2

I'm creating an SSH tunnel to a remote service through one of our servers. This server has 3 network interfaces, and the remote service has interface-specific restrictions in place based on IP and MAC address.

Local Machine --> Server --> Remote Service

Let's say the interfaces to the Server have an IP ending in .37, .38, and .39. The interface with .37 is facing the corporate network, thus accessible from my Local Machine, and the interfaces with .38 and .39 are facing the internal application network, thus able to access the Remote Service. The corporate and internal application networks are separate and cannot communicate with one another, hence the need for this tunnel.

ssh -L 5678:remote-service:1234 -N user@10.0.0.37

For some reason, I cannot find a way using ssh command line arguments to specify which interface to use on the Server, only on my Local Machine.

How do I force the SSH tunnel to bind to a specific interface on the Server?

I need to be able to specify which one to use and to use both concurrently, setting up two separate tunnels. Ideally only using ssh tunnels if possible, as this is a "pop-up" configuration that can be applied to multiple Servers on demand.

Signal
  • 413
  • 1
  • 3
  • 9
  • Hm. This is the responsibility of the network routing. If all interfaces sit on the same network, then something is wrong. – kofemann Oct 06 '21 at 20:45
  • You are using the IP, that is how you force it from a client. If that isn't working then the problem is on the server side. Perhaps it is replying to the arp for 10.0.0.37 with the [wrong mac address](https://serverfault.com/questions/834512/why-does-linux-answer-to-arp-on-incorrect-interfaces), or some other problem. If arp, you could hardcode an arp entry, but that would be madness. – Zoredache Oct 06 '21 at 21:10
  • When I run my program on the Server directly, I can tell the client socket to bind to a specific interface before connecting. Is that not possible with the SSH client socket? – Signal Oct 07 '21 at 14:02

0 Answers0