Professional Web Applications Themes

IP tunnelling: ssh vs native - Sun Solaris

On Thu, 31 Jul 2003 03:37:13 GMT, [email]ultrasparc3hotmail.com[/email] wrote: >In <bf505c49.0307281143.2f651663posting.google.com > [email]phil.googlenewsbolthole.com[/email] (Philip Brown) writes: >>If there was some way to make ssh bind to *:1234 on my local box, I > >ssh will bind forwarded ports to INADDR_ANY instead of localhost if you >use the gateway ports option on the command line or in the config file. thanks... I knew there was something like that. erm... I dont see it in the sshd_config or manpage, though....? -- [url]http://www.blastwave.org/[/url] for solaris pre-packaged binaries with pkg-get Organized by the author of pkg-get [Trim the no-bots from my address to reply ...

  1. #1

    Default Re: IP tunnelling: ssh vs native

    On Thu, 31 Jul 2003 03:37:13 GMT, [email]ultrasparc3hotmail.com[/email] wrote:
    >In <bf505c49.0307281143.2f651663posting.google.com > [email]phil.googlenewsbolthole.com[/email] (Philip Brown) writes:
    >>If there was some way to make ssh bind to *:1234 on my local box, I
    >
    >ssh will bind forwarded ports to INADDR_ANY instead of localhost if you
    >use the gateway ports option on the command line or in the config file.
    thanks... I knew there was something like that.
    erm... I dont see it in the sshd_config or manpage, though....?



    --
    [url]http://www.blastwave.org/[/url] for solaris pre-packaged binaries with pkg-get
    Organized by the author of pkg-get
    [Trim the no-bots from my address to reply to me by email!]
    S.1618 [url]http://thomas.loc.gov/cgi-bin/bdquery/z?d105:SN01618:D[/url]
    [url]http://www.spamlaws.com/state/ca1.html[/url]
    Philip Brown Guest

  2. #2

    Default Re: IP tunnelling: ssh vs native

    On 28 Jul 2003 12:43:47 -0700, [email]phil.googlenewsbolthole.com[/email] wrote:
    >...
    >I tried setting up IP tunnelling, via ip.tun0, but I couldnt get it to
    >actually send the packets. The route showed up appropriately, but no
    >actual packets got sent :-(
    My own stupid fault... turns out I also had sunscreen installed on the box.
    Which, while having an ALMOST wide open policy... wasnt wide enough :-}

    For the record, it is possible to use ip tunelling without any encryption
    just fine. So, I can now reach the "private" interface of a server using IP
    tunnelling.

    The trick is apparently that you have to use a throwaway IP address on your
    local endpoint. Or some address other than the one you use to talk
    directly to the server, at any rate.
    You need to have a pair of addresses for the tunnel "endpoints",
    and then a DIFFERENT pair of addresses for the traffic inside the tunnel.



    --- Sample configuration ----------------------------------------



    server
    10.1.1.1, 192.168.1.1

    client machine
    10.4.6.8


    throwaway endpoint addr, that I just made up:
    192.168.50.50

    on client machine:

    ifconfig ip.tun0 plumb
    ifconfig ip.tun0 192.168.50.50 192.168.1.1 tsrc 10.4.6.8 tdst 10.1.1.1 up

    on server:

    ifconfig ip.tun0 plumb
    ifconfig ip.tun0 192.168.1.1 192.168.50.50 tsrc 10.1.1.1 tdst 10.4.6.8 up



    --
    [url]http://www.blastwave.org/[/url] for solaris pre-packaged binaries with pkg-get
    Organized by the author of pkg-get
    [Trim the no-bots from my address to reply to me by email!]
    S.1618 [url]http://thomas.loc.gov/cgi-bin/bdquery/z?d105:SN01618:D[/url]
    [url]http://www.spamlaws.com/state/ca1.html[/url]
    Philip Brown Guest

  3. #3

    Default Re: IP tunnelling: ssh vs native

    In <slrnbiigjt.144n.phil+s3bolthole.com> phil+s3bolthole.no-bots.com (Philip Brown) writes:
    >>ssh will bind forwarded ports to INADDR_ANY instead of localhost if you
    >>use the gateway ports option on the command line or in the config file.
    >
    >thanks... I knew there was something like that.
    >erm... I dont see it in the sshd_config or manpage, though....?
    depends on your version of SSH.

    ssh(1):

    -g Allows remote hosts to connect to local forwarded
    ports.

    ssh_config(5):

    GatewayPorts
    Specifies whether remote hosts are allowed to connect
    to local forwarded ports. By default, ssh binds local
    port forwardings to the loopback address. This
    prevents other remote hosts from connecting to for-
    warded ports. GatewayPorts can be used to specify that
    ssh should bind local port forwardings to the wildcard
    address, thus allowing remote hosts to connect to for-
    warded ports. The argument must be ``yes'' or ``no''.
    The default is ``no''.
    ultrasparc3@hotmail.com Guest

Similar Threads

  1. native texturecoordinatelist
    By Ziggi in forum Macromedia Director 3D
    Replies: 0
    Last Post: January 10th, 02:08 AM
  2. What are native objects?
    By Moe Joe webforumsuser@macromedia.com in forum Macromedia Director Basics
    Replies: 3
    Last Post: October 22nd, 09:08 AM
  3. problem with --enable-gd-native-ttf
    By Maciek Ruckgaber Bielecki in forum PHP Development
    Replies: 0
    Last Post: August 6th, 05:21 PM
  4. OSX native sound format
    By Tom Harrington in forum Mac Applications & Software
    Replies: 12
    Last Post: July 3rd, 11:50 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139