1

I have one CentOS VM with 127 public external IP addresses. I am attempting to proxy all of the connections at once with ssh -D as follows:

ssh -f -N -D 0.0.0.0:1000 1.1.1.1
ssh -f -N -D 0.0.0.0:1001 1.1.1.2

Where 0.0.0.0 is literal and 1.1.1.1 / 1.1.1.2 correspond to one of the 127 public addresses. At first, i got permission denied. So I ran this command to add the IP:

ip address add 1.1.1.2/25 dev eth0

The operation completes successfully. However upon socks proxying through both ports 1000 and 1001, the public external IP remains the same: 1.1.1.1. This is true if i connect to the remote server via 1.1.1.1 or 1.1.1.2

How can I make SSH use all 127 public IP addresses? I do not necessarily need it in one port per ip configuration, just the ability to proxy all ips simultaneously. I searched a lot and can not find any answer to this problem, in forum posts or in the CentOS documentation. Any help appreciated.

Colby
  • 113
  • 2
  • 1
    I don't think this is ever going to work. No matter, which interface you use to accept incoming packages on your server, the outgoing traffic will use normal routing, with the default route being on the first interface. You will have to use a different method than ssh. – Gerald Schneider Apr 22 '17 at 05:11
  • @GeraldSchneider Even with adjusting the routing table? This seems an extremely trivial difference in operation to have to install something like Dante but i am considering it. – Colby Apr 22 '17 at 05:42

1 Answers1

0

-D port Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen to port on the local side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine.

The IP address you use for SSH connection does not have effect on which IP is used for connections from the remote server. That is decided based on the routing table (of the remote server).

Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129
  • I don't see any WAN ips in that article so it is a bit confusing to me. Can you elaborate on "decided based on the routing table"? Maybe my OP was unclear. I have 127 WAN ips, not LAN ips. For example, I have a remote application that will make multiple connections to the server via WAN ip 69.62.124.0. This proxy server has 127 WAN ips, 69.62.124.0 - 69.62.124.126. I need to connect to the proxy server, and select which WAN ip the tunnel uses based on port. Is this accomplishable with the information in the routing table article and I'm simply misunderstanding? – Colby Apr 22 '17 at 05:40
  • Another example. App would connect to 69.62.124.0 on ports 1000-1126. Each port would correspond to a different WAN outgoing ip address. Does this make sense? – Colby Apr 22 '17 at 05:41
  • 1
    I do understand what you are trying to achieve (despite I don't understand the need for it). It is not possible with SSH. The connection made from SOCKS proxy behaves like a connection made from the remote server. The linked article is for general information how routing tables works. If it had a solution, it would already be in my answer. – Esa Jokinen Apr 22 '17 at 05:57
  • The need for it would be: the simplest possible solution to use one server to host 127 different possible socks proxy IPs. From here I will be moving on to Dante.. Thank you for the help – Colby Apr 22 '17 at 06:03