-
Notifications
You must be signed in to change notification settings - Fork 7
tproxy
There are some requirements on the client end (these don't apply on the server):
You do need at least version 1.4.11 of of iptables (meaning git version until this is released).
A recvmsg function binding (either by patching Python or with PyXAPI-0.1 API. I have plans to get this added to Python, but probably won't get in 2.x versions.
If there was serious interest, I could also upload my patched python 2.7 Ubuntu packages, compiled against natty to an Ubuntu PPA.
For full support also do need to type in the following commands, once only, as root, manually (top two are IPv4 only bottom two are IPv6 only):
ip route add local default dev lo table 100
ip rule add fwmark 1 lookup 100
ip -6 route add local default dev lo table 100
ip -6 rule add fwmark 1 lookup 100
sshuttle needs to be started as root so it can set up the tproxy port. I use:
sudo SSH_AUTH_SOCK="$SSH_AUTH_SOCK" $HOME/tree/sshuttle.tproxy/sshuttle --method=tproxy $OTHERPARAMS
This means ssh can access my ssh-agent socket.
Some compromises where required along the way. For example, sshuttle has no way of knowing when to "close" the UDP connection, because UDP is stateless. So my current implementation is hard coded to close it after it is idle for 30 seconds. Should be fine for DNS, WINS, and SNMP.
Try to get this merged upstream