mirror of
https://github.com/sshuttle/sshuttle.git
synced 2025-01-06 05:59:01 +01:00
bc065e368d
Previously, it was possible to run sshuttle locally without using ssh and connecting to a remote server. In this configuration, traffic was redirected to the sshuttle server running on the localhost. However, the firewall needed to distinguish between traffic leaving the sshuttle server and traffic that originated from the machine that still needed to be routed through the sshuttle server. The TTL of the packets leaving the sshuttle server were manipulated to indicate to the firewall what should happen. The TTL was adjusted for all packets leaving the sshuttle server (even if it wasn't necessary because the server and client were running on different machines). Changing the TTL caused trouble and some machines, and the --ttl option was added as a workaround to change how the TTL was set for traffic leaving sshuttle. All of this added complexity to the code for a feature (running the server on localhost) that is likely only used for testing and rarely used by others. This commit updates the associated documentation, but doesn't fully fix the ipfw method since I am unable to test that. This change will also make sshuttle fail to work if -r is used to specify a localhost. Pull request #610 partially addresses that issue. For example, see: #240, #490, #660, #606.
99 lines
1.8 KiB
ReStructuredText
99 lines
1.8 KiB
ReStructuredText
Requirements
|
|
============
|
|
|
|
Client side Requirements
|
|
------------------------
|
|
|
|
- sudo, or root access on your client machine.
|
|
(The server doesn't need admin access.)
|
|
- Python 3.6 or greater.
|
|
|
|
|
|
Linux with NAT method
|
|
~~~~~~~~~~~~~~~~~~~~~
|
|
Supports:
|
|
|
|
* IPv4 TCP
|
|
* IPv4 DNS
|
|
* IPv6 TCP
|
|
* IPv6 DNS
|
|
|
|
Requires:
|
|
|
|
* iptables DNAT and REDIRECT modules. ip6tables for IPv6.
|
|
|
|
Linux with nft method
|
|
~~~~~~~~~~~~~~~~~~~~~
|
|
Supports
|
|
|
|
* IPv4 TCP
|
|
* IPv4 DNS
|
|
* IPv6 TCP
|
|
* IPv6 DNS
|
|
|
|
Requires:
|
|
|
|
* nftables
|
|
|
|
Linux with TPROXY method
|
|
~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Supports:
|
|
|
|
* IPv4 TCP
|
|
* IPv4 UDP (requires ``recvmsg`` - see below)
|
|
* IPv6 DNS (requires ``recvmsg`` - see below)
|
|
* IPv6 TCP
|
|
* IPv6 UDP (requires ``recvmsg`` - see below)
|
|
* IPv6 DNS (requires ``recvmsg`` - see below)
|
|
|
|
|
|
MacOS / FreeBSD / OpenBSD / pfSense
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Method: pf
|
|
|
|
Supports:
|
|
|
|
* IPv4 TCP
|
|
* IPv4 DNS
|
|
* IPv6 TCP
|
|
* IPv6 DNS
|
|
|
|
Requires:
|
|
|
|
* You need to have the pfctl command.
|
|
|
|
Windows
|
|
~~~~~~~
|
|
|
|
Not officially supported, however can be made to work with Vagrant. Requires
|
|
cmd.exe with Administrator access. See :doc:`windows` for more information.
|
|
|
|
|
|
Server side Requirements
|
|
------------------------
|
|
|
|
- Python 3.6 or greater.
|
|
|
|
|
|
Additional Suggested Software
|
|
-----------------------------
|
|
|
|
- If you are using systemd, sshuttle can notify it when the connection to
|
|
the remote end is established and the firewall rules are installed. For
|
|
this feature to work you must configure the process start-up type for the
|
|
sshuttle service unit to notify, as shown in the example below.
|
|
|
|
.. code-block:: ini
|
|
:emphasize-lines: 6
|
|
|
|
[Unit]
|
|
Description=sshuttle
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=notify
|
|
ExecStart=/usr/bin/sshuttle --dns --remote <user>@<server> <subnets...>
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|