extern/sshuttle
1
1
Fork 0
mirror of https://github.com/sshuttle/sshuttle.git synced 2025-02-18 03:11:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Replace numbered points with dot points.

Browse Source
This commit is contained in:
Brian May 2015-12-15 14:23:19 +11:00
parent 1e81bf3dfc
commit 3db38c992a
1 changed files with 24 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
README.rst
View File

@ -72,39 +72,39 @@ later.
There are some things you need to consider for TPROXY to work: There are some things you need to consider for TPROXY to work:
1. The following commands need to be run first as root. This only needs to be - The following commands need to be run first as root. This only needs to be
done once after booting up:: done once after booting up::
ip route add local default dev lo table 100 ip route add local default dev lo table 100
ip rule add fwmark 1 lookup 100 ip rule add fwmark 1 lookup 100
ip -6 route add local default dev lo table 100 ip -6 route add local default dev lo table 100
ip -6 rule add fwmark 1 lookup 100 ip -6 rule add fwmark 1 lookup 100
2. The client needs to be run as root. e.g.:: - The client needs to be run as root. e.g.::
sudo SSH_AUTH_SOCK="$SSH_AUTH_SOCK" $HOME/tree/sshuttle.tproxy/sshuttle --method=tproxy ... sudo SSH_AUTH_SOCK="$SSH_AUTH_SOCK" $HOME/tree/sshuttle.tproxy/sshuttle --method=tproxy ...
3. You may need to exclude the IP address of the server you are connecting to. - You may need to exclude the IP address of the server you are connecting to.
Otherwise sshuttle may attempt to intercept the ssh packets, which will not Otherwise sshuttle may attempt to intercept the ssh packets, which will not
work. Use the `--exclude` parameter for this. work. Use the `--exclude` parameter for this.
4. Similarly, UDP return packets (including DNS) could get intercepted and - Similarly, UDP return packets (including DNS) could get intercepted and
bounced back. This is the case if you have a broad subnet such as bounced back. This is the case if you have a broad subnet such as
``0.0.0.0/0`` that includes the IP address of the client. Use the ``0.0.0.0/0`` that includes the IP address of the client. Use the
`--exclude` parameter for this. `--exclude` parameter for this.
5. You do need the `--method=tproxy` parameter, as above. - You do need the `--method=tproxy` parameter, as above.
6. The routes for the outgoing packets must already exist. For example, if your - The routes for the outgoing packets must already exist. For example, if your
connection does not have IPv6 support, no IPv6 routes will exist, IPv6 connection does not have IPv6 support, no IPv6 routes will exist, IPv6
packets will not be generated and sshuttle cannot intercept them:: packets will not be generated and sshuttle cannot intercept them::
telnet -6 www.google.com 80 telnet -6 www.google.com 80
Trying 2404:6800:4001:805::1010... Trying 2404:6800:4001:805::1010...
telnet: Unable to connect to remote host: Network is unreachable telnet: Unable to connect to remote host: Network is unreachable
Add some dummy routes to external interfaces. Make sure they get removed Add some dummy routes to external interfaces. Make sure they get removed
however after sshuttle exits. however after sshuttle exits.
Obtaining sshuttle Obtaining sshuttle