[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Pan-users] Pan over SSH tunnel?

From: Duncan
Subject: Re: [Pan-users] Pan over SSH tunnel?
Date: Wed, 3 Jan 2018 05:02:25 +0000 (UTC)
User-agent: Pan/0.144 (Time is the enemy; 28ab3baf7)

David Melik posted on Wed, 03 Jan 2018 01:37:41 +0000 as excerpted:

> I read Usenet, Gmane, want to add SDF over SSH tunnel.  The tunnel works
> (like ssh -D 9999 -p 22 address@hidden,)
> so I added,
> but their groups don't appear from refresh. just says it's
> possible (or with their VPN,) not how.

I'm definitely not an ssh nor routing expert, and haven't done this 
myself so can't really explain the details, but the general issue and 
solution as I understand it is IP (internet protocol) routing...

Basically, when you setup an internet connection, you setup a default 
gateway that gets all the traffic not otherwise routed.  If you have 
multiple connections, one will normally have higher routing priority than 
the others and become the default route, even if the other default route 
entries still exist, just at lower priority.

In addition to default routes, there are specific routes.  You tell the 
system to connect to specific subnets (say the office subnet or your home 
LAN) or possibly specific hosts (the single IP address of the news 
server, if it has only one) via specific routes that may or may not 
happen to route via the default gateway that gets all traffic not 
otherwise routed anyway.

When you open an ssh connection, you create a new route to the host or 
subnet at the other end of that connection.

But you still have to decide whether to make it the /default/ route (send 
everything not otherwise routed over it) or not, and if not, you need to 
setup additional routes which tell the system which specific other subnets 
or hosts you want to route via that ssh tunnel.

It "sounds" to me like you've not setup the ssh connection as the default 
route, and you may not actually /want/ it to be if you don't want /all/ 
your not otherwise routed traffic going via the ssh connection, *AND* you 
haven't yet setup a specific route to that news server IP or subnet, 
either, so it's still trying to route via the default route, and failing 
to connect.

Of course the other possibility is that your local system is setup 
correctly, but the other end of your ssh tunnel doesn't know how to route 
to the news server, so it's that route you still have to setup, not your 
local end.

That's the big picture.  AFAIK there's at least two network configuration 
tools that will let you set the route as desired, the old net-tools 
collection of individual tools, now deprecated but what many (including 
me, tho as I said I've not had to mess with routing much so I'm not 
particularly familiar with that end of it) are most familiar with, and 
the new ip tool method, which uses the single general-purpose ip command, 
along with the desired subcommand (probably ip route <whatever> here), 
for configuring and reporting statistics on nearly everything network 

So now you have to figure out which of those tools (or something else) 
your system is using, and from there figure out how to setup specific 
routes using it.  That, as they say, is "left as an exercise for the 
reader." =:^)  Tho chances are if you figure out which one you're using, 
someone can post the specifics for setting up the route using it.

Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

reply via email to

[Prev in Thread] Current Thread [Next in Thread]