how to bind ssh-tunnel to different server-interface - Security

This is a discussion on how to bind ssh-tunnel to different server-interface - Security ; Hi, i am using a ssh connection from my laptop to a gateway machine. I use ssh tunneling to create a secure tunnel and use the gateway as socks 5 proxy: ssh -D 1080 root@gateway.mach ine This works fine, but ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: how to bind ssh-tunnel to different server-interface

  1. how to bind ssh-tunnel to different server-interface

    Hi,

    i am using a ssh connection from my laptop to a gateway machine. I use
    ssh tunneling to create a secure tunnel and use the gateway as socks 5
    proxy:

    ssh -D 1080 root@gateway.machine

    This works fine, but gateway.machine has 2 public interfaces with 2
    dsl lines. And I would like to selectively use one of them for the
    proxying (not for the ssh tunnel connection, which is within the LAN).
    By default always the first public interface is used for my public
    traffic. I am looking for a way to use the second interface which is
    connected to the other line.

    How can this be done with sshd? Both are Debian Linux machines.

    I searched a lot, read man pages of sshd and ssh and asked already in
    a forum, but for this specific question I could not find any answer so
    far. (Using a "bind address" for the -D option or using "GatewayPorts"
    or "ListenAddress" in sshd_config does not seem a solution for this)

    I can provide more information if necessary.

    Regards,
    Ingo



  2. Re: how to bind ssh-tunnel to different server-interface

    On Tue, 22 Apr 2008 23:59:30 -0700, Ingo Maurer wrote:

    > And I would like to selectively use one of them for the proxying (not
    > for the ssh tunnel connection, which is within the LAN). By default
    > always the first public interface is used for my public traffic. I am
    > looking for a way to use the second interface which is connected to the
    > other line.


    If there's no way to do this (and I don't know of one, but that doesn't
    mean that there isn't one {8^), perhaps the -w option in ssh might work
    for you? This creates a tun device, and you'd then control the
    forwarding in the usual forwarding way (ie. forwarding rules via
    iptables). This would permit you to be very specific about what your
    machine will and won't forward.

    - Andrew


  3. Re: how to bind ssh-tunnel to different server-interface

    On 23 Apr., 20:51, Andrew Gideon wrote:
    > On Tue, 22 Apr 2008 23:59:30 -0700, Ingo Maurer wrote:
    > > And I would like to selectively use one of them for the proxying (not
    > > for the ssh tunnel connection, which is within the LAN). By default
    > > always the first public interface is used for my public traffic. I am
    > > looking for a way to use the second interface which is connected to the
    > > other line.

    > perhaps the -w option in ssh might work
    > for you? *This creates a tun device, and you'd then control the
    > forwarding in the usual forwarding way (ie. forwarding rules via
    > iptables). *This would permit you to be very specific about what your
    > machine will and won't forward.


    This sounds like the way to go for me. "ssh -w" and iptables. Thank
    you very much, Andrew!

    Regards
    Ingo


+ Reply to Thread