David Melik posted on Wed, 03 Jan 2018 01:37:41 +0000 as excerpted: > I read Usenet, Gmane, want to add SDF over SSH tunnel. The tunnel works > (like ssh -D 9999 -p 22 u...@ma.sdf.org,) > so I added news.sdf.org:9999, > but their groups don't appear from refresh. SDF.org just says it's > possible (or with their VPN,) not how.
I'm definitely not an ssh nor routing expert, and haven't done this myself so can't really explain the details, but the general issue and solution as I understand it is IP (internet protocol) routing... Basically, when you setup an internet connection, you setup a default gateway that gets all the traffic not otherwise routed. If you have multiple connections, one will normally have higher routing priority than the others and become the default route, even if the other default route entries still exist, just at lower priority. In addition to default routes, there are specific routes. You tell the system to connect to specific subnets (say the office subnet or your home LAN) or possibly specific hosts (the single IP address of the news server, if it has only one) via specific routes that may or may not happen to route via the default gateway that gets all traffic not otherwise routed anyway. When you open an ssh connection, you create a new route to the host or subnet at the other end of that connection. But you still have to decide whether to make it the /default/ route (send everything not otherwise routed over it) or not, and if not, you need to setup additional routes which tell the system which specific other subnets or hosts you want to route via that ssh tunnel. It "sounds" to me like you've not setup the ssh connection as the default route, and you may not actually /want/ it to be if you don't want /all/ your not otherwise routed traffic going via the ssh connection, *AND* you haven't yet setup a specific route to that news server IP or subnet, either, so it's still trying to route via the default route, and failing to connect. Of course the other possibility is that your local system is setup correctly, but the other end of your ssh tunnel doesn't know how to route to the news server, so it's that route you still have to setup, not your local end. That's the big picture. AFAIK there's at least two network configuration tools that will let you set the route as desired, the old net-tools collection of individual tools, now deprecated but what many (including me, tho as I said I've not had to mess with routing much so I'm not particularly familiar with that end of it) are most familiar with, and the new ip tool method, which uses the single general-purpose ip command, along with the desired subcommand (probably ip route <whatever> here), for configuring and reporting statistics on nearly everything network related. So now you have to figure out which of those tools (or something else) your system is using, and from there figure out how to setup specific routes using it. That, as they say, is "left as an exercise for the reader." =:^) Tho chances are if you figure out which one you're using, someone can post the specifics for setting up the route using it. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman _______________________________________________ Pan-users mailing list Pan-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/pan-users
