fnordig/blog
1
Fork 0
Code Activity

oops, remove html tags

Browse source
This commit is contained in:
Jan-Erik Rediger 2011-09-02 21:43:39 +02:00
parent 1ceff97ea4
commit ba4da0043d
1 changed files with 19 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
_posts/2011-01-22-poor-mans-vpn.markdown
View file

@ -6,40 +6,40 @@ title: sshuttle - poor man's vpn
> [sshuttle](https://github.com/apenwarr/sshuttle) is a transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin access. Works with Linux and MacOS, now including 10.6 > [sshuttle](https://github.com/apenwarr/sshuttle) is a transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin access. Works with Linux and MacOS, now including 10.6
It's as simple as It's as simple as
$ ./sshuttle -r username@sshserver 0.0.0.0/0 -vv</code></pre> $ ./sshuttle -r username@sshserver 0.0.0.0/0 -vv
and everything is tunneled through the ssh connection.
and everything is tunneled through the ssh connection.
All you need is iptables, root access on the local machine and a python binary on server side. No root, no iptables, no extra program running on your server. All you need is iptables, root access on the local machine and a python binary on server side. No root, no iptables, no extra program running on your server.
Of course you may tunnel just some IPs. Just change the argument to whatever ip network you need. Of course you may tunnel just some IPs. Just change the argument to whatever ip network you need.
$ dig www.youtube.com $ dig www.youtube.com
[ ... find youtube's ip ... ] [ ... find youtube's ip ... ]
$ ./sshuttle -r username@sshserver 74.125.39.0/24 -vv</code></pre> $ ./sshuttle -r username@sshserver 74.125.39.0/24 -vv
and every request to Youtube gets tunneled. Great for "This video is not available in your country"-videos if you've got ssh access to a server with an US IP. and every request to Youtube gets tunneled. Great for "This video is not available in your country"-videos if you've got ssh access to a server with an US IP.
I use it for exactly that case: tunneling Youtube requests to view videos. But sometimes, when I exit sshuttle it fails before removing the iptable rules. I use it for exactly that case: tunneling Youtube requests to view videos. But sometimes, when I exit sshuttle it fails before removing the iptable rules.
As sshuttle is just some python code wrapped around the iptables cli, I figured out what I needed to remove: As sshuttle is just some python code wrapped around the iptables cli, I figured out what I needed to remove:
$ iptables -t nat -D OUTPUT -j sshuttle-12300 $ iptables -t nat -D OUTPUT -j sshuttle-12300
$ iptables -t nat -D PREROUTING -j sshuttle-12300 $ iptables -t nat -D PREROUTING -j sshuttle-12300
$ iptables -t nat -F sshuttle-12300 $ iptables -t nat -F sshuttle-12300
$ iptables -t nat -X sshuttle-12300 $ iptables -t nat -X sshuttle-12300
Maybe you have to change the "12300" to something else, use the following command to figure this out: Maybe you have to change the "12300" to something else, use the following command to figure this out:
$ iptables -t nat -L $ iptables -t nat -L
(or just read the verbose output) (or just read the verbose output)
For more info about how it works and so on read the [README](https://github.com/apenwarr/sshuttle/blob/master/README.md). For more info about how it works and so on read the [README](https://github.com/apenwarr/sshuttle/blob/master/README.md).
Don't forget to read the help if you've got an unusual setup or other problems (some weird path to the python binary on the server, auto-updating hosts file needed, different subnets and excluded subnets, ...): Don't forget to read the help if you've got an unusual setup or other problems (some weird path to the python binary on the server, auto-updating hosts file needed, different subnets and excluded subnets, ...):
$ ./sshuttle -h $ ./sshuttle -h
Works pretty good and it's secure, so use it! Works pretty good and it's secure, so use it!