On Wed, 2008-10-29 at 10:59 -0700, Joseph Spenner wrote:
> How about if you add a special route to your target via the PPP0 interface? If you know the IP where you're going to land, you could add a host route through the PPP interface. Then, ssh would respect that route.


Yes, but the problem is that if i do so, then the other apps will use
that route as well, and i don't want this to happens - the main app
connects to the same server as the one i would like to set-up the
reverse tunnel...

Perhpas, i din't give this detail, but actually i want the main app to
connect to the server through eth0/wifi/adsl, and the reverse ssh tunnel
to connect to the *SAME* server through ppp0 only.

I'm currently looking at iptables/iproute and stuff... but no solution
found so far!

Cheers,
Chris

>
>
>
> --- On Wed, 10/29/08, Christian Gagneraud wrote:
>
> > From: Christian Gagneraud
> > Subject: Reverse tunnel and multiple interface
> > To: secureshell@securityfocus.com
> > Date: Wednesday, October 29, 2008, 10:51 AM
> > Hi all,
> >
> > I have a box running embedded linux, which has 2 network
> > interfaces, the
> > first (eth0) is the "normal" interface, the other
> > one (ppp0) is used as
> > a back-up link (in case eth0 is down, we still want to be
> > able to
> > connect to the box).
> > The box is installed on the sea, few miles away from the
> > shore, the box
> > access internet through eth0 which is connected to a
> > transparent WIFI
> > bridge and finally to an ADSL router.
> >
> >
> > The ppp0 is a GPRS connection via a modem, as my provider
> > doesn't allow
> > incoming connection, i need to set up a reverse tunnel if i
> > want to be
> > able to connect remotely to the box.
> > I know i can set-up the reverse tunnel with something like
> > "ssh -CNR
> > :localhost:2222
> > middleuser@middleserver", we use this on
> > other projects that have only ppp0 to access internet, and
> > it works
> > fine.
> >
> > It is critical for us to be able to access the box 24/7,
> > the services
> > provided by this box need a good bandwidth, that's why
> > we need a
> > broadband connection. The ppp0 will be only used in case of
> > eth0/internet failure to investigate the problem(s).
> > Actually the WIFI link is the weakness of the system, the
> > embedded WIFI
> > bridge can fail due to various reason including
> > misalignment (the system
> > can derived from its original position), corosion (sea
> > water is a
> > killer), power supply failures, ....
> >
> > Finally, my problem is that i would like to simply force
> > the reverse
> > tunnel to use only ppp0. And at the same time i need the
> > default route
> > to go through eth0 (that is needed for the main programs
> > running on this
> > box)
> >
> > So, this is what i would like to achieve:
> >
> > /----------- ppp0 --------| GPRS Modem |---{internet}
> > | /---- lo
> > | | /-- eth0 --------| ADSL router|---{internet}
> > | | |
> > | | |
> > | ssh daemon (2222), main apps
> > |
> > \-- ssh -CNR ...
> >
> >
> > I have the feeling that there's no way to tell ssh to
> > make a reverse
> > tunnel through a specific interface and ignore the default
> > route, and
> > that i will have to find a way via the kernel network
> > set-up, and i have
> > no clue on how to do this. I don't want to use an
> > automatic/redondant
> > route, because if my app try to use ppp0, then the link
> > will be stucked,
> > because this app is bandwith hungry and anyway this app
> > needs incoming
> > connections...
> >
> > So, perhaps someone will come here with an idea using only
> > ssh...
> >
> > With best regards,
> > Chris
> >
> > PS: Please CC me as i'm not subscribed to the list.

>
>
>