iproute2, 2 inet lines, 2 interfaces, 2 ssh tunnels

---

• From: "cyphunk" <cyphunk@xxxxxxxxx>
• Date: 27 Mar 2007 02:16:22 -0700

---

When sshd deals with port forwarding and tunneling it seems to re
encapsulate the outgoing packets and use the default route for
determining which interface or internet line to send it out on. I
have two internet lines and I want to change this behavior so that
sshd will forward the tunnel back out through the same internet line
the tunnel was setup on.

DETAIL:
the setup i have is a server connected to two different ADSL lines
using two different network cards. I would like to ssh through adsl_1
and have the tunnel (dynamic) go back out that same line. in the same
manner id like the tunnel setup through adsl_2 go back out through
adsl_2. The problem is that sshd uses the default at all times when
reencapsulating packets.


Currently I have iproute2 configured as follows:
ip route flush table adsl1
ip route flush table adsl2
#setup table for ADSL1, 1.2 is the network card of the linux pc
ip route add 192.168.1.0/24 dev eth0 src 192.168.1.2 table adsl1
ip route add default via 192.168.1.1 table adsl1
#setup table for ADSL2, 2.2 is the network card of the linux pc
ip route add 192.168.2.0/24 dev eth1 src 192.168.2.2 table adsl2
ip route add default via 192.168.2.1 table adsl2
#setup route rules:
ip rule add from 192.168.1.2 table adsl1
ip rule add from 192.168.2.2 table adsl2


The only solution I can think of as yet is to create iptable rules per
sshd PID. This is ugly and i am guessing will require extensive
debugging to deal with child processes.

.

---

• Follow-Ups:
  • Re: iproute2, 2 inet lines, 2 interfaces, 2 ssh tunnels
    • From: cyphunk

• Prev by Date: Re: Problems creating domain for intranet
• Next by Date: Re: route command baffles me.
• Previous by thread: Is it possible, bind has done but the OS still respond with ICMP destination unreachable
• Next by thread: Re: iproute2, 2 inet lines, 2 interfaces, 2 ssh tunnels
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: NAT (ipfw/natd) broken in latest -CURRENT ... route is not an indirect route. ... I assume this problem is consistently reproducible in your setup? ... Every time I setup the p2p tunnel with the non-proxy ARP ... FreeBSD GNOME Team:: gnome@xxxxxxxxxxx ... (freebsd-current) Re: iproute2, 2 inet lines, 2 interfaces, 2 ssh tunnels ... funneled out through the global default route. ... hopes that that sshd would create packets with that interface as the ... the tunnel was setup on. ... (comp.os.linux.networking) Re: setting up multiple (20 +) offices using 1720s and one 3030 ... Can I setup a tunnel to the main office from all the sub offices and ... route the traffic through a core router instead of setting up a 20 ... (comp.dcom.sys.cisco) Re: Beeching II: "The Development of the Major Railway Trunk Routes" ... a 7-days a week basis would make the Woodhead route the obvious candidate. ... I suggest you take a look at a planning application submitted by National Grid - they want to renew the grid structureeither side of the tunnel and again make use of tunnel for cable ... These policies regarding reinstatement of the tunnels as a rail route would be affected by the ... (uk.railway) 276c Firmware Upgrade Beta ... Increased number of proximity waypoints to 100. ... Added 'voice prompt' option to Sound setup; ... when navigating a manual route. ... Changed Data Card Information page into Map Information page to ... (sci.geo.satellite-nav)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Newsgroups  > comp.os.linux.networking  > 2007-03