I have a linux server with 3 public IPs, and I use SSH tunnelling to connect to each of them. Let's call them: 1.1.1.1 (venet0:0), 1.1.1.2 (venet0:1), 1.1.1.3 (venet0:2). When I tunnel using 1.1.1.1, outgoing IP for the public is: 1.1.1.1. But when I tunnel using 1.1.1.2 or 1.1.1.3, the outgoing IP for the public is still 1.1.1.1. I've been googling for days, and tried relevant channels on freenode. I tried to read the manual but I'm not experienced enough to fully grasp it. According to the manuals of ss5 (SOCKS5 Server) and squid (HTTP Server) - they're both capable of using the outgoing IP while specifying the inbound IP route relation. openssh can't do it? nor there's a indirect workaround to achieve said behavior? Hopes my issue is relevant/valid to your ML. Doori Bar _________________________________________________________________ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969
k k wrote:> I have a linux server with 3 public IPs, and I use SSH tunnelling to > connect to each of them. Let's call them: 1.1.1.1 (venet0:0), > 1.1.1.2 (venet0:1), 1.1.1.3 (venet0:2).Okay. A server with multiple public IP addresses. A common situation.> When I tunnel using 1.1.1.1, outgoing IP for the public is: 1.1.1.1. > But when I tunnel using 1.1.1.2 or 1.1.1.3, the outgoing IP for the > public is still 1.1.1.1.I don't understand what you are trying to say here. What is the "outgoing IP"? Are you saying that when you ssh to 1.1.1.2 that the TCP IP packets returning come from 1.1.1.1? That is what your words say when I read them. And that doesn't make any sense. Because if so then I suspect that the connection would fail and you wouldn't be able to complete the connection. Therefore you must be meaning something else but I can't guess what that would be.> According to the manuals of ss5 (SOCKS5 Server) and squid (HTTP > Server) - they're both capable of using the outgoing IP while > specifying the inbound IP route relation.Huh? What? Huh? Of course ssh includes a -D option to support socks port forwarding. But what does squid have to do with it? Is this related to your problem? What problem are you having?> openssh can't do it? nor there's a indirect workaround to achieve > said behavior?Can't do what? What are you trying to do? Please just show us the command that you are running and tell us what it is doing. Bob
On Sat, 3 Jul 2010, k k wrote:> > I have a linux server with 3 public IPs, and I use SSH tunnelling to connect to each of them. > Let's call them: 1.1.1.1 (venet0:0), 1.1.1.2 (venet0:1), 1.1.1.3 (venet0:2). > > When I tunnel using 1.1.1.1, outgoing IP for the public is: 1.1.1.1. > But when I tunnel using 1.1.1.2 or 1.1.1.3, the outgoing IP for the > public is still 1.1.1.1. > > I've been googling for days, and tried relevant channels on freenode. > I tried to read the manual but I'm not experienced enough to fully > grasp it. > > According to the manuals of ss5 (SOCKS5 Server) and squid (HTTP > Server) - they're both capable of using the outgoing IP while > specifying the inbound IP route relation. > > openssh can't do it?No, there is no scope in the protocol to specify the bind addresses of outgoing port-forward connections. If you want to add one, you will probably have to add a PortForwardBindAddress option to the client and/or server.> nor there's a indirect workaround to achieve said > behavior?You could possibly use NAT or policy routing rules. -d
--On 4 July 2010 10:34:46 +0200 Peter Stuge <peter at stuge.se> wrote:> Alex Bligh wrote: >>> add a PortForwardBindAddress option >> >> Even if you did this, I think the OP would also need to run 3 ssh >> daemons each bound to one address, each with the different option in. > > Make sure it works with Match, and can match on the sshd-local IP > address for the session.Ah yes, far better idea. -- Alex Bligh