Local port forwarding on a mac

I need to have the mac take traffic coming into it on one port send the traffic to a different but still local port.

I.e. Traffic comes in on port 1234 and transfers to port 5900 (vnc)

This is because the router wont allow me to set up portforward where the origin and destination ports differ and I need to connect to multiple machines.

So for example in my router I have set up: port 1234 -> 192.168.0.2:1234 port 1235 -> 192.168.0.3:1235 port 1236 -> 192.168.0.4:1236

Then I need the mac to take incoming port and send it to local port 5900

Dave

Posted 2010-11-30T14:53:37.153

Reputation: 51

As an aside: some VNC implementations support repeaters/proxies. Like UltraVNC Repeater. This might help one to forward just the default port to a single computer, which can then forward requests to other computers. However: that would require you to have one Mac running at all times. Also, I don't know if the built-in Screen Sharing server supports this feature.

– Arjan – 2010-11-30T15:31:37.350

1VNC supports ports less than 5900. Set the display to -4666 (5900 - 1234). VNC will then listen on port 1234. – BillThor – 2010-11-30T16:17:06.630

@BillThor, that might be hard on a Mac: How to change the default screen sharing / VNC port number on Mac OS X?

– Arjan – 2010-11-30T16:24:08.063

Or: use SSH to connect to the Macs? (The VNC protocol is not secure, though OS X adds an option to encrypt the data. I don't know what it does, but using SSH you can also use a Windows VNC client to connect securely.) So, on the client computer: ssh -L 1234:localhost:5900 -p 22 your-remote-mac and connect your VCN client to localhost:1234. However, using your router, this needs a unique sshd port for each Mac. See How to change sshd port on Mac OS X?

– Arjan – 2010-12-01T10:51:32.337

Anyone who knows how to configure the IP Firewall? I thought sudo ipfw add fwd 127.0.0.1,1234 tcp from any to me dst-port 5900 might do the trick, but: no cigar. Maybe in 10.6 one needs to actually enable ipfw manually? (The built-in Application Firewall in System Preferences is a different thing altogether.)

– Arjan – 2010-12-01T10:57:21.893

Yes, ipfw port forwarding seems broken in Mac 10.7 (and maybe earlier versions) – Claudio Floreani – 2012-04-16T22:47:19.343

Answers

I doubt a local SSH tunnel is the easiest solution, but to forward 1234 to 5900:

ssh -g -L 1234:localhost:5900 localhost

The -g is needed to allow remote hosts to connect to the local port 1234.

To run this in the background:

ssh -Nfg -L 1234:localhost:5900 localhost

You can include the options in your SSH config file, like LocalForward 1234 localhost:5900.

_{To test this when Screen Sharing is not running, run the built-in Python web server: python -m SimpleHTTPServer 5900, and then point a browser to http://localhost:1234}

Arjan

Posted 2010-11-30T14:53:37.153

Reputation: 29 084

This article on Port Forwarding on Mac OS X seems to have the answer.

Here is the example they provide at the end:

The following example forwards any inbound 443 traffic to PRO Server running on local host (127.0.0.1) port 4282.
sudo ipfw add 1443 forward 127.0.0.1,4282 ip from any to any 443 in

Roozbeh

Posted 2010-11-30T14:53:37.153

Reputation: 21

Also, check that both "sysctl -n net.inet.ip.fw.enable" and "sysctl -n net.inet.ip.forwarding" are enabled (set to 1). This should be the way to do it, however it seems broken in Mac OS 10.7 – Claudio Floreani – 2012-04-16T22:46:00.483