ssh forwarding : bind to a specific interface
 

Hi.
Suppose I have a local machine L, two remote machines R1 and R2 and a "middle" machine M.
L has no TCP/IP access to R1 or R2, but M has access to L, R1 and R2.
L has 2 local interfaces (127.0.0.1 and 127.0.0.2)

The aim is to make 2 connection forwardings listening to the same port but on different local IPs. ie (from L) :

ssh -L 1234:R1:1234 M
This should listen on 127.0.0.1

and :
ssh -L 1234:R2:1234 M
This one should listen on 127.0.0.2

Does anyone know how to do this with openssh or another ssh client?
The only soft I saw able to do this is secure-crt under windows... :-(

Thanks!
Flupke

howabout accessing R1 and R2 from 2 different ports on L ??
ssh -L 1234:R1:1234
ssh -L 1235:R2:1234

if you then still need to connect via 127.0.0.1 and 127.0.0.2 you could set up 2 rules in iptables

:-)

Impossible. The virtual host settings on the server side (R1 & R2) do not allow clients to request another port than 1234 (This tunnel has to transport HTTP).

OK: let me explain this to you...

1357:R1:1234
means:
the computer we are sshing into will contact R1 on port 1234.
the tunnel on your end opens up on port 1357

picture this:
L = our workstation
M = the gateway
R1 = the host we want to reach

like in your example: no direct link from L to R1 possible

we want to ssh into R1, we do following.
we ssh into M with following command

ssh root@m -L 1234:R1:22

now if we want to ssh into R1 we simply do this
ssh root@localhost -p 1234

this then goes through the pipe we have between L and M and connects to R1 on port 22 :-)

tada all done :-)

Thank you but this doesn't help me. I know what forwarding is.

OK, here is a more complete story :
R1 and R2 have http servers on port 1234 and ssh servers on port 22.
M has only an ssh server on port 22.
The only traffic allowed is between M and the other hosts on port 22.

So, from L, here is what I have to do :
ssh M -L 2222:R1:22 -L 2223:R2:22

Then either :
ssh 127.0.0.1 -p 2222 -L 1234:R1:1234

or :
ssh 127.0.0.1 -p 2222 -L 1234:r2:1234

to have the forwarding I need.
After that, I can launch my http client and point it to 127.0.0.1:1234 to join one of the servers running on port 1234 of R1 and R2, depending on the second ssh forwarding I launched. This server only accepts requests with port 1234 in the request string of the http header.

What I would like to do is to launch the last 2 ssh commands at the same time.

so i guess you have tried
after
ssh M -L 2222:R1:22 -L 2223:R2:22
to run
ssh 127.0.0.1 -p 2222 -L 1234:R1:1234
and
ssh 127.0.0.1 -p 2223 -L 1235:R2:1234
connecting to

how about
runnin the above and adding an iptables rule to your pre-routing talbe to redirect traffic from 127.0.0.2:1234 to 127.0.0.1:1235 ?
this way yor browser still 'requests' port 1234 and gets piped down 1235 which would end up at R2 without anybody or any app noticing!!

Yes, of course I tried to launch ssh with local ports 1234 and 1235, and of course, it didn't work... :-)

The iptable solution seems to make sense but it seems to be a really heavy solution. I would really like to make the ssh client open their local sockets on the interface I want. This would be so much easier...

write a script:
this makes sure you remove the entry in iptables when the connection to R2 is closed for one reason or the other.

Sorry to have been so long for the reply.
Indeed, the solution with iptables seems to be the only way to achieve what I want.

It's quite dirty, but it works.

Thanks
Flupke

easier method
 

To setup a forward for local port 2525 traffic on local ip 127.0.0.100 for remote traffic on port 25 at the remote server ip 127.0.0.1:

sudo ifconfig lo0 alias 127.0.0.100 up

ssh -f user@SSHSERVER -L 127.0.0.100:2525:127.0.0.1:25 -N