How to forward ports to VNC and SSH on the Mac using ipfw

by Dean Putney

This is really a note for myself, as I keep having to do this on my home machine and it’s a bit difficult to find online.

When you need services like SSH or VNC (in Mac OS X this is called “screen sharing” in your system preferences) to listen to a different port on your computer, you can use the ipfw command to forward ports internally on your computer. This case may come up where you are on an internal network and unable to port forward the default ports for these services to yourself, or where you just want to use a different port for multiple connections. It can be difficult to change the ports these services listen to on Macs, and for VNC there is really no way at all to make this change except with ipfw. This is a powerful command, changing the way your computer connects to the Internet, so be very careful with it.

Use this command to list the current rules in your ipfw config:
sudo ipfw list

Use this command to forward port 12345 (or whatever port you like) to your VNC at port 5900:
sudo ipfw add fwd 127.0.0.1,5900 tcp from any to me dst-port 12345

Use this command to forward port 11111 to SSH at port 22:
sudo ipfw add fwd 127.0.0.1,22 tcp from any to me dst-port 11111