# Choose IP address for SSH Tunnel



## Mayhem30 (Jan 20, 2021)

I'm using PuTTY from home on my Windows 10 machine and connecting to my FreeBSD server via SSH tunnel (for dynamic SOCKS forwarding).

When doing so, it uses my servers first listed IPv4/IPv6 IP addresses when surfing the net.

Is it possible for me to specify a different IP address for the server to use? (without changing the first listed ip addresses on the server).


----------



## im (Jan 21, 2021)

As far as I know, sshd have no options to specify separate address for outgoing traffic.

You may to try workaround:
Just create FreeBSD jail on the 'different IP address' and use it's sshd as dedicated for SOCKS forwarding.


----------



## Mayhem30 (Jan 21, 2021)

Can the pf firewall be used to specify a different address for outgoing traffic?

Just rdr for a specific port only.


----------



## sko (Jan 21, 2021)

Using a seperate FIB with an appropriate default route set should also work.
Then either run sshd (or a second instance) with that FIB (`sshd_fib` in /etc/rc.conf) or only send traffic coming through the SSH tunnel to that table with PF.
Haven't used the latter with FreeBSD PF (but I'm regularly using multiple FIBs to segregate and route traffic for jails separate from the host) but on OpenBSD such scenarios (routing between different routing tables/domains) works extremely well. That being said, OpenBSDs routing domains are absolutely amazing to separate and redirect traffic flows through a system. But FreeBSD can do the job as well (but IMHO with a bit more opaque and complex configuration).

For regular use I'd suggest using a proper VPN solution instead of SSH tunnels. security/tinc is very lightweight and very easy & fast to set up and because vpn traffic comes through its own interface it is much easier and cleaner to separately handle that traffic (or even just put it on a bridge with the external interface...).


----------

