bugzilla-daemon at bugzilla.mindrot.org
2007-Jul-06 11:57 UTC
[Bug 1334] New: Bind tunnels to given interface on the server
http://bugzilla.mindrot.org/show_bug.cgi?id=1334
Summary: Bind tunnels to given interface on the server
Product: Portable OpenSSH
Version: 4.6p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy: contact+dev at gilouweb.com
CC: contact+dev at gilouweb.com
It is actually possible to bind any outgoing ssh connection using -b in
order to choose which interface to use on the client if you have more
than one.
Could we have the same behaviour for tunnels? Channel opening can
happen on a multi-homed server, and I've seen no way to choose which IP
ssh should use (on the _server_, the IP used for "outgoing"
connection,
not the bind_address for the interface used by clients to connect to
it).
Let me be clearer here, let's say I'm on a client, and I have a server
which has 2 ips 192.168.1.1 and 192.168.1.10. I want to open a dynamic
tunnel (or a local forward, whatever) from this server using ssh -D
1080:192.168.1.10 (or any other syntax or config parameter), so as to
open a dynamic tunnel that would actually use the 192.168.1.10 as
interface for outgoing connection.
This mainly looks like adding a parameter somewhere and call bind()
with it before actually open()ing the socket, but I'm not sure here,
and it would require a change of the configuration parameters. I don't
think SOCKS protocol itself allows for such a thing, and I would like
not to have to use a separate SOCKS server that has this feature to do
that (as this could also be used for -L tunnels, and well, because it's
better if SSH supports it natively IMHO).
Any thought?
--
Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Jul-31 01:35 UTC
[Bug 1334] Bind tunnels to given interface on the server
https://bugzilla.mindrot.org/show_bug.cgi?id=1334
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> 2009-07-31
11:35:04 ---
Hi,
Sorry for taking so long to reply.
Unfortunately, specifying a remote bind address for local
forwards/dynamic forwards is not supported by the SSH protocol - there
is no field in the the port-forwarding request message to specify it
(cf. RFC4254 section 7.1 if you are curious)
So it is not possible to do this without an OpenSSH-only protocol
extension, which is not really desirable.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Oct-06 04:02 UTC
[Bug 1334] Bind tunnels to given interface on the server
https://bugzilla.mindrot.org/show_bug.cgi?id=1334
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #2 from Damien Miller <djm at mindrot.org> 2009-10-06 15:02:37
EST ---
Mass move of RESOLVED bugs to CLOSED now that 5.3 is out.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.