diff -U 3 ../ssh_orig/channels.c ./channels.c --- ../ssh_orig/channels.c Wed Mar 5 22:33:43 2003 +++ ./channels.c Mon May 5 14:34:28 2003 @@ -2010,12 +2010,13 @@ static int channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_port, - const char *host_to_connect, u_short port_to_connect, int gateway_ports) + const char *host_to_connect, u_short port_to_connect, int gateway_ports, const char *gateway_addr) { Channel *c; int success, sock, on = 1; struct addrinfo hints, *ai, *aitop; const char *host; + const char *ga_nodename; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; success = 0; @@ -2040,7 +2041,8 @@ hints.ai_flags = gateway_ports ? AI_PASSIVE : 0; hints.ai_socktype = SOCK_STREAM; snprintf(strport, sizeof strport, "%d", listen_port); - if (getaddrinfo(NULL, strport, &hints, &aitop) != 0) + + if (getaddrinfo(gateway_addr, strport, &hints, &aitop) != 0) packet_disconnect("getaddrinfo: fatal error"); for (ai = aitop; ai; ai = ai->ai_next) { @@ -2100,10 +2102,10 @@ /* protocol local port fwd, used by ssh (and sshd in v1) */ int channel_setup_local_fwd_listener(u_short listen_port, - const char *host_to_connect, u_short port_to_connect, int gateway_ports) + const char *host_to_connect, u_short port_to_connect, int gateway_ports, const char *gateway_addr) { return channel_setup_fwd_listener(SSH_CHANNEL_PORT_LISTENER, - NULL, listen_port, host_to_connect, port_to_connect, gateway_ports); + NULL, listen_port, host_to_connect, port_to_connect, gateway_ports, gateway_addr); } /* protocol v2 remote port fwd, used by sshd */ @@ -2112,7 +2114,7 @@ u_short listen_port, int gateway_ports) { return channel_setup_fwd_listener(SSH_CHANNEL_RPORT_LISTENER, - listen_address, listen_port, NULL, 0, gateway_ports); + listen_address, listen_port, NULL, 0, gateway_ports,NULL); } /* @@ -2198,7 +2200,7 @@ packet_disconnect("Requested forwarding of port %d but user is not root.", port); /* Initiate forwarding */ - channel_setup_local_fwd_listener(port, hostname, host_port, gateway_ports); + channel_setup_local_fwd_listener(port, hostname, host_port, gateway_ports, NULL); /* Free the argument string. */ xfree(hostname); diff -U 3 ../ssh_orig/channels.h ./channels.h --- ../ssh_orig/channels.h Mon Jun 24 14:33:27 2002 +++ ./channels.h Mon May 5 12:02:34 2003 @@ -199,7 +199,7 @@ int channel_connect_to(const char *, u_short); int channel_connect_by_listen_address(u_short); void channel_request_remote_forwarding(u_short, const char *, u_short); -int channel_setup_local_fwd_listener(u_short, const char *, u_short, int); +int channel_setup_local_fwd_listener(u_short, const char *, u_short, int, const char *); int channel_setup_remote_fwd_listener(const char *, u_short, int); /* x11 forwarding */ diff -U 3 ../ssh_orig/clientloop.c ./clientloop.c --- ../ssh_orig/clientloop.c Tue Apr 1 10:22:21 2003 +++ ./clientloop.c Mon May 5 12:07:12 2003 @@ -517,7 +517,7 @@ } if (local) { if (channel_setup_local_fwd_listener(fwd_port, buf, - fwd_host_port, options.gateway_ports) < 0) { + fwd_host_port, options.gateway_ports,NULL) < 0) { log("Port forwarding failed."); goto out; } diff -U 3 ../ssh_orig/readconf.c ./readconf.c --- ../ssh_orig/readconf.c Tue Apr 1 10:22:21 2003 +++ ./readconf.c Mon May 5 12:12:16 2003 @@ -741,6 +741,7 @@ options->forward_x11 = -1; options->xauth_location = NULL; options->gateway_ports = -1; + options->gateway_addr = NULL; options->use_privileged_port = -1; options->rhosts_authentication = -1; options->rsa_authentication = -1; diff -U 3 ../ssh_orig/readconf.h ./readconf.h --- ../ssh_orig/readconf.h Tue Apr 1 10:22:21 2003 +++ ./readconf.h Mon May 5 11:58:39 2003 @@ -32,6 +32,7 @@ int forward_x11; /* Forward X11 display. */ char *xauth_location; /* Location for xauth program */ int gateway_ports; /* Allow remote connects to forwarded ports. */ + char *gateway_addr; /* Allow remote connects to forwarded ports on this interface/IP. */ int use_privileged_port; /* Don't use privileged port if false. */ int rhosts_authentication; /* Try rhosts authentication. */ int rhosts_rsa_authentication; /* Try rhosts with RSA diff -U 3 ../ssh_orig/ssh.c ./ssh.c --- ../ssh_orig/ssh.c Thu Feb 6 09:27:29 2003 +++ ./ssh.c Mon May 5 14:53:41 2003 @@ -183,7 +183,8 @@ fprintf(stderr, " -D port Enable dynamic application-level port forwarding.\n"); fprintf(stderr, " -C Enable compression.\n"); fprintf(stderr, " -N Do not execute a shell or command.\n"); - fprintf(stderr, " -g Allow remote hosts to connect to forwarded ports.\n"); + fprintf(stderr, " -g Remote hosts routable on our side can connect to forwarded ports.\n"); + fprintf(stderr, " -G local-address Equal to -g but binds the tunnel to this local interface only.\n"); fprintf(stderr, " -1 Force protocol version 1.\n"); fprintf(stderr, " -2 Force protocol version 2.\n"); fprintf(stderr, " -4 Use IPv4 only.\n"); @@ -262,7 +263,7 @@ again: while ((opt = getopt(ac, av, - "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:NPR:TVX")) != -1) { + "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:G:NPR:TVX")) != -1) { switch (opt) { case '1': options.protocol = SSH_PROTO_1; @@ -292,6 +293,11 @@ case 'g': options.gateway_ports = 1; break; + case 'G': + options.gateway_ports = 1; + options.gateway_addr = malloc(1 + strlen(optarg)); + sprintf(options.gateway_addr,"%s",optarg); + break; case 'P': /* deprecated */ options.use_privileged_port = 0; break; @@ -785,7 +791,7 @@ { int success = 0; int i; - + /* Initiate local TCP/IP port forwardings. */ for (i = 0; i < options.num_local_forwards; i++) { debug("Connections to local port %d forwarded to remote address %.200s:%d", @@ -796,7 +802,8 @@ options.local_forwards[i].port, options.local_forwards[i].host, options.local_forwards[i].host_port, - options.gateway_ports); + options.gateway_ports, + options.gateway_addr); } if (i > 0 && success == 0) error("Could not request local forwarding.");