how to bind ssh-tunnel to different server-interface
Hi,
i am using a ssh connection from my laptop to a gateway machine. I use
ssh tunneling to create a secure tunnel and use the gateway as socks 5
proxy:
ssh -D 1080 [email]root@gateway.mach[/email]ine
This works fine, but gateway.machine has 2 public interfaces with 2
dsl lines. And I would like to selectively use one of them for the
proxying (not for the ssh tunnel connection, which is within the LAN).
By default always the first public interface is used for my public
traffic. I am looking for a way to use the second interface which is
connected to the other line.
How can this be done with sshd? Both are Debian Linux machines.
I searched a lot, read man pages of sshd and ssh and asked already in
a forum, but for this specific question I could not find any answer so
far. (Using a "bind address" for the -D option or using "GatewayPorts"
or "ListenAddress" in sshd_config does not seem a solution for this)
I can provide more information if necessary.
Regards,
Ingo
Re: how to bind ssh-tunnel to different server-interface
On Tue, 22 Apr 2008 23:59:30 -0700, Ingo Maurer wrote:
[color=blue]
> And I would like to selectively use one of them for the proxying (not
> for the ssh tunnel connection, which is within the LAN). By default
> always the first public interface is used for my public traffic. I am
> looking for a way to use the second interface which is connected to the
> other line.[/color]
If there's no way to do this (and I don't know of one, but that doesn't
mean that there isn't one {8^), perhaps the -w option in ssh might work
for you? This creates a tun device, and you'd then control the
forwarding in the usual forwarding way (ie. forwarding rules via
iptables). This would permit you to be very specific about what your
machine will and won't forward.
- Andrew
Re: how to bind ssh-tunnel to different server-interface
On 23 Apr., 20:51, Andrew Gideon <c172driv...@gideon.org> wrote:[color=blue]
> On Tue, 22 Apr 2008 23:59:30 -0700, Ingo Maurer wrote:[color=green]
> > And I would like to selectively use one of them for the proxying (not
> > for the ssh tunnel connection, which is within the LAN). By default
> > always the first public interface is used for my public traffic. I am
> > looking for a way to use the second interface which is connected to the
> > other line.[/color]
> perhaps the -w option in ssh might work
> for you? *This creates a tun device, and you'd then control the
> forwarding in the usual forwarding way (ie. forwarding rules via
> iptables). *This would permit you to be very specific about what your
> machine will and won't forward.[/color]
This sounds like the way to go for me. "ssh -w" and iptables. Thank
you very much, Andrew!
Regards
Ingo
