Re: outside ssh connection from two different ISP's

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 11/11/2014 23:43, Les Mikesell wrote:

On Tue, Nov 11, 2014 at 5:08 PM, Chris Beattie <cbeattie@xxxxxxxxxxx> wrote:

On 11/11/2014 2:27 PM, Steve Clark wrote:

Buy second NIC and then the original script Jack Baily provided would work.


I'm outside my area of expertise here, but is there a reason you couldn't fake a second network card by assigning two IP addresses to the one interface?

I recall that the OP had two routers on opposite ends of the same subnet.  If each router used its own subnet and everything was connected by a hub instead of a switch, then wouldn't the server know which way the packets needed to go out?  Or a switch that knows VLANs, but that might be needlessly complex.

I realize that means installing a hub instead of a second network card, so I'm just asking for my own edification.



There's no difference between a hub and switch with respect to
routing.  It might be possible to do something with a 2nd ip address
in the same subnet used as the target of the port-forwarding from the
other router along with policy based routing to make packets with that
source ip take the other route.  But that would introduce
complications for normal outbound traffic.   It may depend on the
point of having the 2nd connection.  Normally cable is so much faster
than dls that you would always prefer it unless it was down.  If the
dsl is just for emergency inbound use you might run a VM configured
with the other gateway as the default - maybe even set up openvpn
there for fairly transparent access to the rest of the LAN.
Surely the easiest thing would be to setup a jump host. Essentially, 1 or 2 servers, if you want resiliency, which you can SSH on to from the internet, and then from there access the rest of the network. This gives the benefit of reducing the number of servers that have SSH exposed. 

Tris


*************************************************************
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmaster@xxxxxxxx
The views expressed within this email are those of the individual, and not necessarily those of the organisation 
*************************************************************
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux