Re: two internet lines, two ssh tunnels, separate route tables
I think i understood your setup. first, ill clarify my setup for both
myself and others:
(ascii meant for mono-spaced font)
| pc |
The connection that [clients*] use to connect to the [linxpc] is "ssh
-D <port>" which creates a socks proxy on the [client*]. If the
default route of [linxpc] is [adsl1] then packets from [client2] will
get routed out through [adsl1] instead of [adsl2].
The objective with ssh -D on the clients is to give them full liberty
to determine where the connection ends. So to answer your question,
the tunnel is dynamic and the client decides where it ends up. Hence,
setting up static routes for everything [client2] wants to use on the
internet to be certain it goes through [adsl2] isnt practical in this
atm, it appears my only solution to convince SSHD not to use eth0 for
tunnels set through eth1 is to run it in a separate virtual machine on
the host, which has its own different default route. But i want to
find a more elegant solution if one exists. Even considering swapping
out the ADSL routers for thin clients (wrt54g's with a full sshd
running on them) so that I can setup the tunnel directly through the
adsl router, which will have its own default. but geeze!
Lastly, hey! hope you are well.
On 3/28/07, Geoffrey S. Mendelson <gsm@...> wrote:
> On Wed, Mar 28, 2007 at 11:04:08AM +0200, Nathan Fain wrote:
> > When sshd deals with port forwarding and tunneling it seems to re
> > encapsulate the outgoing packets and use the default route for
> > determining which interface or internet line to send it out on. I
> > have two internet lines and I want to change this behavior so that
> > sshd will forward the tunnel back out through the same internet line
> > the tunnel was setup on.
> The question that I have is where do the tunnels end up?
> For example, I have the usual PPTP tunnel to netvision. I have a specific
> route to the IP address of their tunneling host and a default route
> via the tunnel.
> If I wanted to add a second tunnel to anywhere else, then all I need
> to do is to set up a specific route to that host.
> If I want to communicate with that host for other things than the
> tunnel, I would run into a problem. Or not depending upon what gets
> routed over the direct interface.
> The situation becomes problematic when I want to have two tunnels on
> the same host. Then there is no easy way to route packets on one interface
> and not the other.
> If you are connecting to an ISP, you can arrange for one tunnel to be
> hosted on one IP and the other on a different one. It may already
> be that way, and you don't know it. For example, Netvision has
> several pptp tunnel hosts. I use the one I was assigned to. I know
> other users who were assigned to different ones.
> I don't know what would happen if I switched. They may not let me
> connect, they may get upset and complain, or they may not even pay
> Geoffrey S. Mendelson, Jerusalem, Israel gsm@... N3OWJ/4X1GM
> IL Voice: (07)-7424-1667 Fax ONLY: 972-2-648-1443 U.S. Voice: 1-215-821-1838
> Visit my 'blog at http://geoffstechno.livejournal.com/
To unsubscribe, send mail to linux-il-request@... with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@...