[ previous ] [ next ] [ threads ]
 From:  Bob Rich <rrich at gstisecurity dot com>
 To:  Justin Popa <tehpopa at gmail dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Dynamic DNS and NAT?
 Date:  Tue, 7 Jun 2005 13:59:04 -0400

I don't know much about the internals of the SSH protocol, but I'm not sure that the target hostname
is ever sent across the wire from the client to the server (in fact there are a number of reasons
what that would not be a good idea). AFAIK the hostname is just used to find the IP address of the
system, and to participate in the validation the host key that comes back.

The only way that you could reliably do this is to do the 'port manipulations' thing. Why not map
the external ports 2201-2210 to the ssh port on each of your DMZ boxes, with the 01-10 mapping to
the appropriate machine on your DMZ. (e.g.: 2201->lin01:22, 2202->lin02:22, 2203->lin03:22, etc)

A tad kludgy, but reliable.

----- Original Message -----
From: Justin Popa <tehpopa at gmail dot com>
To: m0n0wall at lists dot m0n0 dot ch
Sent: Tue, 7 Jun 2005 13:44:37 -0400
Subject: [m0n0wall] Dynamic DNS and NAT?

> I have m0n0 1.11 on a net4801. I have 10 Linux machines on my DMZ
> network that have host names lin1 - lin10. I've set up dyndns to my
> network, and I've also set up sub domains on that domain that cnames
> to the domain. Ex:
> Domain: stinkygoober.com (dyn. point to my ip)
> Sub domains: lin1.stinkygoober.com (cname to stinkygoober.com)
> Is there a way that I can have m0n0wall see that there's a request for
> port 22 coming in via lin1.stinkygoober.com and then route it
> appropriately within my network? I did this with a windows machine
> being use as a router/firewall and it kind of cheated in port
> manipulations within itself. Any ideas?
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch