Re: interfaces lo:1 lo:2 lo:3? (for remote ssh tunnels)

From: John Summerfield (debian_at_ComputerDatasafe.com.au)
Date: 06/25/04

  • Next message: deb_milist: "Re: Help !, Cant close X in Debian"
    Date: Fri, 25 Jun 2004 11:46:04 +0800
    To: debian-user@lists.debian.org
    
    

    Will Trillich wrote:

    >can linux have multiple 127.0.0.1 interfaces? if so, how?
    >
    >

    I'm sure it can, but loc is for intra-host traffic - that is, I'm
    talking to myself.

    I think you're tunneling thw wrong way, you should be doing this:
    summer@Dolphin:~$ ssh -L8080:127.0.0.1:80 192.168.1.252
    Linux mail 2.4.18-1-686 #1 Wed Apr 14 18:20:10 UTC 2004 i686 unknown

    Most of the programs included with the Debian GNU/Linux system are
    freely redistributable; the exact distribution terms for each program
    are described in the individual files in /usr/share/doc/*/copyright

    Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
    permitted by applicable law.
    You have mail.
    Last login: Thu Jun 24 21:26:37 2004 from 192.168.9.114
    summer@mail:~$

    then your client talks to port 8080 on localhost and actually connects
    to port 80 on the remote host.

    Note that on 192.168.1.252 the connexions come from localhost. This has
    implications for security (eg postgresql trusting anyone from localhost)
    but also can solve routing hosts: the printers, routers etc on 1.x in
    this example can't route to me.

    The other thing to consier is a VPN. Openvpn is easy to set up - see
    openvpn.sf.net. In this example, the 1.x network is far far across the
    Internet from my 9.x LAN.

    You will want the 2.0 beta, the current release wants a separate port
    for each client:-\ Not a lot better than an interface per client..

    >
    >okay -- not sure how to word this, but here goes...
    >
    >a friend of mine is working with a college to establish
    >remote-to-local ssh tunnels -- we've got an application that
    >runs on office computers that listens for a connection from the
    >server, so it can handle the menuing on campus. the
    >linux/database server says "here, run the menu" and the client
    >machine says "okie dokie".
    >
    >we want the staff to be able to do this remotely, and tunnelling
    >tcp ports (remote-to-local) seems the way to go. works like a
    >champ, except--
    >
    > only one process can seize the server's port 9999 at a time.
    > pooh.
    >
    >so one client connects, tunnels server port 9999 to client's
    >"localhost:9999". fine and dandy.
    >
    >then the next tries connecting, and when hooking up to the
    >server, the server's ssh daemon can't seize port 9999 as it's
    >already locked down by the first user.
    >
    >if there were a way to have more than one "localhost" interface,
    >it would be the way around this. what's needed to implement
    >something like that? (lo:1 lo:2 etc?)
    >
    >
    >

    -- 
    Cheers
    John
    -- spambait
    1aaaaaaa@computerdatasafe.com.au  Z1aaaaaaa@computerdatasafe.com.au
    -- 
    To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
    

  • Next message: deb_milist: "Re: Help !, Cant close X in Debian"

    Relevant Pages

    • Re: Tunnelling?
      ... There are several ways to tunnel port 2000 depending on how strict ... "tunneling" to avoid detection of your ... activities or to bypass firewall rules is a serious offense. ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ...
      (Security-Basics)
    • Re: Any Go To Assist alternatives for Linux
      ... I look at my monitor and see what the other box has on it's monitor. ... What worries me is having to install 65 port forwards in my ... router's iptables firewall. ... OpenVPN and opening the tunneling behind the firewall? ...
      (comp.os.linux.misc)
    • Re: Two Services Listening
      ... > I access my linux box at home from work over 22, which is the only open port ... port connection is called tunneling. ... an IP subnet or even an Ethernet local net over a single port ... it needs the tunneling code at both ends ...
      (comp.os.linux.networking)
    • dot1q tunneling
      ... an "access port" on both sites and we ... would like to have multiple vlans linked. ... dot1q tunneling (maybe in conjunction ... SERVICE PROVIDER needs to ...
      (comp.dcom.sys.cisco)
    • Re: Configuring services for unusual ports
      ... >>already mentioned the joys of passwordless authentication and tunneling. ... > that machine to verify against.... ... > services via tunneling through the same port. ... Just fire up PuTTY (which is also just as capable a telnet client) and ...
      (comp.os.linux.misc)