From ce5187100c43dbf2822458a8a04e104a90d970a0 Mon Sep 17 00:00:00 2001 From: Brian May Date: Tue, 15 Dec 2015 11:48:34 +1100 Subject: [PATCH] Add to TPROXY documentation --- README.rst | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index aab1b2a..bd64a10 100644 --- a/README.rst +++ b/README.rst @@ -88,9 +88,14 @@ There are some things you need to consider for TPROXY to work: Otherwise sshuttle may attempt to intercept the ssh packets, which will not work. Use the `--exclude` parameter for this. -4. You do need the `--method=tproxy` parameter, as above. +4. Similarly, UDP return packets (including DNS) could get intercepted and + bounced back. This is the case if you have a broad subnet such as + ``0.0.0.0/0`` that includes the IP address of the client. Use the + `--exclude` parameter for this. -5. The routes for the outgoing packets must already exist. For example, if your +5. You do need the `--method=tproxy` parameter, as above. + +6. The routes for the outgoing packets must already exist. For example, if your connection does not have IPv6 support, no IPv6 routes will exist, IPv6 packets will not be generated and sshuttle cannot intercept them::