Outgoing IP of forwarded requests

Damien Miller djm at mindrot.org
Sun Jul 4 09:26:05 EST 2010


On Sat, 3 Jul 2010, k k wrote:

> 
> I have a linux server with 3 public IPs, and I use SSH tunnelling to connect to each of them.
> Let's call them: 1.1.1.1 (venet0:0), 1.1.1.2 (venet0:1), 1.1.1.3 (venet0:2).
> 
> When I tunnel using 1.1.1.1, outgoing IP for the public is: 1.1.1.1.
> But when I tunnel using 1.1.1.2 or 1.1.1.3, the outgoing IP for the
> public is still 1.1.1.1.
>
> I've been googling for days, and tried relevant channels on freenode.
> I tried to read the manual but I'm not experienced enough to fully
> grasp it.
>
> According to the manuals of ss5 (SOCKS5 Server) and squid (HTTP
> Server) - they're both capable of using the outgoing IP while
> specifying the inbound IP route relation.
>
> openssh can't do it?

No, there is no scope in the protocol to specify the bind addresses of
outgoing port-forward connections. If you want to add one, you will probably
have to add a PortForwardBindAddress option to the client and/or server.

> nor there's a indirect workaround to achieve said
> behavior?

You could possibly use NAT or policy routing rules.

-d


More information about the openssh-unix-dev mailing list