This is an old revision of the document!
Tunnel Interfaces
If you are looking to establish an SSH tunnel between two networks and treat the tunnel as an interface, this may help.
- First I would recommend enabling rc.ip_forward in /etc/rc.d/ (on local and target machines)
or for a temporary (loose at reboot) way use
- Next I'm using autossh found at slackbuilds.org The below script requires it. (there is likely a way without it since it is a wrapper…
- You will also want to have non-interactive ssh connections set up. Meaning authorized_keys setup with public/private keys.
- Also assuming you have sudo privledges and user on the remote machine (with NOPASSWD: ALL option) SAMPLE: as root type “visudo” and add user like this
- Next I'm using a little bash script which I will explain after peeking at it.
- rc.tunnel
#!/bin/bash ########################################################### # #Enter the ip of the target you wish to make a tunnel with. #By ip address or hostname # target=74.79.121.210 # ########################################################### # suggestions contact rich at lehcar.no-ip.org # with thanks to Billy T (for idea and assistance) ########################################################### #load module /usr/bin/sudo /sbin/modprobe tun #load remote module /usr/bin/ssh $target "/usr/bin/sudo /sbin/modprobe tun" /bin/sleep 1 /usr/bin/sudo /usr/bin/autossh -M 0 -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -fw 0:0 $target /bin/true /bin/sleep 4 /usr/bin/ssh $target "/usr/bin/sudo /sbin/ifconfig tun0 192.168.5.2 pointopoint 192.168.5.1 netmask 255.255.255.252 broadcast 192.168.5.3" /usr/bin/sudo /sbin/ifconfig tun0 192.168.5.1 pointopoint 192.168.5.2 netmask 255.255.255.252 broadcast 192.168.5.3 /usr/bin/sudo /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE /usr/bin/sudo /usr/sbin/iptables -A FORWARD -i eth0 -o tun1 -m state --state RELATED,ESTABLISHED -j ACCEPT /usr/bin/sudo /usr/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT /usr/bin/ssh $target "/usr/bin/sudo /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" /usr/bin/ssh $target "/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT" /usr/bin/ssh $target "/usr/bin/sudo /usr/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT"
To direct traffic over the tunnel try:
To recap some options -fw 0:0 forks ssh process to the background / opens tunnel and 0:0 picks the interface local and remote. (ie tun0 and tun0) The -o options are to use options in openSSH.
Results
Now you can access the remote computer using 192.168.5.2 and your communications go over the ssh tunnel. In the above script you may wish to modify the network and mask to fit your needs, I chose 192.168.5 but your mileage may vary. I'm not going to be able to elaborate on the iptables rules still a little green there, but they work.
Sources
* Originally written by ricky_cardo