LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-13-2005, 10:04 AM   #1
flupke
Member
 
Registered: Jun 2005
Location: BE
Posts: 30

Rep: Reputation: 15
ssh forwarding : bind to a specific interface


Hi.
Suppose I have a local machine L, two remote machines R1 and R2 and a "middle" machine M.
L has no TCP/IP access to R1 or R2, but M has access to L, R1 and R2.
L has 2 local interfaces (127.0.0.1 and 127.0.0.2)

The aim is to make 2 connection forwardings listening to the same port but on different local IPs. ie (from L) :

ssh -L 1234:R1:1234 M
This should listen on 127.0.0.1

and :
ssh -L 1234:R2:1234 M
This one should listen on 127.0.0.2

Does anyone know how to do this with openssh or another ssh client?
The only soft I saw able to do this is secure-crt under windows... :-(

Thanks!
Flupke
 
Old 07-13-2005, 10:44 AM   #2
Nathanael
Member
 
Registered: May 2004
Location: Karlsruhe, Germany
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940

Rep: Reputation: 32
howabout accessing R1 and R2 from 2 different ports on L ??
ssh -L 1234:R1:1234
ssh -L 1235:R2:1234

if you then still need to connect via 127.0.0.1 and 127.0.0.2 you could set up 2 rules in iptables

:-)
 
Old 07-13-2005, 02:42 PM   #3
flupke
Member
 
Registered: Jun 2005
Location: BE
Posts: 30

Original Poster
Rep: Reputation: 15
Impossible. The virtual host settings on the server side (R1 & R2) do not allow clients to request another port than 1234 (This tunnel has to transport HTTP).
 
Old 07-13-2005, 02:53 PM   #4
Nathanael
Member
 
Registered: May 2004
Location: Karlsruhe, Germany
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940

Rep: Reputation: 32
OK: let me explain this to you...

1357:R1:1234
means:
the computer we are sshing into will contact R1 on port 1234.
the tunnel on your end opens up on port 1357

picture this:
L = our workstation
M = the gateway
R1 = the host we want to reach

like in your example: no direct link from L to R1 possible

we want to ssh into R1, we do following.
we ssh into M with following command

ssh root@m -L 1234:R1:22

now if we want to ssh into R1 we simply do this
ssh root@localhost -p 1234

this then goes through the pipe we have between L and M and connects to R1 on port 22 :-)

tada all done :-)
 
Old 07-13-2005, 03:26 PM   #5
flupke
Member
 
Registered: Jun 2005
Location: BE
Posts: 30

Original Poster
Rep: Reputation: 15
Thank you but this doesn't help me. I know what forwarding is.

OK, here is a more complete story :
R1 and R2 have http servers on port 1234 and ssh servers on port 22.
M has only an ssh server on port 22.
The only traffic allowed is between M and the other hosts on port 22.

So, from L, here is what I have to do :
ssh M -L 2222:R1:22 -L 2223:R2:22

Then either :
ssh 127.0.0.1 -p 2222 -L 1234:R1:1234

or :
ssh 127.0.0.1 -p 2222 -L 1234:r2:1234

to have the forwarding I need.
After that, I can launch my http client and point it to 127.0.0.1:1234 to join one of the servers running on port 1234 of R1 and R2, depending on the second ssh forwarding I launched. This server only accepts requests with port 1234 in the request string of the http header.

What I would like to do is to launch the last 2 ssh commands at the same time.
 
Old 07-13-2005, 05:41 PM   #6
Nathanael
Member
 
Registered: May 2004
Location: Karlsruhe, Germany
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940

Rep: Reputation: 32
so i guess you have tried
after
ssh M -L 2222:R1:22 -L 2223:R2:22
to run
ssh 127.0.0.1 -p 2222 -L 1234:R1:1234
and
ssh 127.0.0.1 -p 2223 -L 1235:R2:1234
connecting to

how about
runnin the above and adding an iptables rule to your pre-routing talbe to redirect traffic from 127.0.0.2:1234 to 127.0.0.1:1235 ?
this way yor browser still 'requests' port 1234 and gets piped down 1235 which would end up at R2 without anybody or any app noticing!!
 
Old 07-14-2005, 12:10 AM   #7
flupke
Member
 
Registered: Jun 2005
Location: BE
Posts: 30

Original Poster
Rep: Reputation: 15
Yes, of course I tried to launch ssh with local ports 1234 and 1235, and of course, it didn't work... :-)

The iptable solution seems to make sense but it seems to be a really heavy solution. I would really like to make the ssh client open their local sockets on the interface I want. This would be so much easier...
 
Old 07-14-2005, 03:27 AM   #8
Nathanael
Member
 
Registered: May 2004
Location: Karlsruhe, Germany
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940

Rep: Reputation: 32
write a script:
Code:
/sbin/iptables -t nat -A PREROUTING -p tcp -d 127.0.0.2 --dport 1234 -j REDIRECT --to-ports 1235
/usr/bin/ssh root@R2 -p 2223 -L 1235:R2:1234
/sbin/iptables -t nat -D PREROUTING -p tcp -d 127.0.0.2 --dport 1234 -j REDIRECT --to-ports 1235
this makes sure you remove the entry in iptables when the connection to R2 is closed for one reason or the other.
 
Old 07-20-2005, 07:26 AM   #9
flupke
Member
 
Registered: Jun 2005
Location: BE
Posts: 30

Original Poster
Rep: Reputation: 15
Sorry to have been so long for the reply.
Indeed, the solution with iptables seems to be the only way to achieve what I want.

It's quite dirty, but it works.

Thanks
Flupke
 
Old 12-09-2011, 05:24 PM   #10
woleium
LQ Newbie
 
Registered: Dec 2011
Posts: 1

Rep: Reputation: Disabled
easier method

To setup a forward for local port 2525 traffic on local ip 127.0.0.100 for remote traffic on port 25 at the remote server ip 127.0.0.1:

sudo ifconfig lo0 alias 127.0.0.100 up

ssh -f user@SSHSERVER -L 127.0.0.100:2525:127.0.0.1:25 -N
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
forwarding a specific port from eth0 to eth1 zovres Linux - Networking 2 05-02-2006 10:01 PM
Bind ETH devices to specific NIC/MAC not_an_expert Slackware 8 10-13-2004 11:00 AM
Some IPTables help... forwarding if a specific IP Jimbobbob Linux - Networking 2 11-05-2003 08:44 AM
Traffi forcing on a specific interface kbassyouny Linux - Software 0 07-04-2003 04:53 AM
BIND Forwarding rules Infamous Tim Linux - Networking 1 10-27-2001 06:07 AM


All times are GMT -5. The time now is 01:35 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration