Excluding a port? (like port 80)

[mbro...@gmail.com]

I just tried this out and love it so far but am wondering about one thing...

Does web traffic also get forwarded? I haven't tested it out for long enough to tell based on internet speed, but assuming that web traffic is being forwarded, how would I go about excluding port 80 so that web browsing always happens directly through my local internet connection? Or is that not a good idea for some reason?

My ideal would be to be able to have speedy web browsing (that's not being forwarded) but have all other ports forwarded...something I currently can't do with Mac's VPN options).

Thank you so much for this program! (Mac VPN is flaky as hell and connections don't work if the remote network uses any of the same subnets as the local one...this has been a big help already.)

[Gert Van Gool]

This is not possible with sshuttle (at least not that I'm aware of).
The reason is quite simple, traffic gets forwarded based on IP
addresses (and ranges). Ports don't get into the mix.

-- Gert

Mobile: +32 498725202
Twitter: @gvangool
Web: http://gertvangool.be

[mbro...@gmail.com]

Thanks for the fast reply...that makes sense, I didn't realize that port tunneling wasn't involved. Still a very useful tool.

[Jason Axelson]

A more manual approach might be to use a separate SOCKS proxy that
uses a local server that isn't forwarded by sshuttle.

[mbro...@gmail.com]

Thanks... as it turns out, it appears that sshuttle isn't forwarding port 80 to begin with...I'm not sure why. Of course, this is exactly the behavior I want.

One thing I'm wondering, though, is if it would be possible to forward port 80 in case I ever wanted to (while using sshuttle, of course), for example if there were a web server on the remote network that I wanted to connect to that wasn't available from outside the network. But as I said I don't have a need for that at the moment so it's more that I'm curious.

Thanks anyway for the suggestion.

[Jason Axelson]

It sounds like you're forwarding only a specific subnets. In that case
since dns isn't modified at all, web hosts outside of the subnet will
not have their traffic modified. For sites you know that are in that
subnet you can use the --seed-hosts parameter to help the IP lookup.

Of course, I could be wrong and this is a different problem.

Jason

[mbro...@gmail.com]

Actually I was just using the 0/0 option (short for 0.0.0.0/0) ... but thanks

[jmzt...@gmail.com]

This is as old as dirt and I apologize for bringing up such an old thread but I couldn't find any information about this and found a solution for it.  On the remote server use ssh GatewayPorts

In my example below, say you had a webserver running on port 8080 on the client.  This command will forward port 8080 from your remote machine to client.  

The only catch is, this needs to be ran before starting sshuttle.  Run in screen or add the & to it to keep it open.

ssh -L 8080:localhost:8080 -N -o GatewayPorts=yes hostname_of_client