LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-26-2015, 09:13 AM   #1
jordban
LQ Newbie
 
Registered: Dec 2004
Posts: 19

Rep: Reputation: 0
Question Need SSH connections to utilize different IPs


Hello,

I have a little Ubuntu VPS that has 4 available IPs,

/etc/network/interfaces/ has 4 blocks, 1 for each IP:

Example:
Code:
auto venet0:0
iface venet0:0 inet static
        address xxx.xx.xxx.xxx
        netmask 255.255.255.255
I've created 4x user accounts on that VPS, one for each IP.

I would like for each user to be able to ssh tunnel through the VPS but use a different IP address when connecting to the internet via SOCKS5.

User 1 SSH tunnels into the VPS and uses IP1 to contact the internet.
User 2 SSH tunnels into the VPS and uses IP2 to contact the internet.

, Etc.

I imagine this is a fairly simple thing to do, I just can't wrap my head around it. I've been looking into ip-l2tp but I'm not sure if that's the right method.

Edit: It appears that the kernel not SSH decides which interface the traffic uses. If I gave each user a different SSH port could I then route each user's traffic via a different IP?

Thank you for your time!

- Jordan

Last edited by jordban; 02-26-2015 at 09:19 AM.
 
Old 02-26-2015, 04:37 PM   #2
Pearlseattle
Senior Member
 
Registered: Aug 2007
Location: Zurich, Switzerland
Distribution: Gentoo
Posts: 1,001

Rep: Reputation: 142Reputation: 142
Hi
I have no clue about VPS nor socks5.
In any case from what I understand, from a logical point of view, your decision (which IP to use to connect to the Internet) is determined by >who< is connecting to your VPS, right?
If yes then the key question is probably:
how do you identify who is connecting to your VPS?

The "how" (e.g. user account name, source IP, incoming port, ...) gives power only to "what" (ssh deamon, iptables, ...) handles that "how" to take the decision about what to do next (in your case to proxy the connection to a specific external port, right?).
But even if your options might be initially limited by the SW that handles the identification, you might get around the issue by doing things indirectly. Maybe

Cheers
 
Old 02-27-2015, 02:27 PM   #3
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,868

Rep: Reputation: 162Reputation: 162
What problem do you meet when different user user different IP to create different SSH tunnel?
 
Old 02-27-2015, 03:26 PM   #4
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: Fedora
Posts: 4,177

Rep: Reputation: 1272Reputation: 1272Reputation: 1272Reputation: 1272Reputation: 1272Reputation: 1272Reputation: 1272Reputation: 1272Reputation: 1272
All routing is done based on information in the packet. The packet has no idea about processes or users, but does have src and dest address. The basic route algorithm for packets that you send is to look up the dest address in the route table, find the first matching entry, and send it on that interface with that source address. Receiving has no flexibility. The dest address in the packet will match the interface it is received on, else it would have been dropped.

If you want 4 users to use 4 different interfaces and can't separate them based on a standard route table (likely) then you will need to put each one in a container with its own interface.
 
Old 02-28-2015, 01:37 PM   #5
jordban
LQ Newbie
 
Registered: Dec 2004
Posts: 19

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by smallpond View Post
If you want 4 users to use 4 different interfaces and can't separate them based on a standard route table (likely) then you will need to put each one in a container with its own interface.
Could you elaborate on what you mean by container with it's on interface? Is that like a virtual machine?
 
Old 03-03-2015, 02:18 PM   #6
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,868

Rep: Reputation: 162Reputation: 162
Normally, there are four IP address for four interfaces. Each user can use one of four IP address to login machine through SSH.
 
Old 03-04-2015, 04:42 PM   #7
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Costa Rica
Distribution: Kubuntu, Debian, Knoppix
Posts: 2,092
Blog Entries: 1

Rep: Reputation: 90
If you are using a ssh dynamic tunnel so that users can "come out" from their PCs (example is not very clear about where those users will be physically seated... same machine? Different machine using this VPS as proxy?) then I think you can't do much of what you are trying to do. From the VPS server's "routing engine" point of view, the traffic is being generated by the sshd process and so there's no source address that could help you tell traffic from one user or the other (so that you could mark it with iptables and then use a separate routing for each mark using the available public IP addresses... which is one of the basics of iproute2).

If tunnelling is not a "must" then I guess you could use source ip addresses for marking. Suppose that each user has a different PC, you could mark the traffic depending on source address and then use these marks to route using a different public IP address (you set up a different routing table for each mark and so each routing table has a different "default gateway" that will be used to send traffic using a different source address from that pool of addresses). This would still need some tinkering to pull off.... if at all.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSh to some IPs in a script massy Programming 13 03-18-2014 06:18 AM
how to ssh multiple ips federico101 Linux - Newbie 7 09-24-2012 03:12 AM
Apache server trying outgoing connections to unknown IPs on ports 80 and 53 Eotnak Linux - Security 14 11-13-2011 11:31 AM
How i can block ips with lot of connections DjZoC Linux - Security 5 10-31-2010 10:34 PM
how to utilize 2 connections at once? rabbit2345 Linux - Networking 1 09-13-2010 03:05 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration