SSH tunnels with multiple outbound IPs

ssh ssh-tunnel

I have a VPS with multiple IP addresses allocated to it (we can use debian, centos or ubuntu). I can ssh tunnel through the server using any of the IP addresses. However, any ssh tunnel I set up always shows just one IP address to the final destination site.

me --ssh to IP1 --> |server|----> http:// whatismyip.com (displays IP1)

me --ssh to IP2--> |server|----> http:// whatismyip.com (displays IP1)

me --ssh to IP3--> |server|----> http:// whatismyip.com (displays IP1)

How do I configure the server so that when I ssh tunnel into IP1, its outbound IP is IP1. And when I ssh tunnel into IP2, its outbound IP is IP2?

What I want: me --ssh to IP1 --> |server|----> http:// whatismyip.com (displays IP1)

me --ssh to IP2--> |server|----> http:// whatismyip.com (displays IP2)

The IPs are in different subnets (actually different Class As entirely).


Solution 1:

The IP address you use to make your connection to the SSH server really has nothing to do with what IP address that is used by SSH when it initiates outbound connections on your behalf.

The source address of packets being transmitted via a tunnel is going to depend a lot more on route table(s) and default gateway of the SSH server.

If all your addreses are in the same subnet I don't believe there is any way that you will be able to set the source address using only ssh.

As an alternative I believe you could setup multiple instances of OpenVPN each with their own tun and ip address range. Then setup different NAT rules for packets coming from each VPN instance.

Solution 2:

thats a dirty solution and can cause problems.

> iptables -t nat -A POSTROUTING -j SNAT --to IP2
> 
> so 
> IP1 ---> IP2 
> IP2 ---> IP2 
> IP3 ---> IP2

If you need to change and dont have any other iptables rules, just restart iptables, than everything should be flushed.

I have the same trouble like you, and thats the best i could found out.

Solution 3:

This isn't a tunneling problem. If you are on the server and SSH from it (that's how you make a tunnel, right?), you'll see that those tunnels are setup using the same IP address.

This is a TCP routing problem. if you run netstat -rn, you'll see your routing table. Most likely, you are routing all packets out the same interface -- your default route. You need very specific routes that have a higher priority than your default route to take precedence.

Related

No SPF record on secondary DNS
rsync for backup but don't want to wipe ( not erase ) drive
SSLProtocol: Illegal protocol 'TLSv1.2'
Simple respond_with in rails that avoids 204 from PUT
How to do a "local-only commit" in git?
RequireJS - What is the purpose of the "exports" property in shim
SQLite Syntax for Creating Table with Foreign Key
Mockito and Hamcrest: how to verify invocation of Collection argument?
How to access the subdomain of an IP address in the browser?
Send a log to Crashlytics without an app crash
Programming Java 7 in Eclipse
Can I use params in Action or Func delegates?