Can't configure sshuttle to work on wider LAN
1,206 views
Skip to first unread message
m
Apr 6, 2011, 9:41:34 AM4/6/11
to sshuttle
Hi,
I have started using sshuttle which is working great for the linux box
it is running on, however I can't get other boxes on the LAN to access
the net through it.
eth1 has the SSH connection which gives internet
eth0 has other computers on it that I want to access the internet
I used 0.0.0.0/0 in the command, but like I said only the local PC can
get online.
Any ideas?
Oh and thanks heaps, this is the first thing I have found that looks
like it actually turns an SSH connection into a direct internet
connection!
Cheers,
Luke
I have started using sshuttle which is working great for the linux box
it is running on, however I can't get other boxes on the LAN to access
the net through it.
eth1 has the SSH connection which gives internet
eth0 has other computers on it that I want to access the internet
I used 0.0.0.0/0 in the command, but like I said only the local PC can
get online.
Any ideas?
Oh and thanks heaps, this is the first thing I have found that looks
like it actually turns an SSH connection into a direct internet
connection!
Cheers,
Luke
Roger
Apr 6, 2011, 9:48:19 AM4/6/11
to m, sshuttle
On Wed, Apr 6, 2011 at 9:41 PM, m <luke.t...@gmail.com> wrote:
> Hi,
>
> I have started using sshuttle which is working great for the linux box
> it is running on, however I can't get other boxes on the LAN to access
> the net through it.
>
> eth1 has the SSH connection which gives internet
> eth0 has other computers on it that I want to access the internet
> Hi,
>
> I have started using sshuttle which is working great for the linux box
> it is running on, however I can't get other boxes on the LAN to access
> the net through it.
>
> eth1 has the SSH connection which gives internet
> eth0 has other computers on it that I want to access the internet
Did you turn on ip forwarding? :
echo 1 > /proc/sys/net/ipv4/ip_forward
Roger
ltay
Apr 6, 2011, 9:58:01 AM4/6/11
to sshuttle
Thanks for the quick reply.
No I didn't do that, but I just typed what you said into the terminal,
it executed whatever it does and displayed nothing.
Did that turn something on? It still doesn't work on other computers.
Stupid question as well, how should I be configuring the other
computers' NICs?
My linux box has IP 10.0.0.3.
Thanks heaps
On Apr 6, 11:48 pm, Roger <wen...@gmail.com> wrote:
No I didn't do that, but I just typed what you said into the terminal,
it executed whatever it does and displayed nothing.
Did that turn something on? It still doesn't work on other computers.
Stupid question as well, how should I be configuring the other
computers' NICs?
My linux box has IP 10.0.0.3.
Thanks heaps
On Apr 6, 11:48 pm, Roger <wen...@gmail.com> wrote:
Avery Pennarun
Apr 6, 2011, 11:32:25 AM4/6/11
to ltay, sshuttle
On Wed, Apr 6, 2011 at 9:58 AM, ltay <luke.t...@gmail.com> wrote:
> No I didn't do that, but I just typed what you said into the terminal,
> it executed whatever it does and displayed nothing.
> No I didn't do that, but I just typed what you said into the terminal,
> it executed whatever it does and displayed nothing.
Hmm, it sounds like you have close to zero unix experience if you
expected that command to print something. If you want your machine to
be acting as a router for other machines, you may need to read a lot
more about how Linux firewalling works, or you'll be in some trouble.
Did you configure a DHCP server? Are they all set to route through
your Linux box? When sshuttle isn't running, can they all reach the
(non-encrypted) internet through your Linux box? Did you set up your
DNS correctly? There's a lot more to Linux routing than just
sshuttle.
Once you've got all that working, another thing you'll need to do is
make sure to give sshuttle the "-l 0.0.0.0:0" option.
Have fun,
Avery
ltay
Apr 6, 2011, 11:55:30 AM4/6/11
to sshuttle
You're right I have only just started using linux, mostly out of the
need to get this working.
I can't try and access the non-encrypted "standard" internet through
the linux box because the only way I can get on the internet is
through the SSH tunnel.
Weird situation I know. So at the moment what I know is I have enabled
ip forwarding, I'm running sshuttle with the added -l 0.0.0.0:0
parameter and my other computer is set to use the linux box as the
gateway and for DNS.
I havn't setup DHCP yet because I have kept changing those settings in
hopes that changing the DNS settings or something like that might
help.
Where should I go from here?
Sorry for my ignorance and thanks for your help.
On Apr 7, 1:32 am, Avery Pennarun <apenw...@gmail.com> wrote:
need to get this working.
I can't try and access the non-encrypted "standard" internet through
the linux box because the only way I can get on the internet is
through the SSH tunnel.
Weird situation I know. So at the moment what I know is I have enabled
ip forwarding, I'm running sshuttle with the added -l 0.0.0.0:0
parameter and my other computer is set to use the linux box as the
gateway and for DNS.
I havn't setup DHCP yet because I have kept changing those settings in
hopes that changing the DNS settings or something like that might
help.
Where should I go from here?
Sorry for my ignorance and thanks for your help.
On Apr 7, 1:32 am, Avery Pennarun <apenw...@gmail.com> wrote:
Avery Pennarun
Apr 6, 2011, 12:03:19 PM4/6/11
to ltay, sshuttle
On Wed, Apr 6, 2011 at 11:55 AM, ltay <luke.t...@gmail.com> wrote:
> I can't try and access the non-encrypted "standard" internet through
> the linux box because the only way I can get on the internet is
> through the SSH tunnel.
> I can't try and access the non-encrypted "standard" internet through
> the linux box because the only way I can get on the internet is
> through the SSH tunnel.
But how do you create an ssh tunnel without being able to reach the Internet?
> Weird situation I know. So at the moment what I know is I have enabled
> ip forwarding, I'm running sshuttle with the added -l 0.0.0.0:0
> parameter and my other computer is set to use the linux box as the
> gateway and for DNS.
Are you running sshuttle with the --dns option? Are you running a DNS
server on the Linux box? You shouldn't need a local DNS server, but
you'll probably want use sshuttle --dns, and then make sure all the
clients on your network use exactly the same DNS server settings as
your Linux box does, so that requests will be intercepted correctly.
> I havn't setup DHCP yet because I have kept changing those settings in
> hopes that changing the DNS settings or something like that might
> help.
Okay, you don't really need DHCP, as long as you can control the
configuration of the other machines somehow.
> Where should I go from here?
Well, starting off by learning how Linux routing and firewalling work
wouldn't hurt. But let's assume you've done that... we need to narrow
down "it doesn't work" to a specific problem.
What happens exactly when you try to reach the Internet from one of
the other computers?
If you type "host google.com" at the command prompt of the Linux box,
does it give the right answer? What about on one of the other
machines? (If they don't have the host command, "ping google.com"
will also work, but don't be confused by the output: sshuttle doesn't
forward pings, so it won't succeed. I just want to see if DNS is
working or not.)
Can you ssh into the Linux router from one of the machines?
If you use sshuttle -vvv, do you see any output on the router console
when you try to connect from one of the other machines to
http://google.com ?
Good luck.
Avery
ltay
Apr 6, 2011, 12:13:06 PM4/6/11
to sshuttle
Hi,
Adding the --dns made the internet work on the other computers!
Thankyou so much.
Although the local computer no longer has access to the internet when
this parameter is added, is that normal?
It's not a big deal anyway I guess. Thanks again
On Apr 7, 2:03 am, Avery Pennarun <apenw...@gmail.com> wrote:
Adding the --dns made the internet work on the other computers!
Thankyou so much.
Although the local computer no longer has access to the internet when
this parameter is added, is that normal?
It's not a big deal anyway I guess. Thanks again
On Apr 7, 2:03 am, Avery Pennarun <apenw...@gmail.com> wrote:
ltay
Apr 6, 2011, 12:20:45 PM4/6/11
to sshuttle
Hi again,
... so most things work online, but I can't get some games to work
through it.
Xbox says that it needs a minimum MTU setting of 1364 to work with
xbox live, is there anyway I can fix this?
Thanks guys.
... so most things work online, but I can't get some games to work
through it.
Xbox says that it needs a minimum MTU setting of 1364 to work with
xbox live, is there anyway I can fix this?
Thanks guys.
Avery Pennarun
Apr 6, 2011, 12:37:46 PM4/6/11
to ltay, sshuttle
On Wed, Apr 6, 2011 at 12:13 PM, ltay <luke.t...@gmail.com> wrote:
> Although the local computer no longer has access to the internet when
> this parameter is added, is that normal?
> Although the local computer no longer has access to the internet when
> this parameter is added, is that normal?
You really need to give more precise descriptions than "no longer has
access". What happens when you try?
> ... so most things work online, but I can't get some games to work
> through it.
>
> Xbox says that it needs a minimum MTU setting of 1364 to work with
> xbox live, is there anyway I can fix this?
Games are probably using UDP, and sshuttle doesn't have a feature yet
for forwarding UDP.
Your situation really doesn't seem like the sort of situation where
you ought to need sshuttle. Why can't you connect to the Internet
without ssh, anyway?
Avery
ltay
Apr 6, 2011, 12:47:31 PM4/6/11
to sshuttle
On Apr 7, 2:37 am, Avery Pennarun <apenw...@gmail.com> wrote:
> On Wed, Apr 6, 2011 at 12:13 PM, ltay <luke.taylo...@gmail.com> wrote:
> > Although the local computer no longer has access to the internet when
> > this parameter is added, is that normal?
>
> You really need to give more precise descriptions than "no longer has
> access". What happens when you try?
When I try and load a website, the browser just hangs and keeps trying
> > Although the local computer no longer has access to the internet when
> > this parameter is added, is that normal?
>
> You really need to give more precise descriptions than "no longer has
> access". What happens when you try?
to load. When I don't use the --dns mode it loads the pages almost
instantly.
>
> > ... so most things work online, but I can't get some games to work
> > through it.
>
> > Xbox says that it needs a minimum MTU setting of 1364 to work with
> > xbox live, is there anyway I can fix this?
>
> Games are probably using UDP, and sshuttle doesn't have a feature yet
> for forwarding UDP.
realise that sshuttle wouldn't handle this protocol, do you know of
anything that will?
>
> Your situation really doesn't seem like the sort of situation where
> you ought to need sshuttle. Why can't you connect to the Internet
> without ssh, anyway?
I have access to internet and SSH on another computer which is
> Your situation really doesn't seem like the sort of situation where
> you ought to need sshuttle. Why can't you connect to the Internet
> without ssh, anyway?
physically a fair distance away.
The only way I can get internet where I am is to make an SSH tunnel
through that computer's internet connection (which is a direct
connection that can handle any protocol that I have tried).
(I know it probably sounds like a stupid setup, but I can't really
help it)
>
> Avery
Brian May
Apr 7, 2011, 12:17:09 AM4/7/11
to ltay, sshuttle
On 7 April 2011 02:47, ltay <luke.t...@gmail.com> wrote:
I have access to internet and SSH on another computer which is
physically a fair distance away.
Lets start with some simple questions:
1. How is your computer and the remote Internet computer physically connected? Long cable that goes directly from one place to the other? Or some other more complicated setup? Or, to ask in a different way, are they any routers, vpns, firewalls, etc, between the two computers?
2. Do these computers have names? Just makes it easier to discuss without getting confused.
3. Do you have admin rights on this remote computer that has Internet access? If not, if you ask the admin to make changes do you think they will listen?
Answers to these questions will help determine if sshuttle is the most appropriate solution for your needs, and if not what might be more appropriate.
Brian May <br...@microcomaustralia.com.au>
ltay
Apr 7, 2011, 1:05:03 AM4/7/11
to sshuttle
On Apr 7, 2:17 pm, Brian May <br...@microcomaustralia.com.au> wrote:
> On 7 April 2011 02:47, ltay <luke.taylo...@gmail.com> wrote:
>
> > I have access to internet and SSH on another computer which is
> > physically a fair distance away.
>
> Lets start with some simple questions:
>
> 1. How is your computer and the remote Internet computer physically
> connected? Long cable that goes directly from one place to the other? Or
> some other more complicated setup? Or, to ask in a different way, are they
> any routers, vpns, firewalls, etc, between the two computers?
There are at least 2 switches between the two computers, but most
>
> > I have access to internet and SSH on another computer which is
> > physically a fair distance away.
>
> Lets start with some simple questions:
>
> 1. How is your computer and the remote Internet computer physically
> connected? Long cable that goes directly from one place to the other? Or
> some other more complicated setup? Or, to ask in a different way, are they
> any routers, vpns, firewalls, etc, between the two computers?
likely more complicated, I'm not sure of the exact setup.
>
> 2. Do these computers have names? Just makes it easier to discuss without
> getting confused.
Can call them remote and local.
> 2. Do these computers have names? Just makes it easier to discuss without
> getting confused.
>
> 3. Do you have admin rights on this remote computer that has Internet
> access? If not, if you ask the admin to make changes do you think they will
> listen?
I don't have admin rights and I doubt the admins would much around
> 3. Do you have admin rights on this remote computer that has Internet
> access? If not, if you ask the admin to make changes do you think they will
> listen?
making changes for me. It's perfectly fine for me to use the computer
and internet etc because I pay for it, however it would be a lot nicer
if I could access it from my room which is a distance away.
>
> Answers to these questions will help determine if sshuttle is the most
> appropriate solution for your needs, and if not what might be more
> appropriate.
Thanks for helping me out I really appreciate it.
> Answers to these questions will help determine if sshuttle is the most
> appropriate solution for your needs, and if not what might be more
> appropriate.
> --
> Brian May <br...@microcomaustralia.com.au>
Brian May
Apr 7, 2011, 1:33:42 AM4/7/11
to ltay, sshuttle
On 7 April 2011 15:05, ltay <luke.t...@gmail.com> wrote:
I don't have admin rights and I doubt the admins would much around
making changes for me. It's perfectly fine for me to use the computer
and internet etc because I pay for it, however it would be a lot nicer
if I could access it from my room which is a distance away.
Ok, that complicates matters then. You may be right, sshuttle is perhaps the best solution. The more "ideal" solutions, e.g. routing packets directly to the remote host, or some sort of VPN, require the cooperation of the administrators on the remote system/network.
Unfortunately, as already mentioned, sshuttle doesn't currently support UDP, so you may not be able to get it working with games.
I am curious that you reported having problems with DNS from the local computer - it should work fine... To debug this issue, give us the output of the following commands:
cat /etc/resolv.conf
sudo iptables -t nat -n -L
As well as copying the debug output from sshuttle (-vvv parameter) when doing the failing lookup command with nothing else happening on the network.
Oh, what version of sshuttle are you using?
Brian May <br...@microcomaustralia.com.au>
Message has been deleted
ltay
Apr 7, 2011, 8:00:28 AM4/7/11
to sshuttle
root@linuxbox:~# cat /etc/resolv.conf
# Generated by NetworkManager
domain correct
search correct
nameserver correct DNS1
nameserver correct DNS2
root@linuxbox:~# iptables -t nat -n -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
sshuttle-12300 all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
sshuttle-12300 all -- 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain sshuttle-12300 (2 references)
target prot opt source destination
RETURN tcp -- 0.0.0.0/0 127.0.0.0/8
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 TTL match
TTL != 42 redir ports 12300
REDIRECT udp -- 0.0.0.0/0 131.236.3.91 udp dpt:
53 TTL match TTL != 42 redir ports 12300
REDIRECT udp -- 0.0.0.0/0 131.236.2.1 udp dpt:
53 TTL match TTL != 42 redir ports 12300
root@linuxbox:~#
> As well as copying the debug output from sshuttle (-vvv parameter) when
> doing the failing lookup command with nothing else happening on the network.
c : Ready: 4 r=[9] w=[] x=[]
c : < channel=16 cmd=DNS_RESPONSE len=113
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6586/0)
c : Ready: 4 r=[5] w=[] x=[]
c : DNS request from ('131.236.170.207', 42949): 28 bytes
c : > channel=17 cmd=DNS_REQ len=28 (fullness=6586)
c : mux wrote: 36/36
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6614/0)
s: Ready: 2 r=[4] w=[] x=[]
s: < channel=17 cmd=DNS_REQ len=28
s: Incoming DNS request.
s: Waiting: 3 r=[4, 6, 8] w=[] x=[] (fullness=3976/0)
s: Ready: 3 r=[8] w=[] x=[]
s: DNS response: 56 bytes
s: > channel=17 cmd=DNS_RESPONSE len=56 (fullness=3976)
c : Ready: 4 r=[9] w=[] x=[]
c : < channel=17 cmd=DNS_RESPONSE len=56
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6614/0)
s: mux wrote: 64/64
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=4032/0)
c : Ready: 4 r=[5] w=[] x=[]
c : DNS request from ('131.236.170.207', 54078): 57 bytes
c : > channel=18 cmd=DNS_REQ len=57 (fullness=6614)
c : mux wrote: 65/65
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6671/0)
s: Ready: 2 r=[4] w=[] x=[]
s: < channel=18 cmd=DNS_REQ len=57
s: Incoming DNS request.
s: Waiting: 3 r=[4, 6, 7] w=[] x=[] (fullness=4032/0)
s: Ready: 3 r=[7] w=[] x=[]
s: DNS response: 113 bytes
s: > channel=18 cmd=DNS_RESPONSE len=113 (fullness=4032)
s: mux wrote: 121/121
c : Ready: 4 r=[9] w=[] x=[]
c : < channel=18 cmd=DNS_RESPONSE len=113
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6671/0)
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=4145/0)
c : Ready: 4 r=[5] w=[] x=[]
c : DNS request from ('131.236.170.207', 39588): 28 bytes
c : > channel=19 cmd=DNS_REQ len=28 (fullness=6671)
c : mux wrote: 36/36
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6699/0)
s: Ready: 2 r=[4] w=[] x=[]
s: < channel=19 cmd=DNS_REQ len=28
s: Incoming DNS request.
s: Waiting: 3 r=[4, 6, 8] w=[] x=[] (fullness=4145/0)
s: Ready: 3 r=[8] w=[] x=[]
s: DNS response: 56 bytes
s: > channel=19 cmd=DNS_RESPONSE len=56 (fullness=4145)
s: mux wrote: 64/64
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=4201/0)
c : Ready: 4 r=[9] w=[] x=[]
c : < channel=19 cmd=DNS_RESPONSE len=56
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6699/0)
c : Ready: 4 r=[5] w=[] x=[]
c : DNS request from ('131.236.170.207', 59181): 57 bytes
c : > channel=20 cmd=DNS_REQ len=57 (fullness=6699)
c : mux wrote: 65/65
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6756/0)
s: Ready: 2 r=[4] w=[] x=[]
s: < channel=20 cmd=DNS_REQ len=57
s: Incoming DNS request.
s: Waiting: 3 r=[4, 6, 7] w=[] x=[] (fullness=4201/0)
s: Ready: 3 r=[7] w=[] x=[]
s: DNS response: 113 bytes
s: > channel=20 cmd=DNS_RESPONSE len=113 (fullness=4201)
s: mux wrote: 121/121
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=4314/0)
c : Ready: 4 r=[9] w=[] x=[]
c : < channel=20 cmd=DNS_RESPONSE len=113
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6756/0)
c : Ready: 4 r=[5] w=[] x=[]
c : DNS request from ('131.236.170.207', 49701): 40 bytes
c : > channel=21 cmd=DNS_REQ len=40 (fullness=6756)
c : mux wrote: 48/48
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6796/0)
s: Ready: 2 r=[4] w=[] x=[]
s: < channel=21 cmd=DNS_REQ len=40
s: Incoming DNS request.
s: Waiting: 3 r=[4, 6, 8] w=[] x=[] (fullness=4314/0)
s: Ready: 3 r=[8] w=[] x=[]
s: DNS response: 96 bytes
s: > channel=21 cmd=DNS_RESPONSE len=96 (fullness=4314)
c : Ready: 4 r=[9] w=[] x=[]
c : < channel=21 cmd=DNS_RESPONSE len=96
s: mux wrote: 104/104
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=4410/0)
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6796/0)
c : Ready: 4 r=[5] w=[] x=[]
c : DNS request from ('131.236.170.207', 54078): 57 bytes
c : > channel=22 cmd=DNS_REQ len=57 (fullness=6796)
c : mux wrote: 65/65
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6853/0)
s: Ready: 2 r=[4] w=[] x=[]
s: < channel=22 cmd=DNS_REQ len=57
s: Incoming DNS request.
s: Waiting: 3 r=[4, 6, 7] w=[] x=[] (fullness=4410/0)
s: Ready: 3 r=[7] w=[] x=[]
s: DNS response: 113 bytes
s: > channel=22 cmd=DNS_RESPONSE len=113 (fullness=4410)
s: mux wrote: 121/121
c : Ready: 4 r=[9] w=[] x=[]
c : < channel=22 cmd=DNS_RESPONSE len=113
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=4523/0)
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6853/0)
c : Ready: 4 r=[5] w=[] x=[]
c : DNS request from ('131.236.170.207', 42179): 40 bytes
c : > channel=23 cmd=DNS_REQ len=40 (fullness=6853)
c : mux wrote: 48/48
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6893/0)
s: Ready: 2 r=[4] w=[] x=[]
s: < channel=23 cmd=DNS_REQ len=40
s: Incoming DNS request.
s: Waiting: 3 r=[4, 6, 8] w=[] x=[] (fullness=4523/0)
s: Ready: 3 r=[8] w=[] x=[]
s: DNS response: 96 bytes
s: > channel=23 cmd=DNS_RESPONSE len=96 (fullness=4523)
s: mux wrote: 104/104
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=4619/0)
c : Ready: 4 r=[9] w=[] x=[]
c : < channel=23 cmd=DNS_RESPONSE len=96
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6893/0)
c : Ready: 4 r=[5] w=[] x=[]
c : DNS request from ('131.236.170.207', 51374): 45 bytes
c : > channel=24 cmd=DNS_REQ len=45 (fullness=6893)
c : mux wrote: 53/53
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6938/0)
s: Ready: 2 r=[4] w=[] x=[]
s: < channel=24 cmd=DNS_REQ len=45
s: Incoming DNS request.
s: Waiting: 3 r=[4, 6, 7] w=[] x=[] (fullness=4619/0)
s: Ready: 3 r=[7] w=[] x=[]
s: DNS response: 102 bytes
s: > channel=24 cmd=DNS_RESPONSE len=102 (fullness=4619)
c : Ready: 4 r=[9] w=[] x=[]
c : < channel=24 cmd=DNS_RESPONSE len=102
s: mux wrote: 110/110
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=4721/0)
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6938/0)
c : Ready: 4 r=[5] w=[] x=[]
c : DNS request from ('131.236.170.207', 49701): 40 bytes
c : > channel=25 cmd=DNS_REQ len=40 (fullness=6938)
c : mux wrote: 48/48
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6978/0)
s: Ready: 2 r=[4] w=[] x=[]
s: < channel=25 cmd=DNS_REQ len=40
s: Incoming DNS request.
s: Waiting: 3 r=[4, 6, 8] w=[] x=[] (fullness=4721/0)
s: Ready: 3 r=[8] w=[] x=[]
s: DNS response: 96 bytes
s: > channel=25 cmd=DNS_RESPONSE len=96 (fullness=4721)
c : Ready: 4 r=[9] w=[] x=[]
c : < channel=25 cmd=DNS_RESPONSE len=96
s: mux wrote: 104/104
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=4817/0)
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6978/0)
c : Ready: 4 r=[5] w=[] x=[]
c : DNS request from ('131.236.170.207', 34020): 45 bytes
c : > channel=26 cmd=DNS_REQ len=45 (fullness=6978)
c : mux wrote: 53/53
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=7023/0)
s: Ready: 2 r=[4] w=[] x=[]
s: < channel=26 cmd=DNS_REQ len=45
s: Incoming DNS request.
s: Waiting: 3 r=[4, 6, 7] w=[] x=[] (fullness=4817/0)
s: Ready: 3 r=[7] w=[] x=[]
s: DNS response: 102 bytes
s: > channel=26 cmd=DNS_RESPONSE len=102 (fullness=4817)
s: mux wrote: 110/110
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=4919/0)
c : Ready: 4 r=[9] w=[] x=[]
c : < channel=26 cmd=DNS_RESPONSE len=102
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=7023/0)
> Oh, what version of sshuttle are you using?
Version 0.52
# Generated by NetworkManager
domain correct
search correct
nameserver correct DNS1
nameserver correct DNS2
root@linuxbox:~# iptables -t nat -n -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
sshuttle-12300 all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
sshuttle-12300 all -- 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain sshuttle-12300 (2 references)
target prot opt source destination
RETURN tcp -- 0.0.0.0/0 127.0.0.0/8
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 TTL match
TTL != 42 redir ports 12300
REDIRECT udp -- 0.0.0.0/0 131.236.3.91 udp dpt:
53 TTL match TTL != 42 redir ports 12300
REDIRECT udp -- 0.0.0.0/0 131.236.2.1 udp dpt:
53 TTL match TTL != 42 redir ports 12300
root@linuxbox:~#
> As well as copying the debug output from sshuttle (-vvv parameter) when
> doing the failing lookup command with nothing else happening on the network.
c : < channel=16 cmd=DNS_RESPONSE len=113
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6586/0)
c : Ready: 4 r=[5] w=[] x=[]
c : DNS request from ('131.236.170.207', 42949): 28 bytes
c : > channel=17 cmd=DNS_REQ len=28 (fullness=6586)
c : mux wrote: 36/36
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6614/0)
s: Ready: 2 r=[4] w=[] x=[]
s: < channel=17 cmd=DNS_REQ len=28
s: Incoming DNS request.
s: Waiting: 3 r=[4, 6, 8] w=[] x=[] (fullness=3976/0)
s: Ready: 3 r=[8] w=[] x=[]
s: DNS response: 56 bytes
s: > channel=17 cmd=DNS_RESPONSE len=56 (fullness=3976)
c : Ready: 4 r=[9] w=[] x=[]
c : < channel=17 cmd=DNS_RESPONSE len=56
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6614/0)
s: mux wrote: 64/64
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=4032/0)
c : Ready: 4 r=[5] w=[] x=[]
c : DNS request from ('131.236.170.207', 54078): 57 bytes
c : > channel=18 cmd=DNS_REQ len=57 (fullness=6614)
c : mux wrote: 65/65
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6671/0)
s: Ready: 2 r=[4] w=[] x=[]
s: < channel=18 cmd=DNS_REQ len=57
s: Incoming DNS request.
s: Waiting: 3 r=[4, 6, 7] w=[] x=[] (fullness=4032/0)
s: Ready: 3 r=[7] w=[] x=[]
s: DNS response: 113 bytes
s: > channel=18 cmd=DNS_RESPONSE len=113 (fullness=4032)
s: mux wrote: 121/121
c : Ready: 4 r=[9] w=[] x=[]
c : < channel=18 cmd=DNS_RESPONSE len=113
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6671/0)
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=4145/0)
c : Ready: 4 r=[5] w=[] x=[]
c : DNS request from ('131.236.170.207', 39588): 28 bytes
c : > channel=19 cmd=DNS_REQ len=28 (fullness=6671)
c : mux wrote: 36/36
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6699/0)
s: Ready: 2 r=[4] w=[] x=[]
s: < channel=19 cmd=DNS_REQ len=28
s: Incoming DNS request.
s: Waiting: 3 r=[4, 6, 8] w=[] x=[] (fullness=4145/0)
s: Ready: 3 r=[8] w=[] x=[]
s: DNS response: 56 bytes
s: > channel=19 cmd=DNS_RESPONSE len=56 (fullness=4145)
s: mux wrote: 64/64
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=4201/0)
c : Ready: 4 r=[9] w=[] x=[]
c : < channel=19 cmd=DNS_RESPONSE len=56
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6699/0)
c : Ready: 4 r=[5] w=[] x=[]
c : DNS request from ('131.236.170.207', 59181): 57 bytes
c : > channel=20 cmd=DNS_REQ len=57 (fullness=6699)
c : mux wrote: 65/65
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6756/0)
s: Ready: 2 r=[4] w=[] x=[]
s: < channel=20 cmd=DNS_REQ len=57
s: Incoming DNS request.
s: Waiting: 3 r=[4, 6, 7] w=[] x=[] (fullness=4201/0)
s: Ready: 3 r=[7] w=[] x=[]
s: DNS response: 113 bytes
s: > channel=20 cmd=DNS_RESPONSE len=113 (fullness=4201)
s: mux wrote: 121/121
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=4314/0)
c : Ready: 4 r=[9] w=[] x=[]
c : < channel=20 cmd=DNS_RESPONSE len=113
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6756/0)
c : Ready: 4 r=[5] w=[] x=[]
c : DNS request from ('131.236.170.207', 49701): 40 bytes
c : > channel=21 cmd=DNS_REQ len=40 (fullness=6756)
c : mux wrote: 48/48
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6796/0)
s: Ready: 2 r=[4] w=[] x=[]
s: < channel=21 cmd=DNS_REQ len=40
s: Incoming DNS request.
s: Waiting: 3 r=[4, 6, 8] w=[] x=[] (fullness=4314/0)
s: Ready: 3 r=[8] w=[] x=[]
s: DNS response: 96 bytes
s: > channel=21 cmd=DNS_RESPONSE len=96 (fullness=4314)
c : Ready: 4 r=[9] w=[] x=[]
c : < channel=21 cmd=DNS_RESPONSE len=96
s: mux wrote: 104/104
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=4410/0)
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6796/0)
c : Ready: 4 r=[5] w=[] x=[]
c : DNS request from ('131.236.170.207', 54078): 57 bytes
c : > channel=22 cmd=DNS_REQ len=57 (fullness=6796)
c : mux wrote: 65/65
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6853/0)
s: Ready: 2 r=[4] w=[] x=[]
s: < channel=22 cmd=DNS_REQ len=57
s: Incoming DNS request.
s: Waiting: 3 r=[4, 6, 7] w=[] x=[] (fullness=4410/0)
s: Ready: 3 r=[7] w=[] x=[]
s: DNS response: 113 bytes
s: > channel=22 cmd=DNS_RESPONSE len=113 (fullness=4410)
s: mux wrote: 121/121
c : Ready: 4 r=[9] w=[] x=[]
c : < channel=22 cmd=DNS_RESPONSE len=113
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=4523/0)
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6853/0)
c : Ready: 4 r=[5] w=[] x=[]
c : DNS request from ('131.236.170.207', 42179): 40 bytes
c : > channel=23 cmd=DNS_REQ len=40 (fullness=6853)
c : mux wrote: 48/48
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6893/0)
s: Ready: 2 r=[4] w=[] x=[]
s: < channel=23 cmd=DNS_REQ len=40
s: Incoming DNS request.
s: Waiting: 3 r=[4, 6, 8] w=[] x=[] (fullness=4523/0)
s: Ready: 3 r=[8] w=[] x=[]
s: DNS response: 96 bytes
s: > channel=23 cmd=DNS_RESPONSE len=96 (fullness=4523)
s: mux wrote: 104/104
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=4619/0)
c : Ready: 4 r=[9] w=[] x=[]
c : < channel=23 cmd=DNS_RESPONSE len=96
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6893/0)
c : Ready: 4 r=[5] w=[] x=[]
c : DNS request from ('131.236.170.207', 51374): 45 bytes
c : > channel=24 cmd=DNS_REQ len=45 (fullness=6893)
c : mux wrote: 53/53
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6938/0)
s: Ready: 2 r=[4] w=[] x=[]
s: < channel=24 cmd=DNS_REQ len=45
s: Incoming DNS request.
s: Waiting: 3 r=[4, 6, 7] w=[] x=[] (fullness=4619/0)
s: Ready: 3 r=[7] w=[] x=[]
s: DNS response: 102 bytes
s: > channel=24 cmd=DNS_RESPONSE len=102 (fullness=4619)
c : Ready: 4 r=[9] w=[] x=[]
c : < channel=24 cmd=DNS_RESPONSE len=102
s: mux wrote: 110/110
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=4721/0)
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6938/0)
c : Ready: 4 r=[5] w=[] x=[]
c : DNS request from ('131.236.170.207', 49701): 40 bytes
c : > channel=25 cmd=DNS_REQ len=40 (fullness=6938)
c : mux wrote: 48/48
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6978/0)
s: Ready: 2 r=[4] w=[] x=[]
s: < channel=25 cmd=DNS_REQ len=40
s: Incoming DNS request.
s: Waiting: 3 r=[4, 6, 8] w=[] x=[] (fullness=4721/0)
s: Ready: 3 r=[8] w=[] x=[]
s: DNS response: 96 bytes
s: > channel=25 cmd=DNS_RESPONSE len=96 (fullness=4721)
c : Ready: 4 r=[9] w=[] x=[]
c : < channel=25 cmd=DNS_RESPONSE len=96
s: mux wrote: 104/104
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=4817/0)
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=6978/0)
c : Ready: 4 r=[5] w=[] x=[]
c : DNS request from ('131.236.170.207', 34020): 45 bytes
c : > channel=26 cmd=DNS_REQ len=45 (fullness=6978)
c : mux wrote: 53/53
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=7023/0)
s: Ready: 2 r=[4] w=[] x=[]
s: < channel=26 cmd=DNS_REQ len=45
s: Incoming DNS request.
s: Waiting: 3 r=[4, 6, 7] w=[] x=[] (fullness=4817/0)
s: Ready: 3 r=[7] w=[] x=[]
s: DNS response: 102 bytes
s: > channel=26 cmd=DNS_RESPONSE len=102 (fullness=4817)
s: mux wrote: 110/110
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=4919/0)
c : Ready: 4 r=[9] w=[] x=[]
c : < channel=26 cmd=DNS_RESPONSE len=102
c : Waiting: 4 r=[3, 5, 8, 9] w=[] x=[] (fullness=7023/0)
> Oh, what version of sshuttle are you using?
Brian May
Apr 11, 2011, 9:14:37 PM4/11/11
to ltay, sshuttle
On 7 April 2011 16:28, ltay <luke.t...@gmail.com> wrote:
> cat /etc/resolv.conf
> sudo iptables -t nat -n -L
> As well as copying the debug output from sshuttle (-vvv parameter) when
> doing the failing lookup command with nothing else happening on the network.
This rather puzzles me, because from the debug output you have given me it looks like everything should be working fine.
Do you have any firewall stuff running on the local box that might be filtering packets? Use "iptables -n -L" to find out. Overzealous firewalls might be doing the wrong thing here.
tcpdump -n -s 0 -i lo
Then do the DNS lookup, and see if you get a response.
Notes:
(a) The above command dumps the packets *after* the nat redirection, this initially confused me.
(b) -n turns of DNS lookups, because they are obviously broken - very important.
On my system I get:
11:06:26.311509 IP 128.250.103.215.44838 > 127.0.0.1.12300: UDP, length 44
11:06:26.392966 IP 128.250.66.5.53 > 128.250.103.215.44838: 31069 1/4/8 PTR a150-101-98-19.deploy.akamaitechnologies.com. (356)
Note that 128.250.103.215.44838 is the same on both lines. Very important.
ltay
Apr 13, 2011, 7:01:16 AM4/13/11
to sshuttle
Hi thanks for all the tips.
The main issue for me was not being able to tunnel UDP over sshuttle,
but that was my fault for not checking whether it could do it
initially.
I've had to change to openVPN using a paid server, I then tunnel
openVPN through TCP.
However I saw your other post about new code that has the potential
for UDP to work with sshuttle, if this was ever implemented that would
be amazing and save VPN server costs!
Cheers guys!
Luke
The main issue for me was not being able to tunnel UDP over sshuttle,
but that was my fault for not checking whether it could do it
initially.
I've had to change to openVPN using a paid server, I then tunnel
openVPN through TCP.
However I saw your other post about new code that has the potential
for UDP to work with sshuttle, if this was ever implemented that would
be amazing and save VPN server costs!
Cheers guys!
Luke
Reply all
Reply to author
Forward
0 new messages