extern/sshuttle
1
1
Fork 0
mirror of https://github.com/sshuttle/sshuttle.git synced 2025-06-30 23:01:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

tproxy: Skip firewall chains if packets have local destination. (#578)

Browse Source 
If you use the tproxy method with a large subnet (such as 0/0), then
(1) you may not receive UDP packets that sshuttle/tproxy can handle
and (2) you are unable to connect to your machine using an IP that
your computer recognizes as its own.

To resolve those issues, any traffic to an IP that the host knows is
local, does not go through the sshuttle chains.
This commit is contained in:
Scott Kuhl
2021-01-03 16:05:32 -06:00
committed by GitHub
parent b7730fc106
commit 97c25e988e
3 changed files with 24 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/tproxy.rst
View File

@ -25,11 +25,6 @@ There are some things you need to consider for TPROXY to work:
Otherwise sshuttle may attempt to intercept the ssh packets, which will not
work. Use the ``--exclude`` parameter for this.
- Similarly, UDP return packets (including DNS) could get intercepted and
bounced back. This is the case if you have a broad subnet such as
``0.0.0.0/0`` or ``::/0`` that includes the IP address of the client. Use the
``--exclude`` parameter for this.
- You need the ``--method=tproxy`` parameter, as above.
- The routes for the outgoing packets must already exist. For example, if your