Re: interfaces lo:1 lo:2 lo:3? (for remote ssh tunnels)

Thu, 24 Jun 2004 22:25:10 -0700 

Will Trillich wrote:

On Fri, Jun 25 at 11:46AM +0800, John Summerfield wrote:


Will Trillich wrote:



can linux have multiple 127.0.0.1 interfaces? if so, how?


I'm sure it can, but loc is for intra-host traffic - that is, I'm talking to myself.




I'm not talking to myself, I'm talking to someone else. Therefore I shouldn't use a local interface.

There's no objection to using eth0:${n}, and you can also use dummy:

How many do you want?
for n in 1 2 3 4 5 6 7 8 9; do ifconfig dummy0:$n 192.168.19.${n};done


exactly what's needed. remote tunnelling port X to client (us)
port X. when a client connects from Out There Somewhere, the
server won't have access to the ports on the connecting client;
often it's behind a firewall, for example. so the way to work it
is to have the server talk to "localhost" (its own self) port
9999 which the ssh daemon forwards to the client machine, to
"localhost:9999". the reverse of the usual tunnelling.



I think you're tunneling thw wrong way, you should be doing this:
[EMAIL PROTECTED]:~$ ssh -L8080:127.0.0.1:80 192.168.1.252
Linux mail 2.4.18-1-686 #1 Wed Apr 14 18:20:10 UTC 2004 i686 unknown



no, it's

        ssh -R9999:127.0.0.1:9999 server.address.here

that seizes a port on the remote side and forwards traffic to
the local side. but the second instance of the tunnel won't be
able to seize that port of that interface address. so we need
more interfaces, even if only virtual ones...



then your client talks to port 8080 on localhost and actually connects to port 80 on the remote host.



server needs to talk to a port on the client. it's reversed
(remote-to-local, instead of the usual local-to-remote).



Note that on 192.168.1.252 the connexions come from localhost.
This has implications for security (eg postgresql trusting
anyone from localhost) but also can solve routing hosts: the
printers, routers etc on 1.x in this example can't route to
me.



so anybody know of caveats or methods in setting up virtual
loopback interfaces? and working with them?

        auto lo
        iface lo inet loopback

        auto lo:1
        iface lo:1 inet loopback

        auto lo:2
        iface lo:2 inet loopback

        auto lo:3
        iface lo:3 inet loopback





--

Cheers
John

-- spambait
[EMAIL PROTECTED]  [EMAIL PROTECTED]


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to