From owner-freebsd-questions@FreeBSD.ORG Thu May 22 00:06:44 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8E3E21065679 for ; Thu, 22 May 2008 00:06:44 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from betty.computinginnovations.com (mail.computinginnovations.com [64.81.227.250]) by mx1.freebsd.org (Postfix) with ESMTP id 241B28FC20 for ; Thu, 22 May 2008 00:06:43 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from p28.computinginnovations.com (dhcp-10-20-30-100.computinginnovations.com [10.20.30.100]) (authenticated bits=0) by betty.computinginnovations.com (8.14.2/8.14.2) with ESMTP id m4M06XBF011596; Wed, 21 May 2008 19:06:33 -0500 (CDT) (envelope-from derek@computinginnovations.com) Message-Id: <6.0.0.22.2.20080521190245.02510f70@mail.computinginnovations.com> X-Sender: derek@mail.computinginnovations.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Wed, 21 May 2008 19:04:13 -0500 To: Doug Hardie , freebsd-questions From: Derek Ragona In-Reply-To: References: Mime-Version: 1.0 X-Antivirus: avast! (VPS 080521-0, 05/21/2008), Outbound message X-Antivirus-Status: Clean X-Virus-Scanned: ClamAV 0.93/6806/Wed Apr 16 15:50:16 2008 on betty.computinginnovations.com X-Virus-Status: Clean X-ComputingInnovations-MailScanner-Information: Please contact the ISP for more information X-MailScanner-ID: m4M06XBF011596 X-ComputingInnovations-MailScanner: Found to be clean X-ComputingInnovations-MailScanner-From: derek@computinginnovations.com X-Spam-Status: No Content-Type: text/plain; charset="us-ascii"; format=flowed X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: Unusual use of ssh X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 May 2008 00:06:44 -0000 At 06:35 PM 5/21/2008, Doug Hardie wrote: >I have an unusual situation that I suspect is not practical, but just >in case... > >I have a class C network with a T1 to the internet. There are a >number of hosts on that network. Unfortunately the T1 line is just >part of a path with several additional links before it gets to the >upstream ISP. Some of those links are relatively prone to outages. >In the same facility, I have a number of WiFi access points that are >connected through a router to a DSL connection to the internet. That >path is completely independent from the T1 and actually goes through a >completely different set of central offices. > >What I have tried to do is to link the DSL router to one of my hosts >via a separate NIC and address that is on the LAN of the WiFi router. >So far all is good. I can ping any of the access points from that >host just fine. I have established a pass through port in the DSL >router for SSH that sends the packets to that host. Sure enough, ssh >packets are received by the host. The problem is that it does not >respond on the right interface. The routing table uses a default >route through the T1. Thats where the sshd responses are being sent. > >Since I have no a priori knowledge what IPs I would have available >when I need to use this back door, I can't pre-setup the routing >table. I need sshd to respond on the same interface it receives the >packets from. I don't believe that is possible using IPv4 routing. I >think that it is using IPv6 but none of the networks involved support >that yet. I don't find any option in sshd to force it to respond on >the right interface either. Is there something I have missed? You need to set the correct listen address in /etc/sshd_config then restart sshd. Also you may need to provide a route for this interface if it cannot find it's own route. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.