I think i understood your setup. first, ill clarify my setup for both
myself and others:
(ascii meant for mono-spaced font)
[client1]
|
|
[adsl1]-----|eth0|default
| |
|linx|
| pc |
| |
[adsl2]-----|eth1|
|
|
[client2]
The connection that [clients*] use to connect to the [linxpc] is "ssh
-D <port>" which creates a socks proxy on the [client*]. If the
default route of [linxpc] is [adsl1] then packets from [client2] will
get routed out through [adsl1] instead of [adsl2].
The objective with ssh -D on the clients is to give them full liberty
to determine where the connection ends. So to answer your question,
the tunnel is dynamic and the client decides where it ends up. Hence,
setting up static routes for everything [client2] wants to use on the
internet to be certain it goes through [adsl2] isnt practical in this
setup.
atm, it appears my only solution to convince SSHD not to use eth0 for
tunnels set through eth1 is to run it in a separate virtual machine on
the host, which has its own different default route. But i want to
find a more elegant solution if one exists. Even considering swapping
out the ADSL routers for thin clients (wrt54g's with a full sshd
running on them) so that I can setup the tunnel directly through the
adsl router, which will have its own default. but geeze!
Lastly, hey! hope you are well.
thanks
On 3/28/07, Geoffrey S. Mendelson <[EMAIL PROTECTED]> wrote:
On Wed, Mar 28, 2007 at 11:04:08AM +0200, Nathan Fain wrote:
> When sshd deals with port forwarding and tunneling it seems to re
> encapsulate the outgoing packets and use the default route for
> determining which interface or internet line to send it out on. I
> have two internet lines and I want to change this behavior so that
> sshd will forward the tunnel back out through the same internet line
> the tunnel was setup on.
The question that I have is where do the tunnels end up?
For example, I have the usual PPTP tunnel to netvision. I have a specific
route to the IP address of their tunneling host and a default route
via the tunnel.
If I wanted to add a second tunnel to anywhere else, then all I need
to do is to set up a specific route to that host.
If I want to communicate with that host for other things than the
tunnel, I would run into a problem. Or not depending upon what gets
routed over the direct interface.
The situation becomes problematic when I want to have two tunnels on
the same host. Then there is no easy way to route packets on one interface
and not the other.
If you are connecting to an ISP, you can arrange for one tunnel to be
hosted on one IP and the other on a different one. It may already
be that way, and you don't know it. For example, Netvision has
several pptp tunnel hosts. I use the one I was assigned to. I know
other users who were assigned to different ones.
I don't know what would happen if I switched. They may not let me
connect, they may get upset and complain, or they may not even pay
attention.
Geoff.
--
Geoffrey S. Mendelson, Jerusalem, Israel [EMAIL PROTECTED] N3OWJ/4X1GM
IL Voice: (07)-7424-1667 Fax ONLY: 972-2-648-1443 U.S. Voice: 1-215-821-1838
Visit my 'blog at http://geoffstechno.livejournal.com/
--
cyphunk://cypherpoet.com
nathan://squimp.com
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
