Jump to content
View in the app

A better way to browse. Learn more.
FMForums.com

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Tunnel FileMaker over SSH through NAT

xochi
in FileMaker Server v7 - v11

Featured Replies

You can connect to a FileMaker server behind a NAT box or firewall using built in SSH features of Mac OS X. This is handy if you run a NAT box or firewall, and have more than one FM Server to connect to.

Note: this procedure gives out your admin password on the server to the client, so use only with a trusted user. I use it for my personal development needs only. It also exposes SSH to the outside world, so make sure you are using strong passwords and have all of the latest system updates.

Steps:

1. Make sure your server machine has port 22 open and your NAT box forwards port 22 to that machine. See your Airport Base Station (or linksys, etc.) help files for how to do this.

2. On the client machine, start SSH with the following command line in the terminal:

ssh -NL 5003:127.0.0.1:5003 loginname@natboxIP

where loginname is the login name of an admin user on the server, and natboxIP is the IP address (or domain name if you have one) of your nat box (the public WAN side, not the private LAN side).

3. You will be prompted to enter the admin password

4. The terminal will hang -- no output will be produced, but the SSH tunnel will be working.

5. To stop the ssh session, type control-C

6. To connect, open FileMaker on the client machine, and use 127.0.0.1 as the host. You should see your remote databases show up.

How it works:

The above command says "on my local machine (127.0.0.1) start forwarding port 5003 to the remote machine's port 5003" SSH will automatically use port 22 (which you have unblocked, right?) and start the ssh server on the remote machine. The traffic is encrypted to and from the server.

  • 4 months later...

Doesn't FileMaker Server use SSL for server/client communication? Why would you need to use SSH on top of that?

Doesn't FileMaker Server use SSL for server/client communication? Why would you need to use SSH on top of that?

Doesn't FileMaker Server use SSL for server/client communication? Why would you need to use SSH on top of that?

  • Author

My main concern was not encryption, but in getting around NAT/single IP limitations.

With this technique, you can run a FM6 and FM7 server on separate boxes, both behind a NAT / firewall device, and access either one from outside the firewall. Normally, since FM6 and FM7 use the same port, you have to choose one machine or the other to have your NAT / firewall do port mapping for.

  • Author

My main concern was not encryption, but in getting around NAT/single IP limitations.

With this technique, you can run a FM6 and FM7 server on separate boxes, both behind a NAT / firewall device, and access either one from outside the firewall. Normally, since FM6 and FM7 use the same port, you have to choose one machine or the other to have your NAT / firewall do port mapping for.

  • Author

My main concern was not encryption, but in getting around NAT/single IP limitations.

With this technique, you can run a FM6 and FM7 server on separate boxes, both behind a NAT / firewall device, and access either one from outside the firewall. Normally, since FM6 and FM7 use the same port, you have to choose one machine or the other to have your NAT / firewall do port mapping for.

Presumably, you still have to have your host machine assigned a static IP, such as by DHCP with manual address, unless your firewall has the ability to map ports dynamically based on MAC address rather than the dynamic IP of the host machine...

Presumably, you still have to have your host machine assigned a static IP, such as by DHCP with manual address, unless your firewall has the ability to map ports dynamically based on MAC address rather than the dynamic IP of the host machine...

Presumably, you still have to have your host machine assigned a static IP, such as by DHCP with manual address, unless your firewall has the ability to map ports dynamically based on MAC address rather than the dynamic IP of the host machine...

  • Author

Correct. You need to have both server machines inside the firewall/router/nat box using fixed addresses. Set your nat box to map the ports to each box respectively. (The server you want to access normally would use 5003, and the server you want to access via ssh would use port 22, typically).

  • Author

Correct. You need to have both server machines inside the firewall/router/nat box using fixed addresses. Set your nat box to map the ports to each box respectively. (The server you want to access normally would use 5003, and the server you want to access via ssh would use port 22, typically).

  • Author

Correct. You need to have both server machines inside the firewall/router/nat box using fixed addresses. Set your nat box to map the ports to each box respectively. (The server you want to access normally would use 5003, and the server you want to access via ssh would use port 22, typically).

Create an account or sign in to comment

https://fmforums.com/topic/27976-tunnel-filemaker-over-ssh-through-nat/
Go to topic listing

Important Information

By using this site, you agree to our Terms of Use.

I accept

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.