A little known option in Bonjour is the proxy function. This allows services to be announced by proxy for devices which do not have Bonjour - such as webcams, printer servers, routers, DVB receivers or any device which is accessible by TCP/IP.
In principle, only three parameters are required - the protocol used by the service, the IP address and the port number on which the device listens. The protocol can be found on the service types list , the port number from the documentation for the device and the IP address can be obtained from the device configuration interface.
Tools such as Network Beacon for Mac OS X provide access to the proxy function via an attractive graphical interface. Because Network Beacon has to be left running for as long as the service is to be announced, consumption of memory resources and desktop space by the application can be an annoyance. This can be achieved more economically using dns-sd with the -p switch:
dns-sd -P bulls_eye _rfb._tcp "" 5900 bulls_eye.local 192.168.20.167
In the above example, the VNC service for a computer with IP address 192.168.20.167 is announced with the label bulls_eye - the label can contain any text up to 63 characters in length. VNC is an application for remotely controlling computers, rfb stands for remote frame buffer, the designation used by the developers of VNC for their remote control protocol.
If dns-sd is combined with ssh, it is possible not only to import Bonjour services from external networks to the local network (tunnelling), but also to announce them on the local network. To other workstations on the network, the tunnelled service looks as if it is on the local network. This can be useful if, for example, a company wishes to access servers at another branch without going to the trouble of setting up a VPN. Special programs to perform this function, such as RNSplicer for Mac OS X or mTunnel for Windows, already exist, but some are complicated to operate. In addition, the instruction manual for RNSplicer, a translation into English from the Japanese, is not easy to understand, for which reason we will illustrate a simpler means which also works on all operating systems for which ssh is available.
Firstly, the service provided by the remote server is 'fetched' onto the local network:
ssh -C -g -L 55000:remote.machine.net:80 >user<@remote.machine.net
The -C switch switches ssh's internal compression algorithm on, -L switches on port forwarding - port 80 of the remote server remote.machine.net is addressed locally via port 55000. Any unused port can be used in place of port 55000.
An additional trick is required to ensure that workstations on the local network can connect to port 55000: the -g switch is used. Once the connection has been established, port 55000 is enabled in the firewall so that connection attempts from workstations are permitted, and the service is announced:
dns-sd -P cubeTest _http._tcp "" 55000 cubeTest.local 192.168.20.100
192.168.20.100 is the IP address of the computer which is maintaining the ssh connection and announcing the service. In this example, the web server running on remote.machine.net is being announced. Other services can also be imported in the same way, say if you want to listen to music from your home iTunes at work:
ssh -g -L 55000:remote.machine.net:3689 firstname.lastname@example.org dns-sd -P
Jukebox _daap._tcp "" 55000 Jukebox.local 192.168.20.100
Ssh compression (-C) is in this case best omitted, as MP3 streams are barely compressible anyway.