mirror of
https://github.com/sshuttle/sshuttle.git
synced 2025-06-22 02:41:24 +02:00
Replace numbered points with dot points.
This commit is contained in:
parent
1e81bf3dfc
commit
3db38c992a
12
README.rst
12
README.rst
@ -72,7 +72,7 @@ later.
|
|||||||
|
|
||||||
There are some things you need to consider for TPROXY to work:
|
There are some things you need to consider for TPROXY to work:
|
||||||
|
|
||||||
1. The following commands need to be run first as root. This only needs to be
|
- The following commands need to be run first as root. This only needs to be
|
||||||
done once after booting up::
|
done once after booting up::
|
||||||
|
|
||||||
ip route add local default dev lo table 100
|
ip route add local default dev lo table 100
|
||||||
@ -80,22 +80,22 @@ There are some things you need to consider for TPROXY to work:
|
|||||||
ip -6 route add local default dev lo table 100
|
ip -6 route add local default dev lo table 100
|
||||||
ip -6 rule add fwmark 1 lookup 100
|
ip -6 rule add fwmark 1 lookup 100
|
||||||
|
|
||||||
2. The client needs to be run as root. e.g.::
|
- The client needs to be run as root. e.g.::
|
||||||
|
|
||||||
sudo SSH_AUTH_SOCK="$SSH_AUTH_SOCK" $HOME/tree/sshuttle.tproxy/sshuttle --method=tproxy ...
|
sudo SSH_AUTH_SOCK="$SSH_AUTH_SOCK" $HOME/tree/sshuttle.tproxy/sshuttle --method=tproxy ...
|
||||||
|
|
||||||
3. You may need to exclude the IP address of the server you are connecting to.
|
- You may need to exclude the IP address of the server you are connecting to.
|
||||||
Otherwise sshuttle may attempt to intercept the ssh packets, which will not
|
Otherwise sshuttle may attempt to intercept the ssh packets, which will not
|
||||||
work. Use the `--exclude` parameter for this.
|
work. Use the `--exclude` parameter for this.
|
||||||
|
|
||||||
4. Similarly, UDP return packets (including DNS) could get intercepted and
|
- Similarly, UDP return packets (including DNS) could get intercepted and
|
||||||
bounced back. This is the case if you have a broad subnet such as
|
bounced back. This is the case if you have a broad subnet such as
|
||||||
``0.0.0.0/0`` that includes the IP address of the client. Use the
|
``0.0.0.0/0`` that includes the IP address of the client. Use the
|
||||||
`--exclude` parameter for this.
|
`--exclude` parameter for this.
|
||||||
|
|
||||||
5. You do need the `--method=tproxy` parameter, as above.
|
- You do need the `--method=tproxy` parameter, as above.
|
||||||
|
|
||||||
6. The routes for the outgoing packets must already exist. For example, if your
|
- The routes for the outgoing packets must already exist. For example, if your
|
||||||
connection does not have IPv6 support, no IPv6 routes will exist, IPv6
|
connection does not have IPv6 support, no IPv6 routes will exist, IPv6
|
||||||
packets will not be generated and sshuttle cannot intercept them::
|
packets will not be generated and sshuttle cannot intercept them::
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user