Combining Transparent Proxying with SSH Port Forwarding

Damien Miller djm at
Thu Sep 11 13:38:10 EST 2003

Dan Kaminsky wrote:
>> There are patches around to use OpenSSH dynamic portforwarding as a 
>> transparent gateway under OpenBSD pf's NAT. I don't know whether we 
>> want to support and maintain variants for every OS's favourite packet 
>> filter in the tree though...
> We should encourage good, implementation-independent SOCKSifiers for the 
> various OS's, but that's the extent I see it being appropriate to dive 
> into kernelspace.

That may be a better idea - instead of N different transparent NAT -> 
Dynamic portforward implementations living in OpenSSH, do N standalone 
transparent NAT -> SOCKS gateway daemons. We could keep complexity out 
of OpenSSH and the daemons would have independant utility.

> I wouldn't mind a patch to automatically reconnect a SSH session that's 
> failing keepalives, though.

How to retain session state?


More information about the openssh-unix-dev mailing list