On Wed, May 21, 2008 at 04:35:29PM -0700, Doug Hardie wrote: > I have an unusual situation that I suspect is not practical, but just in > case... > > I have a class C network with a T1 to the internet. There are a number of > hosts on that network. Unfortunately the T1 line is just part of a path > with several additional links before it gets to the upstream ISP. Some of > those links are relatively prone to outages. In the same facility, I have > a number of WiFi access points that are connected through a router to a DSL > connection to the internet. That path is completely independent from the > T1 and actually goes through a completely different set of central offices. > > What I have tried to do is to link the DSL router to one of my hosts via a > separate NIC and address that is on the LAN of the WiFi router. So far all > is good. I can ping any of the access points from that host just fine. I > have established a pass through port in the DSL router for SSH that sends > the packets to that host. Sure enough, ssh packets are received by the > host. The problem is that it does not respond on the right interface. The > routing table uses a default route through the T1. Thats where the sshd > responses are being sent. > > Since I have no a priori knowledge what IPs I would have available when I > need to use this back door, I can't pre-setup the routing table. I need > sshd to respond on the same interface it receives the packets from. I > don't believe that is possible using IPv4 routing. I think that it is > using IPv6 but none of the networks involved support that yet. I don't > find any option in sshd to force it to respond on the right interface > either. Is there something I have missed? > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]"
The easiest thing to do here will likely be setting up pf on the box with SSH with a pass rule and reply-to set to the correct interface to respond on. -- pass in on <interface to be used> reply-to <same interface> proto tcp port 22 keep state -- -- David Michael Curry (Dave) <[EMAIL PROTECTED]> () ASCII Ribbon Campaign | Against HTML e-mail /\ www.asciiribbon.org | Against proprietary extensions _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
