port forwarding with binding to specific IP on remote host - SSH

This is a discussion on port forwarding with binding to specific IP on remote host - SSH ; Hi all, I want to establish an SSH tunnel. The remote host of the SSH connection has two IP addresses that may be used for outgoing connections. I want the ssh-tunnel to use the non-default connection for the "forwarded" connection: ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: port forwarding with binding to specific IP on remote host

  1. port forwarding with binding to specific IP on remote host


    Hi all,

    I want to establish an SSH tunnel. The remote host of
    the SSH connection has two IP addresses that may be used
    for outgoing connections. I want the ssh-tunnel to use
    the non-default connection for the "forwarded" connection:

    local host has IP 10.0.0.1

    remote host has IPs 10.0.0.20 (eth0) and 10.0.0.21 (eth0:1).

    I want to establish a tunnel from 10.0.0.1:1234 to
    10.0.0.100:1234 using the remote host's IP 10.0.0.21.

    When I use

    ssh -L 1234:10.0.0.100:1234 root@10.0.0.21

    the connection from my client host to the remote host
    is established *to* IP 10.0.0.21 (of course), but the
    host 10.0.0.100 sees IP 10.0.0.20 as source IP for my
    connection. But I want it to see 10.0.0.21 as source IP.

    Is it possible to solve this with pure ssh-magic, or
    do I have to create iptables rules or special routing
    table entries for this?

    Thanks and best regards
    -stefan-


    --
    --------------------------------------------------------------------
    Dipl. Inf. (FH) Stefan Palme

    email: kleiner@hora-obscura.de
    Key fingerprint = 1BA7 D217 36A1 534C A5AD F18A E2D1 488A E904 F9EC
    --------------------------------------------------------------------


  2. Re: port forwarding with binding to specific IP on remote host

    > I want to establish an SSH tunnel. The remote host of
    > the SSH connection has two IP addresses that may be used
    > for outgoing connections. I want the ssh-tunnel to use
    > the non-default connection for the "forwarded" connection:
    >
    > local host has IP 10.0.0.1
    >
    > remote host has IPs 10.0.0.20 (eth0) and 10.0.0.21 (eth0:1).
    >
    > I want to establish a tunnel from 10.0.0.1:1234 to
    > 10.0.0.100:1234 using the remote host's IP 10.0.0.21.
    >
    > When I use
    >
    > ssh -L 1234:10.0.0.100:1234 root@10.0.0.21
    >
    > the connection from my client host to the remote host
    > is established *to* IP 10.0.0.21 (of course), but the
    > host 10.0.0.100 sees IP 10.0.0.20 as source IP for my
    > connection. But I want it to see 10.0.0.21 as source IP.
    >
    > Is it possible to solve this with pure ssh-magic, or
    > do I have to create iptables rules or special routing
    > table entries for this?


    I don't know how to do this with ssh alone. I've solved similar problems
    with the help of xinetd, as follows:

    ssh -L 1234:localhost:1234 root@10.0.0.21

    and install an xinetd service as:

    service portfwd-21-1234
    {
    socket_type = stream
    interface = 10.0.0.21
    port = 1234
    protocol = tcp
    wait = no
    redirect = 127.0.0.1 1234
    user = nobody
    type = UNLISTED
    }

    xinetd will then listen on 10.0.0.21:1234, and when someone connects,
    forward packets to your ssh tunnel on localhost:1234. Of course you could
    also use route or iptables to achieve the same result.

    --
    To reply by email, change "deadspam.com" to "alumni.utexas.net"

  3. Re: port forwarding with binding to specific IP on remote host

    Stefan Palme writes:

    > Hi all,
    >
    > I want to establish an SSH tunnel. The remote host of
    > the SSH connection has two IP addresses that may be used
    > for outgoing connections. I want the ssh-tunnel to use
    > the non-default connection for the "forwarded" connection:
    >
    > local host has IP 10.0.0.1
    >
    > remote host has IPs 10.0.0.20 (eth0) and 10.0.0.21 (eth0:1).
    >
    > I want to establish a tunnel from 10.0.0.1:1234 to
    > 10.0.0.100:1234 using the remote host's IP 10.0.0.21.
    >
    > When I use
    >
    > ssh -L 1234:10.0.0.100:1234 root@10.0.0.21
    >
    > the connection from my client host to the remote host
    > is established *to* IP 10.0.0.21 (of course), but the
    > host 10.0.0.100 sees IP 10.0.0.20 as source IP for my
    > connection.


    It does so because the default interface for outbound traffic from
    your box is the .20.

    > But I want it to see 10.0.0.21 as source IP.


    Then you'll need to specify in your OS's routing tables that you want
    traffic destined for .100 to go out eth0:1

    > Is it possible to solve this with pure ssh-magic, or do I have to
    > create iptables rules or special routing table entries for this?


    I'm willing to be wrong about this, but don't think ssh has ability to
    reach this far down into the tcp/ip stack to do what you want here
    without some help from routing tables.

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/

  4. Re: port forwarding with binding to specific IP on remote host


    Thanks for your replies - I've got exactly what I've expected
    Solved this with some iptables rules using SNAT now...

    Regards
    -stefan-


  5. Re: port forwarding with binding to specific IP on remote host

    On 2006-08-14, Todd H. wrote:
    > Stefan Palme writes:
    >> But I want it to see 10.0.0.21 as source IP.

    >
    > Then you'll need to specify in your OS's routing tables that you want
    > traffic destined for .100 to go out eth0:1
    >
    >> Is it possible to solve this with pure ssh-magic, or do I have to
    >> create iptables rules or special routing table entries for this?

    >
    > I'm willing to be wrong about this, but don't think ssh has ability to
    > reach this far down into the tcp/ip stack to do what you want here
    > without some help from routing tables.


    ssh or sshd could use the bind(2) system call to bind the local address
    of the outgoing connection of the port forward to a given address ("ssh
    -b" in OpenSSH does that for the ssh connection itself but there's no
    equivalent for forwarded connections).

    In general, I don't think there's provision in the ssh2 protocol to
    specify the source address that the remote end should use for an outbound
    forwarded connection.

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

+ Reply to Thread