From owner-freebsd-mobile@FreeBSD.ORG  Tue Feb 14 04:58:31 2006
Return-Path: <owner-freebsd-mobile@FreeBSD.ORG>
X-Original-To: freebsd-mobile@freebsd.org
Delivered-To: freebsd-mobile@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AA35A16A420
	for <freebsd-mobile@freebsd.org>; Tue, 14 Feb 2006 04:58:31 +0000 (GMT)
	(envelope-from tamaru@myn.rcast.u-tokyo.ac.jp)
Received: from mail0.ecc.u-tokyo.ac.jp (mail0.ecc.u-tokyo.ac.jp
	[133.11.50.199])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B923143D55
	for <freebsd-mobile@freebsd.org>; Tue, 14 Feb 2006 04:58:29 +0000 (GMT)
	(envelope-from tamaru@myn.rcast.u-tokyo.ac.jp)
Received: from spam002.ecc.u-tokyo.ac.jp (spam002.ecc.u-tokyo.ac.jp
	[133.11.50.195])
	by mail0.ecc.u-tokyo.ac.jp (Postfix) with ESMTP id 9F7AF57C32C
	for <freebsd-mobile@freebsd.org>; Tue, 14 Feb 2006 13:58:27 +0900 (JST)
Received: from 133.11.50.202 (133.11.50.202 [133.11.50.202])
	by spam002.ecc.u-tokyo.ac.jp (SpamBlock.pst 3.4.89.3)
	with ESMTP id <sa6y80e8rkd.wl%tamaru@myn.rcast.u-tokyo.ac.jp>
	for <freebsd-mobile@freebsd.org>; Tue, 14 Feb 2006 13:58:27 +0900
Received: from amulet.amuletic.net (softbank219001110050.bbtec.net
	[219.1.110.50]) by md002.ecc.u-tokyo.ac.jp (MOS 3.4.5-GR)
	with ESMTP id BAF85783 (AUTH via LOGINBEFORESMTP);
	Tue, 14 Feb 2006 13:58:26 +0900 (JST)
Date: Tue, 14 Feb 2006 13:58:26 +0900
Message-ID: <sa6y80e8rkd.wl%tamaru@myn.rcast.u-tokyo.ac.jp>
From: Hiroharu Tamaru <tamaru@myn.rcast.u-tokyo.ac.jp>
To: freebsd-mobile@freebsd.org
In-Reply-To: <17393.14987.286847.977332@satchel.alerce.com>
References: <17393.214.512151.13869@satchel.alerce.com>
	<17393.14987.286847.977332@satchel.alerce.com>
User-Agent: User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
X-IP: 133.11.50.202
X-FROM-DOMAIN: myn.rcast.u-tokyo.ac.jp
X-FROM-EMAIL: tamaru@myn.rcast.u-tokyo.ac.jp
Subject: Re: ssh-based vpn and routing question.
X-BeenThere: freebsd-mobile@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Mobile computing with FreeBSD <freebsd-mobile.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-mobile>, 
	<mailto:freebsd-mobile-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-mobile>
List-Post: <mailto:freebsd-mobile@freebsd.org>
List-Help: <mailto:freebsd-mobile-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-mobile>,
	<mailto:freebsd-mobile-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2006 04:58:31 -0000


Before you set your route to TheServer through the remote
address of your ppp-link, you can use ipfw fwd rule to
selectively route ssh traffic through its original gateway:

ipfw add ${num} fwd ${gateway} to ${TheServer} 22

But if it's for your own use to access TheServer from your
laptop securely as you imply in your mail, I see no reason
not to access TheServer with its ppp-link address.  To me it
seems more explicit and it will also prevent you from
accidentaly accessing TheServer insecurely.  You can even
give it a name (preferably a diffrent name to distinguish it
from the one using insecure route) in /etc/hosts if you
want...

YMMV, of course.