Breaking through the firewall with SSH

With mobile development I often find myself out-of-the-office away from the development resources I need on a daily basis. I was recently out-of-the-office (OK, I was at home sitting on my couch but close enough) and I needed to access a Windows machine at the office via Remote Desktop. The only problem was it was behind a firewall in our companies internal 192.x.x.x network. Surprisingly, accessing it from home was quite simple.

I have a MacBook so I opened up the Terminal app and entered this:

ssh -l jsambells -L 3390: cat -

Then all I had to do on my MacBook was enter localhost:3390 into Microsoft’s Remote Desktop Connection app and login to the Remote Desktop.


This is what’s know as an SSH tunnel. Basically it creates a secure connection that forwards a port on one machine to another. My above command contains several components:

  • 3390 is the local port on my MacBook that I’ll be using to connect to the Remote Desktop in the office. This could be any port above 1024 and below 32768. Doesn’t matter.
  • is the example IP address of the machine I want to access on the internal network. This IP must be accessible by the machine at
  • 3389 is the standard port number for Remote Desktop connections.
  • is a publicly accessible machine that can also connect to the internal machine.
  • cat - is a command that won’t finish so the connection stays alive.

The trick here is that I needed a machine that could connect both the the internet at large and to the internal company network (which I happen to have at The command uses an SSH tunnel to forward the traffic between localhost:3390 and any connections to on port 3389 of Connecting locally at home to localhost:3390 is the same as connecting to from

You can use similar techniques to secure any traffic, such as your email or bypass firewall restrictions.