Something I had been wanting to learn, but hadn’t been able to figure out was SSH tunnels. SSH Tunnels are basically a poor man’s VPN, well, minus the poor part because you need a server or receiving computer with a public address.

Why do we need this?

Ever been on a public Wi-Fi at an airport or maybe a Starbucks? Ever been somewhere that you knew people were likely tracking your internet usage? Well all of those are perfect reasons why you need this. It securely encrypts your traffic and forces all of it through the destination server, so all of your traffic looks simply like you are just hitting the one server, not the private data you were really looking at.

Mac or PC?

I’m sure you can do this same thing on a PC, but since all of my portable’s are either OSX or Linux, this is going to be

What you need:

Mac computer with terminal access.
Remote computer with a public address. (I have 3 setup currently. 2 D.O. Servers in different parts of the country, and then one at my house.)

I’ll assume you already have the SSH connections sorted to your receiving computer so… run the following command:

ssh -D 9999 -C user@host
  • Change the port to a different one if you wish.
  • Change user@host with your server access credentials.

This will leave a connection open as long as you have the SSH session open (re: leave the window open until you are done).

Then go to:

System Preferences > Network > *select your connection* > Advanced > Proxies


Click and check SOCKS Proxy and enter localhost and your port number from above in the box. Click Ok, then Apply and you are good to go!

To Test:

Go to and confirm that your IP is now the one coming from your server or remote machine. If it doesn’t work, feel free to leave a comment and I will try to help.

Extra Credit:

Since I didn’t want to remember these commands every time I wanted to use them, I am in the process of building a shell script that will automate the activation and deactivation of these. The basis for this script is the following commands (in conjunction with the one above):

sudo networksetup -setsocksfirewallproxy "Wi-Fi" localhost 8000
  • Change the “Wi-Fi” to your connection name from the network control panel.
  • Change the port to the one you set above.
sudo networksetup -setsocksfirewallproxystate "Wi-Fi" off
  • Change the connection name to yours.

I’ll post the actual script when I have it done.

Enjoy and Tunnel On!