Re: [GLLUG] ssh local port forwarding remote interface binding.
On Thu, 14 Jan 2021, Tim Woodall via GLLUG wrote: On Thu, 14 Jan 2021, damion.ya...@gmail.com wrote: On Thu, 14 Jan 2021, Tim Woodall via GLLUG wrote: In ssh -N -L 8080:webserver:80 gateway Is there any way to specify which interface should be bound on gateway other than by changing the routing table on gateway? I found https://unix.stackexchange.com/questions/16057/use-ssh-with-a-specific-network-interface And my ssh manpage has indeed got a -b to change the bind address on your initial outgoing connection and also -B to change bind interface. The rest about binding for the listening onb a fwd is indeed not helping your cause. I'll give it a try but I assumed that was controlling the interface used on the local machine, i.e. the connection to gateway rather than the one from it. Yes moments after sending I re-read your email and realised what you wanted was the sshd to be behaving differently, if you missed it this is the content: --- content from followup email --- Ah I misunderstood. You want the machine called "gateway" to bind against a specific interface for its outgoing connectons, when doing the forwarding. I had assumed this to be done by your choice of IP in the portion before the first port the "webserver" being remote and the part you want to route out to but I think I can see the issue now. How do make sshd choose to use a particular binding for a host. I can't see a -b in man sshd but man sshd_config does have GatewayPorts. Otherwise route update or socat sound reasonable. - Damion -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
Re: [GLLUG] ssh local port forwarding remote interface binding.
On Thu, 14 Jan 2021, damion.ya...@gmail.com wrote: On Thu, 14 Jan 2021, Tim Woodall via GLLUG wrote: In ssh -N -L 8080:webserver:80 gateway Is there any way to specify which interface should be bound on gateway other than by changing the routing table on gateway? I found https://unix.stackexchange.com/questions/16057/use-ssh-with-a-specific-network-interface And my ssh manpage has indeed got a -b to change the bind address on your initial outgoing connection and also -B to change bind interface. The rest about binding for the listening onb a fwd is indeed not helping your cause. I'll give it a try but I assumed that was controlling the interface used on the local machine, i.e. the connection to gateway rather than the one from it. Tim. -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
Re: [GLLUG] ssh local port forwarding remote interface binding.
On Thu, 14 Jan 2021, damion.ya...@gmail.com wrote: On Thu, 14 Jan 2021, Tim Woodall via GLLUG wrote: In ssh -N -L 8080:webserver:80 gateway Is there any way to specify which interface should be bound on gateway other than by changing the routing table on gateway? I found https://unix.stackexchange.com/questions/16057/use-ssh-with-a-specific-network-interface And my ssh manpage has indeed got a -b to change the bind address on your initial outgoing connection and also -B to change bind interface. The rest about binding for the listening onb a fwd is indeed not helping your cause. Ah I misunderstood. You want the machine called "gateway" to bind against a specific interface when doing the forwarding. I had assumed this to be done by your choice of IP in the portion before the first port the "webserver" being remote and the part you want to route out to but I think I can see the issue now. How do make sshd choose to use a particular binding for a host. I can't see a -b in man sshd but man sshd_config does have GatewayPorts. Otherwise route update or socat sound reasonable. - Damion - Damion -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
Re: [GLLUG] ssh local port forwarding remote interface binding.
On Thu, 14 Jan 2021, Tim Woodall via GLLUG wrote: In ssh -N -L 8080:webserver:80 gateway Is there any way to specify which interface should be bound on gateway other than by changing the routing table on gateway? I found https://unix.stackexchange.com/questions/16057/use-ssh-with-a-specific-network-interface And my ssh manpage has indeed got a -b to change the bind address on your initial outgoing connection and also -B to change bind interface. The rest about binding for the listening onb a fwd is indeed not helping your cause. - Damion -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
Re: [GLLUG] ssh local port forwarding remote interface binding.
Sent this from the wrong email address and I guess it got filtered out. Apologies if it's a duplicate. On Thu, 14 Jan 2021, James Courtier-Dutton wrote: On Thu, 14 Jan 2021 at 07:30, Tim Woodall via GLLUG wrote: Hi all, In ssh -N -L 8080:webserver:80 gateway Is there any way to specify which interface should be bound on gateway other than by changing the routing table on gateway? Google isn't helping much as everything is talking about bind address that the forwarded connection _listens_ on and I don't care about that, Hi, Lets have: A = the client PC you are ssh from. B = gateway C = webserver. The above will open a port 8080 on A, listening on 127.0.0.1 When you connect to port 8080 on A, the session is tunnelled through the ssh port 22 session. B then opens a tcp session from B:anyport -> C:80 Does this help answer your question? Unfortuantely not, here's the problem: tim@B $ telnet C 80 Trying C... Connection timed out telnet: connect to address C: Connection timed out tim@B $ telnet -b bind_ip1 C 80 Trying C... Connected to C. Escape character is '^]' tim@B $ telnet -b bind_ip2 C 80 Trying C... Connected to C. Escape character is '^]' I can change the routing table so that a working interface is chosen except that I actually have multiple possible routes so I want to be able to chose the interface at the point of setting up the forwarding depending on which core ssh will be bound to. Part of the reason for requiring the interface to be chosen is to avoid mindlessly depending on the one configured in the kernel rather than thinking about which interface to use. I cannot see any way to specify bind_ip to ssh. Everything I can find talks about -L :8080:C:80 - but that's not my problem, it's the binding on the B->C hop that I need to configure. At the moment I'm running a socat on B. So I have (approx) ssh -L 8080:localhost:8080 'socat TCP-LISTEN:8080 TCP:C:80,bind=bind_ip1' B but apart from running an extra process on B, I need to pick an unused port for the localhost hop - so I cannot run an identical command from two different source machines. I'm hoping there's some magic I can put in .ssh/config (on either/both of A and B) to make this work without the socat (or a commandline option although I've pored though the man page and I don't think there's anything.) Tim. -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
Re: [GLLUG] ssh local port forwarding remote interface binding.
On Thu, 14 Jan 2021 at 07:30, Tim Woodall via GLLUG wrote: > > Hi all, > > In > > ssh -N -L 8080:webserver:80 gateway > > Is there any way to specify which interface should be bound on gateway > other than by changing the routing table on gateway? > > Google isn't helping much as everything is talking about bind address > that the forwarded connection _listens_ on and I don't care about that, > Hi, Lets have: A = the client PC you are ssh from. B = gateway C = webserver. The above will open a port 8080 on A, listening on 127.0.0.1 When you connect to port 8080 on A, the session is tunnelled through the ssh port 22 session. B then opens a tcp session from B:anyport -> C:80 Does this help answer your question? Kind Regards James -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
[GLLUG] ssh local port forwarding remote interface binding.
Hi all, In ssh -N -L 8080:webserver:80 gateway Is there any way to specify which interface should be bound on gateway other than by changing the routing table on gateway? Google isn't helping much as everything is talking about bind address that the forwarded connection _listens_ on and I don't care about that, Tim. -- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug
