Re: port forwarding with binding to specific IP on remote host



I want to establish an SSH tunnel. The remote host of
the SSH connection has two IP addresses that may be used
for outgoing connections. I want the ssh-tunnel to use
the non-default connection for the "forwarded" connection:

local host has IP 10.0.0.1

remote host has IPs 10.0.0.20 (eth0) and 10.0.0.21 (eth0:1).

I want to establish a tunnel from 10.0.0.1:1234 to
10.0.0.100:1234 using the remote host's IP 10.0.0.21.

When I use

ssh -L 1234:10.0.0.100:1234 root@xxxxxxxxx

the connection from my client host to the remote host
is established *to* IP 10.0.0.21 (of course), but the
host 10.0.0.100 sees IP 10.0.0.20 as source IP for my
connection. But I want it to see 10.0.0.21 as source IP.

Is it possible to solve this with pure ssh-magic, or
do I have to create iptables rules or special routing
table entries for this?

I don't know how to do this with ssh alone. I've solved similar problems
with the help of xinetd, as follows:

ssh -L 1234:localhost:1234 root@xxxxxxxxx

and install an xinetd service as:

service portfwd-21-1234
{
socket_type = stream
interface = 10.0.0.21
port = 1234
protocol = tcp
wait = no
redirect = 127.0.0.1 1234
user = nobody
type = UNLISTED
}

xinetd will then listen on 10.0.0.21:1234, and when someone connects,
forward packets to your ssh tunnel on localhost:1234. Of course you could
also use route or iptables to achieve the same result.

--
To reply by email, change "deadspam.com" to "alumni.utexas.net"
.



Relevant Pages

  • Re: How to create an ssh chain A->B->C to do http over ssh across the chain?
    ... running the following on host A: ... will be forwarded over an SSH connection to port 8080 on host B. The ... second "ssh" command running on B, meanwhile, will then act as a SOCKS ...
    (Debian-User)
  • Re: Password Guessing
    ... > I have an ssh gateway linux-box which is the victim of daily visits by ... Like this, on any ssh connection the script ssh-throttle will be called, ... supplied with the IP address of the source host, ...
    (comp.security.ssh)
  • Re: ssh fails with xinetd
    ... I have a FreeBSD 6.2 system on which inetd was replaced with xinetd. ... spawned by inetd when there's a connection request. ... service ssh ... suffer serious abuse and unsuccessfully preserve the daemon. ...
    (comp.security.ssh)
  • Re: rcp and rlogin
    ... I just tried three ssh connections to work to machines my ip should not be ... Connection closed by remote host ... ssh: connect to host port 22: Connection timed out ...
    (RedHat)
  • xinetd+sshd (+ipv6?) address passing problem.
    ... when running an xinetd session, ... Jun 8 21:02:05 rustyp xinetd: Deactivating service ssh due to ... The connection is not via ipv6, but my system does support ipv6 ...
    (comp.os.linux.misc)