Re: interfaces lo:1 lo:2 lo:3? (for remote ssh tunnels)

From: John Summerfield (
Date: 06/25/04

  • Next message: deb_milist: "Re: Help !, Cant close X in Debian"
    Date: Fri, 25 Jun 2004 11:46:04 +0800

    Will Trillich wrote:

    >can linux have multiple interfaces? if so, how?

    I'm sure it can, but loc is for intra-host traffic - that is, I'm
    talking to myself.

    I think you're tunneling thw wrong way, you should be doing this:
    summer@Dolphin:~$ ssh -L8080:
    Linux mail 2.4.18-1-686 #1 Wed Apr 14 18:20:10 UTC 2004 i686 unknown

    Most of the programs included with the Debian GNU/Linux system are
    freely redistributable; the exact distribution terms for each program
    are described in the individual files in /usr/share/doc/*/copyright

    Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
    permitted by applicable law.
    You have mail.
    Last login: Thu Jun 24 21:26:37 2004 from

    then your client talks to port 8080 on localhost and actually connects
    to port 80 on the remote host.

    Note that on the connexions come from localhost. This has
    implications for security (eg postgresql trusting anyone from localhost)
    but also can solve routing hosts: the printers, routers etc on 1.x in
    this example can't route to me.

    The other thing to consier is a VPN. Openvpn is easy to set up - see In this example, the 1.x network is far far across the
    Internet from my 9.x LAN.

    You will want the 2.0 beta, the current release wants a separate port
    for each client:-\ Not a lot better than an interface per client..

    >okay -- not sure how to word this, but here goes...
    >a friend of mine is working with a college to establish
    >remote-to-local ssh tunnels -- we've got an application that
    >runs on office computers that listens for a connection from the
    >server, so it can handle the menuing on campus. the
    >linux/database server says "here, run the menu" and the client
    >machine says "okie dokie".
    >we want the staff to be able to do this remotely, and tunnelling
    >tcp ports (remote-to-local) seems the way to go. works like a
    >champ, except--
    > only one process can seize the server's port 9999 at a time.
    > pooh.
    >so one client connects, tunnels server port 9999 to client's
    >"localhost:9999". fine and dandy.
    >then the next tries connecting, and when hooking up to the
    >server, the server's ssh daemon can't seize port 9999 as it's
    >already locked down by the first user.
    >if there were a way to have more than one "localhost" interface,
    >it would be the way around this. what's needed to implement
    >something like that? (lo:1 lo:2 etc?)

    -- spambait
    To UNSUBSCRIBE, email to 
    with a subject of "unsubscribe". Trouble? Contact

  • Next message: deb_milist: "Re: Help !, Cant close X in Debian"