From owner-freebsd-questions@FreeBSD.ORG Thu May 22 01:31:00 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F3758106566B for ; Thu, 22 May 2008 01:30:59 +0000 (UTC) (envelope-from dave@ysarro.com) Received: from wroot.nepharia.org (205-200-74-154.static.mts.net [205.200.74.154]) by mx1.freebsd.org (Postfix) with ESMTP id BB3138FC17 for ; Thu, 22 May 2008 01:30:59 +0000 (UTC) (envelope-from dave@ysarro.com) Received: from nepharia.org (shaftoe.nepharia.org [10.0.0.100]) by wroot.nepharia.org (Postfix) with ESMTPA id A512A22870; Wed, 21 May 2008 20:13:58 -0500 (CDT) Received: by nepharia.org (nbSMTP-1.00) for uid 1000 dave@ysarro.com; Wed, 21 May 2008 20:15:39 -0500 (CDT) Date: Wed, 21 May 2008 20:15:39 -0500 From: Dave Curry To: bc979@lafn.org Message-ID: <20080522011539.GA24388@shaftoe.nepharia.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.16 (2007-06-09) Cc: freebsd-questions@freebsd.org Subject: Re: Unusual use of ssh X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 May 2008 01:31:00 -0000 On Wed, May 21, 2008 at 04:35:29PM -0700, Doug Hardie wrote: > I have an unusual situation that I suspect is not practical, but just in > case... > > I have a class C network with a T1 to the internet. There are a number of > hosts on that network. Unfortunately the T1 line is just part of a path > with several additional links before it gets to the upstream ISP. Some of > those links are relatively prone to outages. In the same facility, I have > a number of WiFi access points that are connected through a router to a DSL > connection to the internet. That path is completely independent from the > T1 and actually goes through a completely different set of central offices. > > What I have tried to do is to link the DSL router to one of my hosts via a > separate NIC and address that is on the LAN of the WiFi router. So far all > is good. I can ping any of the access points from that host just fine. I > have established a pass through port in the DSL router for SSH that sends > the packets to that host. Sure enough, ssh packets are received by the > host. The problem is that it does not respond on the right interface. The > routing table uses a default route through the T1. Thats where the sshd > responses are being sent. > > Since I have no a priori knowledge what IPs I would have available when I > need to use this back door, I can't pre-setup the routing table. I need > sshd to respond on the same interface it receives the packets from. I > don't believe that is possible using IPv4 routing. I think that it is > using IPv6 but none of the networks involved support that yet. I don't > find any option in sshd to force it to respond on the right interface > either. Is there something I have missed? > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" The easiest thing to do here will likely be setting up pf on the box with SSH with a pass rule and reply-to set to the correct interface to respond on. -- pass in on reply-to proto tcp port 22 keep state -- -- David Michael Curry (Dave) () ASCII Ribbon Campaign | Against HTML e-mail /\ www.asciiribbon.org | Against proprietary extensions