As an internet user used to freedom there are a number of good reasons to create tunnels. A few examples:
- You are on a public or unprotected wireless network and you don’t want people spying on you (or worse, potentially grabbing personal information if you are checking email, buying things online, or logging into any website)
- You are on a network with a paranoid or unfair firewall that restricts your internet access
- You are on the network run by a pesky system admin that snoops on his lusers
So what does a tunnel do? A tunnel is a secure connection made between your computer and another one that is located elsewhere. Instead of having your computer make its connections directly to the websites and services you are trying to reach ALL requests are encrypted and sent through the tunnel to the other computer, THEN relayed to the service you are trying to connect to. Your remote computer will receive the responses and send them back to you in an encrypted form.
So if someone is “watching” you making ordinary connections on a wireless network they will see you connecting to AOL (and probably grab your login), then maybe browse msn.com and cnn.com, etc. If someone tries to eavesdrop on your tunnel connection the most they will see is you making connections to one machine, all of which will be garbled and unreadable. In short: they’ll have no idea what you are doing.
There are applications for Mac that supposedly create tunnels but they are hopelessly devoid of any form of documentation and from what I can tell, they are largely special-use tunnels for single apps.
As it was pointed out on paulstamatiou.com, all that you need to dig a tunnel is already built into OS X.
I found his method a little unsatisfying in the way that once the tunnel is open it provides you with…silence. There is no status to let you know that your tunnel is working. In reading the man file I’ve modified it a bit so that you can have a window that not only allows you to create your tunnel, but also gives you a realtime “pulse” for your tunnel.
In order to create a tunnel you will want to make sure you have two things:
- A Mac running OS X
- A computer to log into that is running any flavor of Unix or Linux with a static IP address. For my example I am going to create a tunnel between my MacBook Pro laptop and my Mac Pro desktop at home
Here is the walk-through:
First, to prepare the Mac Pro, go into the System Preferences -> Sharing and turn on “Remote Login”
Next, on the MacBook Pro, open up a terminal window. This will start you out in your home directory. We’re going to create a script that you can launch quickly whenever you need a tunnel. Type:
This will create a text document that we’ll put our script in to create a tunnel to our computer. Add this to the file:
#!/bin/sh ssh -D 8080 -f -C -v -N yourname@YourIPaddressOrYourDomain.com Hit Control-o to save the file. Then click Control-x to close pico.
to run your script type this into the terminal:
…and hit return. This will fire up your tunnel. Since you chose “verbose” mode (-v) it will return results for every command your computer sends through the tunnel. With your display colors set correctly this is the part where you confound your friends by showing them that the matrix does exist and that you are running it on your computer.
Now there is one more step left, and that is to set your MacBook Pro to USE the tunnel we’ve opened up. In your System Preferences -> Network under “Location” choose “Duplicate Location” and name it the same thing with “Tunnel” at the end for easy reference.
Select this new network and choose the Advanced button…
Then choose the “Proxies” tab, check the “SOCKS Proxy” box, enter in “localhost” under SOCKS proxy server and “8080” after the colon. Basically this tells your computer to funnel ALL network requests through your tunnel which is running on your machine (localhost) through port 8080 (an alternative http port).
Click OK, make sure your new network is selected and click “Apply”. Everything on your computer should be happening through your tunnel.
To test to see if this is working you can visit http://www.whatismyipaddress.com. It should give you the IP address of your REMOTE computer instead of your local network address.