Breaking through the firewall with SSH

With mobile development I often find myself out-of-the-office away from the development resources I need on a daily basis. I was recently out-of-the-office (OK, I was at home sitting on my couch but close enough) and I needed to access a Windows machine at the office via Remote Desktop. The only problem was it was behind a firewall in our companies internal 192.x.x.x network. Surprisingly, accessing it from home was quite simple.

I have a MacBook so I opened up the Terminal app and entered this:

ssh -l jsambells -L 3390:192.168.1.100:3389 example.dev.box cat -

Then all I had to do on my MacBook was enter localhost:3390 into Microsoft’s Remote Desktop Connection app and login to the Remote Desktop.

Huh?

This is what’s know as an SSH tunnel. Basically it creates a secure connection that forwards a port on one machine to another. My above command contains several components:

  • 3390 is the local port on my MacBook that I’ll be using to connect to the Remote Desktop in the office. This could be any port above 1024 and below 32768. Doesn’t matter.
  • 192.168.1.100 is the example IP address of the machine I want to access on the internal network. This IP must be accessible by the machine at example.dev.box.
  • 3389 is the standard port number for Remote Desktop connections.
  • example.dev.box is a publicly accessible machine that can also connect to the internal machine.
  • cat - is a command that won’t finish so the connection stays alive.

The trick here is that I needed a machine that could connect both the the internet at large and to the internal company network (which I happen to have at example.dev.box). The command uses an SSH tunnel to forward the traffic between localhost:3390 and any connections to 192.168.1.100 on port 3389 of example.dev.box. Connecting locally at home to localhost:3390 is the same as connecting to 192.168.1.100:3389 from example.dev.box.

You can use similar techniques to secure any traffic, such as your email or bypass firewall restrictions.