1

My vps (running Debian buster) has multiple IP addresses, both IPv4 and IPv6. They are used to bind the listening sockets of the few different services running on it - basically just web and smtp for a couple of domains.

Now, another way I use the server is as a simple proxy using the ssh -L and -D options. But I would rather not have sshd choose randomly an address to bind to the outgoing unproxied connections, to stop the outside world from correlating this traffic with the web and smtp services. Is it possible to restrict sshd to a particular client address for this purpose?

Either a sshd specific or a more generic answer will do (perhaps iptables?)

q.undertow
  • 121
  • 2

1 Answers1

0

Assume you know the destination IP[DIP], and want to use interface [CIF] to send it:

ip route add [DIP] dev [CIF]
George Y
  • 528
  • 6
  • 16
  • Well I didn't say I had multiple interfaces. It is just one interface (eth0) with multiple addresses. I *think* I have found a solution with iptables (the SNAT target in POSTROUTING table), I'm getting ready to test it. – q.undertow Nov 03 '20 at 05:57