Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 21 May 2008 20:15:39 -0500
From:      Dave Curry <dave@ysarro.com>
To:        bc979@lafn.org
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Unusual use of ssh
Message-ID:  <20080522011539.GA24388@shaftoe.nepharia.org>

next in thread | raw e-mail | index | archive | help
On Wed, May 21, 2008 at 04:35:29PM -0700, Doug Hardie wrote:
> I have an unusual situation that I suspect is not practical, but just in 
> case...
>
> I have a class C network with a T1 to the internet.  There are a number of 
> hosts on that network.  Unfortunately the T1 line is just part of a path 
> with several additional links before it gets to the upstream ISP.  Some of 
> those links are relatively prone to outages.  In the same facility, I have 
> a number of WiFi access points that are connected through a router to a DSL 
> connection to the internet.  That path is completely independent from the 
> T1 and actually goes through a completely different set of central offices.
>
> What I have tried to do is to link the DSL router to one of my hosts via a 
> separate NIC and address that is on the LAN of the WiFi router.  So far all 
> is good.  I can ping any of the access points from that host just fine.  I 
> have established a pass through port in the DSL router for SSH that sends 
> the packets to that host.  Sure enough, ssh packets are received by the 
> host.  The problem is that it does not respond on the right interface.  The 
> routing table uses a default route through the T1.  Thats where the sshd 
> responses are being sent.
>
> Since I have no a priori knowledge what IPs I would have available when I 
> need to use this back door, I can't pre-setup the routing table.  I need 
> sshd to respond on the same interface it receives the packets from.  I 
> don't believe that is possible using IPv4 routing.  I think that it is 
> using IPv6 but none of the networks involved support that yet.  I don't 
> find any option in sshd to force it to respond on the right interface 
> either.  Is there something I have missed?
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribe@freebsd.org"

The easiest thing to do here will likely be setting up pf on the box with SSH 
with a pass rule and reply-to set to the correct interface to respond on.

--
pass in on <interface to be used> reply-to <same interface> proto tcp port 22 keep state
--

-- 
David Michael Curry (Dave)
<dave@ysarro.com>

() ASCII Ribbon Campaign | Against HTML e-mail
/\  www.asciiribbon.org  | Against proprietary extensions




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080522011539.GA24388>