[ddregs]

Hi all,
my question is easier than it may seem.
My main company put navigation through a proxy whose filters are way strict. There is no way to force them to add sites back to the navigation. Sites like groups.google.com (I use them daily seeking help to develop my apps) are no more browsable.
So far, I was thinking of using my Mac at home, with its always-on DSL line, registering it through dyndns or something like that and remote-controlling it from work to use my Safari.
Is there anyone who can suggest me something to try, some sw or any other solution to this?
Tks a lot in advance

[besson3c]

VNC will work (you can enable VNC by going to your Sharing pane -> Apple Remote Desktop, check this, and set Access Privileges -> set "VNC users may control..."

Then, you should be able to access your machine over display 0. If your home machine is behind a router, you will have to set your router to forward requests on port 5900 to your Mac.

[ddregs]

Well, I already tried it this way. Tks for suggesting it
The problem is :
- at work only navigation ports are open (proxy server + firewall), therefore I cannot reach my IP address using a vnc client (it's not working on port 80).
- I tried changing port to my VNC server at home using 80. Then I retried connecting from work with vnc client but no way.

[Simon]

Can you open an ssh session (requires open port 22) from your work box to your home machine?

If so, tunneling would help you do what you want.

[ddregs]

I'll have to try it. Never thought about ssh, never used it.
What should I do after verifying if it works? Does it allow to use a remote application on it?
Sorry about my ignorance on the subject.
Thanks

[Simon]

If you can open up ssh connections, you can tunnel all kinds of traffic through port 22 to your home machine.

As an example let's take VNC. Set up a local forward so you can tunnel VNC traffic to your home machine over port 22. All you have to do is add the following lines to the ~/.ssh/config file (if the file doesn't exist you'll have to create it):

Code:
Host tunnel
User userName
Hostname homeMac.dyndns.org
LocalForward 5901 homeMac.dyndns.org:5900

where userName is your account on your home Mac. You'll need an address that points to your home Mac. This could be also an IP, but since most ISPs change your IP every so often, you'll likely want to use some kind of dynamic DNS service. In this example I assumed you use dydns.org and called your Mac at home homeMac. Hence the address to your home Mac would then be homeMac.dyndns.org. Of course if you have a static IP enter that in the forward address line. 5900 is the port VNC uses so that's the port we'll be forwarding to. I used 5901 as a port to forward from, but in principle you can use anything you like (of course it shouldn't already be taken by another service) as long as also use that port later on in VNC.

Once you have saved the changes to your ssh config file open a shell and type

Code:
ssh tunnel

and enter your password. Leave that shell window open.

Then, in VNC open up a connection to localhost:5901. You will then actually see the same thing as if you had been able to connect to homeMac.dyndns.org directly. Of course the machine you tunnel to and the destination machine don't have to be the same.*** You could for example tunnel to homeMac.dyndns.org but then set up a forward to homeMacNo2.dyndns.org if you want VNC to connect to that machine. The important thing is that the tunnel machine can 'see' the machine the forward points to and 'talk' to it on the designated port.

When you're done using VNC exit the ssh session to close the tunnel. That's it.

***) In principle you could achieve this without editing the ssh config file if you open up a tunnel with

Code:
ssh -NT -L5901:homeMac.dyndns.org:5900

but the advantage of using the local forward rather than a simple tunnel is that for the local forward the machine you tunnel to and the destination machine don't have to be the same. The regular ssh tunnel always forwards to the machine at the other end. The local forward can also 'bridge' - that is the machine at the other end can connect you to any machine it 'sees' and by that for example forward your connection to a machine on its LAN that you otherwise wouldn't see because it's hidden behind a router.

[besson3c]

Originally Posted by ddregs 

Well, I already tried it this way. Tks for suggesting it
The problem is :
- at work only navigation ports are open (proxy server + firewall), therefore I cannot reach my IP address using a vnc client (it's not working on port 80).
- I tried changing port to my VNC server at home using 80. Then I retried connecting from work with vnc client but no way.

If the SSH tunneling doesn't work, are you sure you setup your port forwarding on your router on port 80, and are you sure that you have setup your VNC server to listen on port 80? What happens when you do a:

telnet homenetwork 80?

(where "homenetwork" is the IP or dyndns hostname of your home network?"

[rjt1000]

Originally Posted by ddregs 

Hi all,
my question is easier than it may seem.
My main company put navigation through a proxy whose filters are way strict. There is no way to force them to add sites back to the navigation. Sites like groups.google.com (I use them daily seeking help to develop my apps) are no more browsable.
So far, I was thinking of using my Mac at home, with its always-on DSL line, registering it through dyndns or something like that and remote-controlling it from work to use my Safari.
Is there anyone who can suggest me something to try, some sw or any other solution to this?
Tks a lot in advance

If you have access to port 22 you can use SSH to login to your home Mac and at the same time set up a SOCKS proxy on your home Mac that you access via the SSH tunnel.

You then set your office Mac's browser to use the SOCKS proxy.

If all you want to do is browse the web, this will likely give you much better performance than VNC.

My post in this thread details how to do it.

Also, if port 22 is blocked, you can change the port used by SSH to one that is open as mentioned here and elsewhere.

[Simon]

Good point, rjt1000!

If ssh traffic is possible and you simply want to bypass your company firewall to browse the web SOCKS is definitely the way to go.

There's a SOCKS pref in System Preferences > Network > Built-In Ethernet (or Airport if that's what you use) > Proxies > SOCKS Proxy.

[ddregs]

Thanks for all your suggestions.
I will surely try with the proxy method first, all I need is surfin' the web using my Mac dsl line. I will do the first test tomorrow and give feedback.