Rerouting ports so i can ssh my other mac?

Discussion in 'Mac Basics and Help' started by $yregnar86, Jul 30, 2013.

  1. $yregnar86 macrumors newbie

    Jul 17, 2013
    I've probably read over 20 articles on rerouting the port when you're unable to ssh into another mac from terminal and get an error message saying the port is blocked. However, no matter how much I read I don't quite understand this.

    Why am I denied and does this have anything to do with firewalls? What exactly are ports and their relation to an ip address. I've read so much today on ip addresses that I'm sick of reading about ip addresses.

    Can someone explain this in dummy fashion cause I don't want to reroute anything or change any ip addresses if I don't have too. Changing an ip address can really screw up the connection.
  2. r0k macrumors 68040


    Mar 3, 2008
    Don't waste time with ports and ip addresses. The main reason for the inability to log into another Mac with ssh is that computer doesn't have remote login enabled in system preferences. If the Mac you are trying to log into is somewhere on the internet, then there may be some port forwarding issues but again most (non-Apple) routers have a simple fix. You simply have your friend put their Mac in their "dmz" which means the router forwards everything to the Mac without filtering. You can then use ssh to connect to your friend's mac using their internet ip address.

    Here is a little illustration:

    Two macs in the same room:
    One is on and the other is on
    Both are set to allow remote login then one should be able to ssh to the other just fine.

    Here is a more complicated illustration:

    One mac at your house and one mac in another city:
    One is on in your house and your "public ip" is

    The other is on and his "public ip" is

    You tell him to make his router's "DMZ" and when you point your ssh session at, his router sends your session to his machine's local ip ( You don't need to know except to tell him how to set up his router.

    An even more complicated illustration would involve doing this with port fowarding set up in his router. I think the DMZ approach is faster and simpler. Remember to switch off the DMZ when you are done as it defeats one main purpose of having a router on his end as his machine is "naked" on the internet while the DMZ is turned on pointing to his machine.

    Another thing that can mess all this up is that ip addresses can change so you get it all working and then either his isp gives him a new ip or his router gives his machine a new ip that is no longer in the DMZ. This is easily solved by having him check his current local ip in terminal using "ipconfig". He can check his internet ip easily enough by visiting in any web browser.

    hope this helps...

Share This Page