I have a server that we'll call hub-server.tld with three
IP addresses 100.200.130.121, 100.200.130.122, and 100.200.130.123. I have three different machines that are behind a firewall, but I want to use SSH to
port forward one machine to each
IP address. For example: machine-one should listen for SSH on
port 22 on 100.200.130.121, while machine-two should do the same on 100.200.130.122, and so on for different services on ports that may be the same across all of the machines.
The SSH man page has -R [bind_address:]port:host:hostport listed I have gateway ports enabled, but when using -R with a specific
IP address, server still listens on the
port across all interfaces:
machine-one:
# ssh -NR 100.200.130.121:22:localhost:22
[email protected]
hub-server.tld (Listens for SSH on
port 2222):
# netstat -tan | grep LISTEN
tcp 0 0 100.200.130.121:2222 0.0.0.0:* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 :::80 :::* LISTEN
Is there a way to make SSH forward only connections on a specific
IP address to machine-one so I can listen to
port 22 on the other
IP addresses at the same time, or will I have to do something with iptables? Here are all the lines in my ssh config that are not comments / defaults:
Port 2222
Protocol 2
SyslogFacility AUTHPRIV
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication no
GSSAPICleanupCredentials no
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
AllowTcpForwarding yes
GatewayPorts yes
X11Forwarding yes
ClientAliveInterval 30
ClientAliveCountMax 1000000
UseDNS no
Subsystem sftp /usr/libexec/openssh/sftp-server
