0

I'm trying to configure a server in one site to act as a proxy for several servers in another site using SSH. The server has one physical interface in its local network:

eth0 10.1.1.10

This server has multiple virtual interfaces created like so:

server$ ifconfig eth0:0 10.1.1.200 netmask 255.255.255.128 broadcast 10.1.1.255

I have verified that in the local network this virtual interface is distinct from the actual interface by binding listeners to both. This is facilitated by enabling ip forwarding in /etc/sysctl.d/01-ip_forwarding.conf : net.ipv4.ip_forward = 1

As an example, this works, producing two different files:

client$ curl 10.1.1.10 > 10.txt
client$ curl 10.1.1.200 > 200.txt

I have enabled gateway ports in /etc/ssh/sshd_config : GatewayPorts yes

From the remote server I run this:

remote$ ssh -N -R 10.1.1.200:443:remote:443 user@server

Then I check the listening port using netstat:

server$ nestat -tln
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:443            0.0.0.0:*               LISTEN
tcp6       0      0 :::443                 :::*                    LISTEN

(I have removed irrelevant lines)

I want it to bind to 10.1.1.200:443, but instead it binds to 0.0.0.0:443.

Why won't it bind to the correct ip?

GDKF
  • 1
  • 1

1 Answers1

2

You have to set GatewayPorts to clientspecified on the server (in the sshd_config file) in order to be able to bind remote tunnels to any interface. According to the man page of sshd_config(5):

GatewayPorts can be used to specify that sshd should allow remote port forwardings to bind to non-loopback addresses, thus allowing other hosts to connect. The argument may be no to force remote port forwardings to be available to the local host only, yes to force remote port forwardings to bind to the wildcard address, or clientspecified to allow the client to select the address to which the forwarding is bound. The default is no.

Lacek
  • 7,233
  • 24
  • 28