, so the address of the machine I need to connect to never changes. The DSL router is configured to NAT port 22 from the public/Internet IP to the MacBook Pro.

Enable Remote Login from the Sharing menu. This enables SSH on port 22 on your MacBook.

Be sure that you have set a strong password (beyond 20 characters, no words, special characters). Bots will start trying to guess your login, so allowing only your specific username and a strong password should make it impossible to guess your credentials in a reasonable amount of time.

In your Terminal you can now use ssh to connect to your Mac:

This gives you a shell – but no web proxy or access to services yet. I also have Bitcoin-Qt, SquidMan, and Apple’s Screen Sharing and access these remotely. So use SSH Tunnels…

ssh -L 8332: -L 5901: -L 8080:

Using the “-L” switch instructs SSH to open a tunnel from a local port (8332) on the machine you are calling on, to the MacBook Pro at home, connecting to the bitcoin RPC port 8332. The same thing is done for the Squid web proxy.

Apple’s Screen Sharing access will refuse to connect to the local host on it’s port (5900), so I actually open a tunnel on 5901 (anything but 5900 really) and map this to the true Screen Sharing port on the MacBook Pro at home.