as i can see, you do source routing, and determine the outgoing interface via the source ip. ( see the 'ip rule ...' )
this means that the outgoing interface is determined by the ip binded to the app (e.g. to ssh) usually apps bind to the default ip. you should change your 'ip rule' (e.g. route by destination, port, or whatever, possibly with conjunction with iptables), and then the ssh tunnel will go through the interface you like it to. erez. On 3/28/07, Nathan Fain <[EMAIL PROTECTED]> wrote:
When sshd deals with port forwarding and tunneling it seems to re encapsulate the outgoing packets and use the default route for determining which interface or internet line to send it out on. I have two internet lines and I want to change this behavior so that sshd will forward the tunnel back out through the same internet line the tunnel was setup on. DETAIL: the setup i have is a server connected to two different ADSL lines using two different network cards. I would like to ssh through adsl_1 and have the tunnel (dynamic) go back out that same line. in the same manner id like the tunnel setup through adsl_2 go back out through adsl_2. The problem is that sshd uses the default at all times when reencapsulating packets. Currently I have iproute2 configured as follows: ip route flush table adsl1 ip route flush table adsl2 #setup table for ADSL1, 1.2 is the network card of the linux pc ip route add 192.168.1.0/24 dev eth0 src 192.168.1.2 table adsl1 ip route add default via 192.168.1.1 table adsl1 #setup table for ADSL2, 2.2 is the network card of the linux pc ip route add 192.168.2.0/24 dev eth1 src 192.168.2.2 table adsl2 ip route add default via 192.168.2.1 table adsl2 #setup route rules: ip rule add from 192.168.1.2 table adsl1 ip rule add from 192.168.2.2 table adsl2 The only solution I can think of as yet is to create iptable rules per sshd PID. This is ugly and i am guessing will require extensive debugging to deal with child processes. NOTE: i did follow the advanced linux routing howto closely: http://lartc.org/howto/lartc.rpdb.multiple-links.html and while this allows the ssh tunnels to get setup they are all still funneled out through the global default route. I've also tried running separate sshd instances bound to each interface seperately in hopes that that sshd would create packets with that interface as the source, theyby causing it to be routed out the proper interface by iproute2. but this isnt the case, the sshd running on the linux interface for adsl2 will still route according to the global default, out adsl1, EVEN though this instance of sshd is only listening to the interface on adsl2. -- cyphunk://cypherpoet.com nathan://squimp.com
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
