ssh forwarding : bind to a specific interface
Hi.
Suppose I have a local machine L, two remote machines R1 and R2 and a "middle" machine M. L has no TCP/IP access to R1 or R2, but M has access to L, R1 and R2. L has 2 local interfaces (127.0.0.1 and 127.0.0.2) The aim is to make 2 connection forwardings listening to the same port but on different local IPs. ie (from L) : ssh -L 1234:R1:1234 M This should listen on 127.0.0.1 and : ssh -L 1234:R2:1234 M This one should listen on 127.0.0.2 Does anyone know how to do this with openssh or another ssh client? The only soft I saw able to do this is secure-crt under windows... :-( Thanks! Flupke |
howabout accessing R1 and R2 from 2 different ports on L ??
ssh -L 1234:R1:1234 ssh -L 1235:R2:1234 if you then still need to connect via 127.0.0.1 and 127.0.0.2 you could set up 2 rules in iptables :-) |
Impossible. The virtual host settings on the server side (R1 & R2) do not allow clients to request another port than 1234 (This tunnel has to transport HTTP).
|
OK: let me explain this to you...
1357:R1:1234 means: the computer we are sshing into will contact R1 on port 1234. the tunnel on your end opens up on port 1357 picture this: L = our workstation M = the gateway R1 = the host we want to reach like in your example: no direct link from L to R1 possible we want to ssh into R1, we do following. we ssh into M with following command ssh root@m -L 1234:R1:22 now if we want to ssh into R1 we simply do this ssh root@localhost -p 1234 this then goes through the pipe we have between L and M and connects to R1 on port 22 :-) tada all done :-) |
Thank you but this doesn't help me. I know what forwarding is.
OK, here is a more complete story : R1 and R2 have http servers on port 1234 and ssh servers on port 22. M has only an ssh server on port 22. The only traffic allowed is between M and the other hosts on port 22. So, from L, here is what I have to do : ssh M -L 2222:R1:22 -L 2223:R2:22 Then either : ssh 127.0.0.1 -p 2222 -L 1234:R1:1234 or : ssh 127.0.0.1 -p 2222 -L 1234:r2:1234 to have the forwarding I need. After that, I can launch my http client and point it to 127.0.0.1:1234 to join one of the servers running on port 1234 of R1 and R2, depending on the second ssh forwarding I launched. This server only accepts requests with port 1234 in the request string of the http header. What I would like to do is to launch the last 2 ssh commands at the same time. |
so i guess you have tried
after ssh M -L 2222:R1:22 -L 2223:R2:22 to run ssh 127.0.0.1 -p 2222 -L 1234:R1:1234 and ssh 127.0.0.1 -p 2223 -L 1235:R2:1234 connecting to how about runnin the above and adding an iptables rule to your pre-routing talbe to redirect traffic from 127.0.0.2:1234 to 127.0.0.1:1235 ? this way yor browser still 'requests' port 1234 and gets piped down 1235 which would end up at R2 without anybody or any app noticing!! |
Yes, of course I tried to launch ssh with local ports 1234 and 1235, and of course, it didn't work... :-)
The iptable solution seems to make sense but it seems to be a really heavy solution. I would really like to make the ssh client open their local sockets on the interface I want. This would be so much easier... |
write a script:
Code:
/sbin/iptables -t nat -A PREROUTING -p tcp -d 127.0.0.2 --dport 1234 -j REDIRECT --to-ports 1235 |
Sorry to have been so long for the reply.
Indeed, the solution with iptables seems to be the only way to achieve what I want. It's quite dirty, but it works. Thanks Flupke |
easier method
To setup a forward for local port 2525 traffic on local ip 127.0.0.100 for remote traffic on port 25 at the remote server ip 127.0.0.1:
sudo ifconfig lo0 alias 127.0.0.100 up ssh -f user@SSHSERVER -L 127.0.0.100:2525:127.0.0.1:25 -N |
All times are GMT -5. The time now is 08:31 AM. |