4 Replies Latest reply: Jan 12, 2013 8:46 PM by BobHarris
Lorenzo91 Level 1 (0 points)

Hi. This is my situation: I have a 10.8.2 machine behind an http/https proxy and a firewall so that the only open ports are 22, 80 and 443; at home there's a 10.6.8 server on which I can open every port I need. At work the connection is great (symmetric DSL 10 Mbit), while at home I've only 1 Mbit of upstream.

So, what I want to do is make the applications that don't support natively http proxy and so can't pass first through the proxy and then through the firewall, be tunneled at home. Just an example: iChat jabber won't connect at office so it would be great for me to tunnel only the packets from this app. Browsers, on the other hand, should work without being tunneled because faster.

What I already tryed is dynamic port forwarding and socks local proxy with ssh -D xxxx user@remotehost command but this don't allow me to tunnel selectively packets. I thought to a VPN, but every port I need is blocked, so, as far as I know the last possibility is VPN over SSH.

Two questions: VPN allow me to do the selective tunnel? And, could you please explain me how can I set it up?

iMac, OS X Mountain Lion (10.8.2), 3.06 GHz Intel Core 2 Duo
  • BobHarris Level 6 (17,050 points)

    Are you trying to setup a VPN between your home and work system?

    If so, then consider Hamachi (free for personal use) from LogMeIn.com.  This will establish a VPN between several systems so that they appear to all be on the same LAN.


    If you want some kind of VPN to a proxy server which then accesses the outside world, I'm not sure that is going to work so well.


    You could setup an ssh tunnel for specific ports to transship some protocols


    ssh -L from_port:ultimate.destination.system.address:destination_port transshipping.system.address


    NOTE:  The connection from your starting system to the transshipping system is encrypted as an ssh tunnel.  The connection from the transshipping system to the ultimate destination system is a generic regular TCP/IP connection (no encryption).

  • Lorenzo91 Level 1 (0 points)

    Thank you, Bob.


    In reality I'd like to bypass the proxy and the firewall and the only possible way is through port 22, ssh. Ports 80 and 443 are proxied. On which port does hamachi work? Is it proxy compatible?


    I already knew ssh -L command, the problem is that you have to manually specify every single port you need to forward. I found this http://macdevcenter.com/pub/a/mac/2002/12/20/vpn.html?page=2 but I can't understand if is possible to restrict the service only to some applications.

  • Linc Davis Level 10 (184,705 points)

    You may be able to do at least some of what you want by creating a SOCKS proxy and tunneling it through SSH to your home server. You would then direct applications to use that proxy in the Network preference pane. Some will use it, some probably won't.


    The easiest way to create the tunnel would be to use an application such as "Meerkat."


    Using Meerkat to secure wireless web browsing


    Otherwise you can do it in the shell; see the ssh(1) man page for details.

  • BobHarris Level 6 (17,050 points)

    Hamachi can work through a Proxy server.  Hamachi -> Preferences -> Settings -> Advanced -> Server Conne ction -> Use Proxy


    Or you can use port forwarding if you prefer.  The following URL tells you the ports Hamachi would use if you decide NOT to use a Proxy server.

    <http://help.logmein.com/SelfServiceKnowledgeRenderer?type=FAQ&id=kA030000000DGD6 CAO>