mirror of
https://github.com/sshuttle/sshuttle.git
synced 2024-12-28 09:39:10 +01:00
nft IPv6 documentation (and other minor doc updates)
Update docs to indicate that IPv6 is supported with the nft method. - Adds nft into the requirements.rst file. - Update description of what happens when a hostname is used in a subnet. - Add ipfw to list of methods. - Indicate that --auto-nets does not work with IPv6. Previously this was only mentioned in tproxy.rst - Clarify that we try to use "python3" on the server before trying "python".
This commit is contained in:
parent
6d86e44fb4
commit
c02b93e719
@ -37,14 +37,18 @@ Options
|
||||
netmask), and 0/0 ('just route everything through the
|
||||
VPN'). Any of the previous examples are also valid if you append
|
||||
a port or a port range, so 1.2.3.4:8000 will only tunnel traffic
|
||||
that has as the destination port 8000 of 1.2.3.4 and
|
||||
that has as the destination port 8000 of 1.2.3.4 and
|
||||
1.2.3.0/24:8000-9000 will tunnel traffic going to any port between
|
||||
8000 and 9000 (inclusive) for all IPs in the 1.2.3.0/24 subnet.
|
||||
It is also possible to use a name in which case the first IP it resolves
|
||||
to during startup will be routed over the VPN. Valid examples are
|
||||
example.com, example.com:8000 and example.com:8000-9000.
|
||||
A hostname can be provided instead of an IP address. If the
|
||||
hostname resolves to multiple IPs, all of the IPs are included.
|
||||
If a width is provided with a hostname that the width is applied
|
||||
to all of the hostnames IPs (if they are all either IPv4 or IPv6).
|
||||
Widths cannot be supplied to hostnames that resolve to both IPv4
|
||||
and IPv6. Valid examples are example.com, example.com:8000,
|
||||
example.com/24, example.com/24:8000 and example.com:8000-9000.
|
||||
|
||||
.. option:: --method <auto|nat|nft|tproxy|pf>
|
||||
.. option:: --method <auto|nat|nft|tproxy|pf|ipfw>
|
||||
|
||||
Which firewall method should sshuttle use? For auto, sshuttle attempts to
|
||||
guess the appropriate method depending on what it can find in PATH. The
|
||||
@ -64,9 +68,9 @@ Options
|
||||
You can use any name resolving to an IP address of the machine running
|
||||
:program:`sshuttle`, e.g. ``--listen localhost``.
|
||||
|
||||
For the tproxy and pf methods this can be an IPv6 address. Use this option
|
||||
with comma separated values if required, to provide both IPv4 and IPv6
|
||||
addresses, e.g. ``--listen 127.0.0.1:0,[::1]:0``.
|
||||
For the nft, tproxy and pf methods this can be an IPv6 address. Use
|
||||
this option with comma separated values if required, to provide both
|
||||
IPv4 and IPv6 addresses, e.g. ``--listen 127.0.0.1:0,[::1]:0``.
|
||||
|
||||
.. option:: -H, --auto-hosts
|
||||
|
||||
@ -92,6 +96,10 @@ Options
|
||||
are taken automatically from the server's routing
|
||||
table.
|
||||
|
||||
This feature does not detect IPv6 routes. Specify IPv6 subnets
|
||||
manually. For example, specify the ``::/0`` subnet on the command
|
||||
line to route all IPv6 traffic.
|
||||
|
||||
.. option:: --dns
|
||||
|
||||
Capture local DNS requests and forward to the remote DNS
|
||||
@ -122,9 +130,9 @@ Options
|
||||
|
||||
.. option:: --python
|
||||
|
||||
Specify the name/path of the remote python interpreter.
|
||||
The default is just ``python``, which means to use the
|
||||
default python interpreter on the remote system's PATH.
|
||||
Specify the name/path of the remote python interpreter. The
|
||||
default is to use ``python3`` (or ``python``, if ``python3``
|
||||
fails) in the remote system's PATH.
|
||||
|
||||
.. option:: -r <[username@]sshserver[:port]>, --remote=<[username@]sshserver[:port]>
|
||||
|
||||
@ -221,7 +229,8 @@ Options
|
||||
|
||||
.. option:: --disable-ipv6
|
||||
|
||||
If using tproxy or pf methods, this will disable IPv6 support.
|
||||
Disable IPv6 support for methods that support it (nft, tproxy, and
|
||||
pf).
|
||||
|
||||
.. option:: --firewall
|
||||
|
||||
|
@ -20,6 +20,18 @@ Requires:
|
||||
|
||||
* iptables DNAT, REDIRECT, and ttl modules.
|
||||
|
||||
Linux with nft method
|
||||
~~~~~~~~~~~~~~~~~~~~~
|
||||
Supports
|
||||
|
||||
* IPv4 TCP
|
||||
* IPv4 DNS
|
||||
* IPv6 TCP
|
||||
* IPv6 DNS
|
||||
|
||||
Requires:
|
||||
|
||||
* nftables
|
||||
|
||||
Linux with TPROXY method
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
Loading…
Reference in New Issue
Block a user