#106: Access Apple AirDisk over WAN

Solved!
So I have an AirDisk set up on my Apple AirPort Extreme router. As I occasionally travel, I'd like to access my AirDisk from the WAN or general Internet. On the other hand, I'd rather not expose the Apple Filing Sharing port 548 over the WAN via the AirPort Utility. That would invite random hackers to attack my primarily LAN-oriented AFP server (relatively weak password, no denyhosts monitoring).

Use SSH port forwarding to access AirDisk

1
This trick works if you have an SSH server on that same LAN, and SSH is available over the Internet (which is usually safe and can be monitored via denyhosts). OpenSSH has a nifty function called port forwarding, which maps a local port to a connection from the SSH server to a third server of your choosing. It accesses the third server as your SSH server, which allows LAN access if your SSH server is on the LAN.

For example, I have my laptop A somewhere outside and I want to access my AirDisk. My AirDisk is accessible by AFP running on 10.0.1.1:548. I have a second machine running on that LAN, equipped with an SSH server and publicly accessible via the DNS address home1.example.com.

To make the AirDisk accessible, use this incantation:
ssh -L 9999:10.0.1.1:548 home1.example.com

This creates a port forwarding setup on your local port 9999 to 10.0.1.1 port 548 via home1. When you connect to localhost:9999, the request is passed through home1 to 10.0.1.1. The AFP share is now accessible only on the local loopback (and not exposed to the world all the time), and secured via SSH.

It's a little slow, since data has to bounce between laptop, home1, afp server, home1, laptop. However, I just want to grab some files while away on a hotel connection, not view HD movies or something.

References used:

Think you've got a better solution? Help 92049143cabb7ba896d7c06e19906303_small yliu out by posting your solution