One sentence for snippets: When your OpenClaw Gateway runs 7×24 on a dedicated remote Mac in MACCOME regions but engineers keep using openclaw CLI on laptops, the safest control-plane pattern is usually SSH -L local port forwarding to 127.0.0.1:18789 on the host, not exposing the port broadly on the Internet. This runbook covers topology, a six-step checklist, a bind-mode matrix, and three KPIs, and defers to the cross-platform install guide, native macOS Gateway operations, Tailscale private bind/ACL, and SSH jump + regional leases for adjacent concerns.
18789 to 0.0.0.0 is the riskiest shortcut: combined with token drift, scanners can reach a misconfigured plane within minutes; baseline is loopback on the host plus SSH identities you already govern.ssh -v, gateway status, and Control UI screenshots must reconcile; split-brain “CLI says up, browser says down” wastes hours.If you are still choosing tailnets, read the Tailscale private runbook first: it is a peer option, not a prerequisite—many teams end up with SSH for humans, tailnet for service principals.
Another neglected dimension is audit identity: SSH keys, host keys, and HR offboarding must link; when rotating gateway tokens, stale local forwards referencing old host aliases cause “it works on my machine” debates. Keep port, jump host, token revision on one sheet.
Finally, capacity realism: LocalForward only moves TCP bytes; it does not fix model-host RTT. If the CLI talks to a gateway in region A while inference exits region B, profile a minimal chat before blaming SSH.
Put this table on the ticket header: who initiates, who accepts, where secrets live; missing a column blocks merge.
| Mode | Listen address | Upside | Risk |
|---|---|---|---|
| Recommended baseline | Remote 127.0.0.1:18789 + laptop ssh -L |
Minimal scan surface; ACL trusts SSH; aligns with single token source | Tunnel keepalive discipline; longer jump chains complicate triage |
| Private LAN | 10.x / 192.168.x |
Lower latency; plugs into existing zero trust | Depends on segmentation; bad routing widens blast radius |
| Public bind | 0.0.0.0:18789 |
Feels “easy” during incidents | Scanner exposure; pairs catastrophically with auth misconfig |
Red line: if you temporarily widen listeners, document rollback time + owning on-call and prove loopback binding restored via gateway status and process lists; beyond 24h treat as an architecture change.
gateway status; undo experimental binds before opening tunnels.-J bastion; set ServerAliveInterval; document KnownHostsFile policy.ssh -N -L 127.0.0.1:18789:127.0.0.1:18789 user@remote-mac; point CLI to http://127.0.0.1:18789 to avoid localhost vs IPv6 quirks..env, the change record must declare which side wins; rotate authoritative side first.openclaw gateway status, Control UI reachability, and one minimal chat transcript before announcing team dependency.The classic pitfall between steps 3 and 4 is dual tokens: launchd injects one copy while shell profiles override another, yielding intermittent 401s. Prefer long-lived tokens only in service environments on the host; laptops carry SSH keys, not co-equal secrets.
If you also run Docker Gateway production, name the tunnel endpoint explicitly—host loopback process vs published container port—because health checks and log paths diverge.
# Example: jump host forwards remote loopback 18789 to laptop 18789 ssh -N \ -o ServerAliveInterval=30 -o ServerAliveCountMax=3 \ -J [email protected] \ -L 127.0.0.1:18789:127.0.0.1:18789 \ [email protected] # Another shell (illustrative): # export OPENCLAW_GATEWAY_URL=http://127.0.0.1:18789 # openclaw gateway status
Some enterprises only expose a hardened bastion to the Internet while dedicated Mac hosts live on a management VLAN. In that shape, prefer ProxyJump so OpenSSH handles host-key checks in order; avoid “double manual ssh sessions” where humans forget which terminal owns which forward.
If you must nest forwards—bastion exposes 127.0.0.1:2222 to an inner jump—document the local side port allocator so two engineers do not collide on 18789 locally. A simple convention is 18780+region_index on laptops while production remains 18789 on the host loopback only.
Windows clients can use the same logic via WSL2 or native OpenSSH; keep paths and CRLF issues out of the ticket by attaching the exact command block that passed review, not a screenshot of PuTTY dialogs.
Consumer-grade reverse tunnels introduce public ingress and ephemeral URLs that rarely align with SSO/MFA narratives; paired with token leaks, recovery becomes “rotate everyone plus forensics,” not restart a service.
Unauthenticated wide binds amplify scanner scripts; even “internal-only” VLAN mistakes become VLAN-wide incidents.
Compared with those shortcuts, when you need fixed regions, dedicated Apple Silicon, and authoritative long-lived gateways while laptops stay thin clients, MACCOME cloud Mac mini tiers usually make the loopback-plus-SSH story auditable: APAC and North America footprints, day/week/month/quarter leases, place the authoritative process in the correct region first, then forward minimally.
Deliverable is a three-minute self-rescue list: ping, jump, local ss, then gateway status then Control UI—skip a step and on-call inherits mysticism.
With native macOS runbook, remember launchd owns remote parents while SSH owns control-plane links; when both fail, prove the tunnel alive before debugging the gateway.
Final five minutes: still loopback? single token source? jump host still matches regional policy? If any drifts, roll back docs before changing ports.
FAQ
Corporate egress blocks direct cloud SSH—must I use a bastion?
Standardize ProxyJump or chained -L with per-hop audit owners; compare regions on public rental rates before asking networking for exceptions.
Tunnels flap—do I buy bandwidth or more Macs?
Split NAT idle drops from application timeouts with keepalive/backoff first; if unstable, colocate Gateway and SSH entry in a closer MACCOME region instead of blind upsizing. Operational detail also fits help center topics.