Re: interfaces lo:1 lo:2 lo:3? (for remote ssh tunnels)
From: John Summerfield (debian_at_ComputerDatasafe.com.au)
Date: Fri, 25 Jun 2004 11:46:04 +0800 To: email@example.com
Will Trillich wrote:
>can linux have multiple 127.0.0.1 interfaces? if so, how?
I'm sure it can, but loc is for intra-host traffic - that is, I'm
talking to myself.
I think you're tunneling thw wrong way, you should be doing this:
summer@Dolphin:~$ ssh -L8080:127.0.0.1:80 192.168.1.252
Linux mail 2.4.18-1-686 #1 Wed Apr 14 18:20:10 UTC 2004 i686 unknown
Most of the programs included with the Debian GNU/Linux system are
freely redistributable; the exact distribution terms for each program
are described in the individual files in /usr/share/doc/*/copyright
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have mail.
Last login: Thu Jun 24 21:26:37 2004 from 192.168.9.114
then your client talks to port 8080 on localhost and actually connects
to port 80 on the remote host.
Note that on 192.168.1.252 the connexions come from localhost. This has
implications for security (eg postgresql trusting anyone from localhost)
but also can solve routing hosts: the printers, routers etc on 1.x in
this example can't route to me.
The other thing to consier is a VPN. Openvpn is easy to set up - see
openvpn.sf.net. In this example, the 1.x network is far far across the
Internet from my 9.x LAN.
You will want the 2.0 beta, the current release wants a separate port
for each client:-\ Not a lot better than an interface per client..
>okay -- not sure how to word this, but here goes...
>a friend of mine is working with a college to establish
>remote-to-local ssh tunnels -- we've got an application that
>runs on office computers that listens for a connection from the
>server, so it can handle the menuing on campus. the
>linux/database server says "here, run the menu" and the client
>machine says "okie dokie".
>we want the staff to be able to do this remotely, and tunnelling
>tcp ports (remote-to-local) seems the way to go. works like a
> only one process can seize the server's port 9999 at a time.
>so one client connects, tunnels server port 9999 to client's
>"localhost:9999". fine and dandy.
>then the next tries connecting, and when hooking up to the
>server, the server's ssh daemon can't seize port 9999 as it's
>already locked down by the first user.
>if there were a way to have more than one "localhost" interface,
>it would be the way around this. what's needed to implement
>something like that? (lo:1 lo:2 etc?)
-- Cheers John -- spambait firstname.lastname@example.org Z1aaaaaaa@computerdatasafe.com.au -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact email@example.com