First page Back Continue Last page Summary Graphics

Tunnelling IP thru SSH

  • Instead of tunnelling a handful of TCP ports one
  • can tunnel an entire IP channel thru SSH.This
  • requires root on both sides. Usually PPP is used.
  • Setting up the new IP numbers needed, routing,
  • and DNS can be tricky, but once working one can
  • do just about anything (even things like NFS...)

    Notes:

    If your work DNS service does not resolve hosts
    on the internet (only local to work), some sort of
    switching name server needs to be set up... BIND
    probably handles this now.

    The new IP address at work needs to be such that
    machines you want to connect to at work know how
    to route packets back. IP masqing may be useful here.
    Conceivably one could use a SLIP/PPP emulator (e.g
    "slirp") on the work side so no new IP is needed there.

    Performance will probably be a bit slower than the
    SSH port redirection tricks. It is not clear mounting
    files via NFS over even a CM or DSL link is that good
    and idea...

    Be careful with routing: don't route your company's
    traffic out to the Internet via your SSH link! Or otherwise
    cause weird routing loops or deadends.