SSH tunneling with multiple IPs?
I have an SSH server set up on my VPS and my VPS has multiple IP addresses.
When I connect to any of the IP addresses I can login successfully, but when I use it for tunneling and go to whatsmyip.org I always see my first IP (eth0). The interfaces for the IP addresses are eth0, eth0:0, and eth0:1. How do i force the application (sshd) to use the interface that its bound on? |
Still not solved.
This helped me a lot: http://linux-ip.net/html/adv-multi-internet.html in that i can make it so outgoing connections made on certain ports go to certain IP addresses but I'm still trying to figure out a way for the IP address thats bound to the SSH server is the IP address that's used for outgoing connections. no luck as of yet.... I'm going to look into iptables and iproute to see what I can do... |
You haven't told us what you've tried, but did you try "-b" as an option to ssh?
|
Oh sorry, hahaha. I'm new to this forum so i didn't realize, but this is what i tried:
Code:
[root]# ip route add xx.xxx.239.120 via xx.xxx.239.120 dev eth0 table 4 |
I don't understand what you are saying. To much "that IP".
|
the ssh server is bound to multiple interfaces.
When I connect from a remote computer to the server on, let's call it xx.xxx.239.121, I want the server to make outgoing connections to websites with the IP address xx.xxx.239.121 and if i connect to the ssh server on xx.xxx.239.120 i want it to connect to websites with xx.xxx.239.120 and if i connect to the ssh server with xx.xxx.239.122 i want it to connect to websites with xx.xxx.239.122 and so on. |
Where did that nice person go who was helping me out? Anyone else have any ideas?
|
Bump for help.
|
You still haven't told us what you have tried. Have you looked into either the -R or -D options to ssh?
|
I figured it out. I just used iptables to specify which IP address each user uses.
|
#!/bin/sh
wan1_dev=`venet0:0` wan1_ip=`VENET0:0 IP ADDRESS` wan1_gw=`VENET0:0 GATEWAY` wan2_dev=`venet0:1` wan2_ip=`VENET0:1 IP ADDRESS` wan2_gw=`VENET0:1 GATEWAY` ip_start() { #delete default route(s) ip rule flush ip route del default ip route del default ip rule add lookup main prio 32766 ip rule add lookup default prio 32767 #make tables and bind them to marks ip rule add from $wan1_ip table 100 prio 100 ip rule add fwmark 0x100 table 100 prio 101 ip rule add from $wan2_ip table 200 prio 200 ip rule add fwmark 0x200 table 200 prio 201 ip route flush table 100 ip route flush table 200 WAN1ROUTE="$(ip route | grep link | grep $wan1_dev)" WAN2ROUTE="$(ip route | grep link | grep $wan2_dev)" #anyhting in table 100 will go through wan1 #anything in table 200 will go through wan2 ip route add table 100 to $WAN1ROUTE ip route add table 200 to $WAN2ROUTE ip route add table 100 default via $wan1_gw ip route add table 200 default via $wan2_gw #this will make the default route (no marks)go through wan1 always ip route delete default ip route add default via $wan1_gw dev $wan1_dev } set_mark() { iptables -t mangle -A PREROUTING -p tcp --match owner --uid-owner 1000 -j MARK --set-mark 0x100 iptables -t mangle -A PREROUTING -p udp --match owner --uid-owner 1000 -j MARK --set-mark 0x100 iptables -t mangle -A PREROUTING -p tcp --match owner --uid-owner 1001 -j MARK --set-mark 0x200 iptables -t mangle -A PREROUTING -p udp --match owner --uid-owner 1001 -j MARK --set-mark 0x200 } that was my solution |
It would be nice if the Original Poster mentioned how he did that. I've been trying to do something like that for a while now.
Got VPS hosting with 3 IPs. Whichever IP I SSH to (using Putty), the SOCKS5 tunnel I create will have the same outbound IP (venet0:0, XXX.XXX.XXX.161). Code:
root@server [~]# ifconfig Thank you kindly, E71 |
BUMP. I'm having the same issue. Can anyone walk me through the process?
|
BUMP. same problem here, try to use iptables match owner like 5andr0 mentioned to solve it,but when i issue
Code:
iptables -t mangle -A PREROUTING -p tcp --match owner --uid-owner 1001 -j MARK --set-mark 0x100 Code:
[ 702.032405] ip_tables: owner match: bad hook_mask 1/24 |
All times are GMT -5. The time now is 12:28 PM. |