From owner-freebsd-questions@FreeBSD.ORG Wed May 21 23:35:31 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DE13E106566C for ; Wed, 21 May 2008 23:35:31 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from zoom.lafn.org (zoom.lafn.org [206.117.18.8]) by mx1.freebsd.org (Postfix) with ESMTP id C395D8FC1E for ; Wed, 21 May 2008 23:35:31 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from [10.0.1.198] (pool-71-109-162-173.lsanca.dsl-w.verizon.net [71.109.162.173]) (authenticated bits=0) by zoom.lafn.org (8.14.2/8.13.4) with ESMTP id m4LNZUQB042199 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Wed, 21 May 2008 16:35:31 -0700 (PDT) (envelope-from bc979@lafn.org) Message-Id: From: Doug Hardie To: freebsd-questions Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v919.2) Date: Wed, 21 May 2008 16:35:29 -0700 X-Mailer: Apple Mail (2.919.2) X-Virus-Scanned: ClamAV 0.92.1/7203/Wed May 21 15:52:30 2008 on zoom.lafn.org X-Virus-Status: Clean Subject: Unusual use of ssh X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 May 2008 23:35:31 -0000 I have an unusual situation that I suspect is not practical, but just in case... I have a class C network with a T1 to the internet. There are a number of hosts on that network. Unfortunately the T1 line is just part of a path with several additional links before it gets to the upstream ISP. Some of those links are relatively prone to outages. In the same facility, I have a number of WiFi access points that are connected through a router to a DSL connection to the internet. That path is completely independent from the T1 and actually goes through a completely different set of central offices. What I have tried to do is to link the DSL router to one of my hosts via a separate NIC and address that is on the LAN of the WiFi router. So far all is good. I can ping any of the access points from that host just fine. I have established a pass through port in the DSL router for SSH that sends the packets to that host. Sure enough, ssh packets are received by the host. The problem is that it does not respond on the right interface. The routing table uses a default route through the T1. Thats where the sshd responses are being sent. Since I have no a priori knowledge what IPs I would have available when I need to use this back door, I can't pre-setup the routing table. I need sshd to respond on the same interface it receives the packets from. I don't believe that is possible using IPv4 routing. I think that it is using IPv6 but none of the networks involved support that yet. I don't find any option in sshd to force it to respond on the right interface either. Is there something I have missed?