LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 04-21-2009, 10:28 AM   #1
N4melessS0ldier
LQ Newbie
 
Registered: Apr 2009
Posts: 9

Rep: Reputation: 0
Question SSH tunneling with multiple IPs?


I have an SSH server set up on my VPS and my VPS has multiple IP addresses.
When I connect to any of the IP addresses I can login successfully, but when I use it for tunneling and go to whatsmyip.org I always see my first IP (eth0).
The interfaces for the IP addresses are eth0, eth0:0, and eth0:1.
How do i force the application (sshd) to use the interface that its bound on?
 
Old 04-21-2009, 07:27 PM   #2
N4melessS0ldier
LQ Newbie
 
Registered: Apr 2009
Posts: 9

Original Poster
Rep: Reputation: 0
Arrow

Still not solved.
This helped me a lot: http://linux-ip.net/html/adv-multi-internet.html
in that i can make it so outgoing connections made on certain ports go to certain IP addresses but I'm still trying to figure out a way for the IP address thats bound to the SSH server is the IP address that's used for outgoing connections.
no luck as of yet.... I'm going to look into iptables and iproute to see what I can do...
 
Old 04-21-2009, 07:31 PM   #3
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
You haven't told us what you've tried, but did you try "-b" as an option to ssh?
 
Old 04-21-2009, 07:42 PM   #4
N4melessS0ldier
LQ Newbie
 
Registered: Apr 2009
Posts: 9

Original Poster
Rep: Reputation: 0
Oh sorry, hahaha. I'm new to this forum so i didn't realize, but this is what i tried:

Code:
[root]# ip route add xx.xxx.239.120 via xx.xxx.239.120 dev eth0 table 4
[root]# ip route add table 4 default via xx.xxx.239.120
[root]# iptables -t mangle -A PREROUTING -p tcp --dport 80 -s xx.xxx.239.120 -j MARK --set-mark 4
[root]# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source xx.xxx.239.120
[root]# ip rule add fwmark 4 table 4
and what that does it force outgoing connections through the tunnel that are going to HTTP pages to be on that IP but i want it so if you connect on an IP it uses that IP to make outgoing connections.
 
Old 04-21-2009, 07:47 PM   #5
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
I don't understand what you are saying. To much "that IP".
 
Old 04-21-2009, 07:51 PM   #6
N4melessS0ldier
LQ Newbie
 
Registered: Apr 2009
Posts: 9

Original Poster
Rep: Reputation: 0
the ssh server is bound to multiple interfaces.
When I connect from a remote computer to the server on, let's call it xx.xxx.239.121, I want the server to make outgoing connections to websites with the IP address xx.xxx.239.121
and if i connect to the ssh server on xx.xxx.239.120 i want it to connect to websites with xx.xxx.239.120
and if i connect to the ssh server with xx.xxx.239.122 i want it to connect to websites with xx.xxx.239.122
and so on.
 
Old 04-21-2009, 08:38 PM   #7
N4melessS0ldier
LQ Newbie
 
Registered: Apr 2009
Posts: 9

Original Poster
Rep: Reputation: 0
Where did that nice person go who was helping me out? Anyone else have any ideas?
 
Old 04-22-2009, 01:30 PM   #8
N4melessS0ldier
LQ Newbie
 
Registered: Apr 2009
Posts: 9

Original Poster
Rep: Reputation: 0
Bump for help.
 
Old 04-22-2009, 04:38 PM   #9
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
You still haven't told us what you have tried. Have you looked into either the -R or -D options to ssh?
 
Old 04-22-2009, 04:39 PM   #10
N4melessS0ldier
LQ Newbie
 
Registered: Apr 2009
Posts: 9

Original Poster
Rep: Reputation: 0
I figured it out. I just used iptables to specify which IP address each user uses.
 
Old 06-02-2009, 12:40 PM   #11
5andr0
LQ Newbie
 
Registered: Jun 2009
Posts: 1

Rep: Reputation: 0
#!/bin/sh

wan1_dev=`venet0:0`
wan1_ip=`VENET0:0 IP ADDRESS`
wan1_gw=`VENET0:0 GATEWAY`
wan2_dev=`venet0:1`
wan2_ip=`VENET0:1 IP ADDRESS`
wan2_gw=`VENET0:1 GATEWAY`

ip_start()
{

#delete default route(s)
ip rule flush
ip route del default
ip route del default

ip rule add lookup main prio 32766
ip rule add lookup default prio 32767

#make tables and bind them to marks
ip rule add from $wan1_ip table 100 prio 100
ip rule add fwmark 0x100 table 100 prio 101

ip rule add from $wan2_ip table 200 prio 200
ip rule add fwmark 0x200 table 200 prio 201

ip route flush table 100
ip route flush table 200

WAN1ROUTE="$(ip route | grep link | grep $wan1_dev)"
WAN2ROUTE="$(ip route | grep link | grep $wan2_dev)"

#anyhting in table 100 will go through wan1
#anything in table 200 will go through wan2
ip route add table 100 to $WAN1ROUTE
ip route add table 200 to $WAN2ROUTE

ip route add table 100 default via $wan1_gw
ip route add table 200 default via $wan2_gw

#this will make the default route (no marks)go through wan1 always
ip route delete default
ip route add default via $wan1_gw dev $wan1_dev

}

set_mark()
{
iptables -t mangle -A PREROUTING -p tcp --match owner --uid-owner 1000 -j MARK --set-mark 0x100
iptables -t mangle -A PREROUTING -p udp --match owner --uid-owner 1000 -j MARK --set-mark 0x100
iptables -t mangle -A PREROUTING -p tcp --match owner --uid-owner 1001 -j MARK --set-mark 0x200
iptables -t mangle -A PREROUTING -p udp --match owner --uid-owner 1001 -j MARK --set-mark 0x200
}


that was my solution

Last edited by 5andr0; 06-08-2009 at 05:48 AM.
 
Old 01-25-2010, 02:33 PM   #12
E71
LQ Newbie
 
Registered: Oct 2007
Distribution: CentOS 5.3
Posts: 20

Rep: Reputation: 0
Unhappy

It would be nice if the Original Poster mentioned how he did that. I've been trying to do something like that for a while now.

Got VPS hosting with 3 IPs. Whichever IP I SSH to (using Putty), the SOCKS5 tunnel I create will have the same outbound IP (venet0:0, XXX.XXX.XXX.161).

Code:
root@server [~]# ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3807313 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3807313 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1436225003 (1.3 GiB)  TX bytes:1436225003 (1.3 GiB)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:18174726 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18953837 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:6097585936 (5.6 GiB)  TX bytes:5497929211 (5.1 GiB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:XXX.XXX.XXX.161  P-t-P:XXX.XXX.XXX.161  Bcast:XXX.XXX.XXX.161  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

venet0:1  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:XXX.XXX.XXX.170  P-t-P:XXX.XXX.XXX.170  Bcast:XXX.XXX.XXX.170  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

venet0:2  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:XXX.XXX.XXX.197  P-t-P:XXX.XXX.XXX.197  Bcast:XXX.XXX.XXX.197  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
If anyone knows how to do what N4melessS0ldier say he did, please please please show us!

Thank you kindly,
E71
 
Old 03-23-2010, 08:21 AM   #13
jay.win
LQ Newbie
 
Registered: Mar 2010
Posts: 1

Rep: Reputation: 1
BUMP. I'm having the same issue. Can anyone walk me through the process?
 
Old 09-03-2010, 03:28 AM   #14
Zeact
LQ Newbie
 
Registered: Sep 2010
Posts: 1

Rep: Reputation: 0
BUMP. same problem here, try to use iptables match owner like 5andr0 mentioned to solve it,but when i issue
Code:
iptables -t mangle -A PREROUTING -p tcp --match owner --uid-owner 1001 -j MARK --set-mark 0x100
the following message:
Code:
[  702.032405] ip_tables: owner match: bad hook_mask 1/24
iptables: Invalid argument
And i read iptables man page mention that owner match only valid in the OUTPUT and POSTROUTING chains any one can help me please please
 
  


Reply

Tags
ssh, tunnel, tunneling


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting things straight: Apache, SSL, Multiple External IPs / Internal IPs robin.com.au Linux - Server 21 10-13-2007 11:39 PM
SSH tunneling with multiple IPs phoinix Linux - Networking 2 03-27-2007 01:09 PM
how to define a specific range of IPs and/or multiple IPs in an iptables rule?... TheHellsMaster Linux - Security 9 09-20-2004 10:06 AM
multiple ips, multiple gateways, one interface drpixel Linux - Networking 6 12-04-2002 12:56 AM
tunneling with ssh barbanero Linux - Security 2 01-24-2002 10:53 AM


All times are GMT -5. The time now is 08:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration