Bug Report : --listen and --dns confilct causes DNS lookup unusable
273 views
Skip to first unread message
panyo...@gmail.com
Jan 7, 2012, 4:21:47 AM1/7/12
to sshu...@googlegroups.com
Tested in lasted master and Ubuntu 0.53 version. Command line arguments are:
-vv --dns -r $server --pidfile /tmp/sshuttle.pid 0.0.0.0/0 -x 192.168.0.0/16 --listen 0.0.0.0:0
After connected, all DNS lookup fails:
$ dig g.cn
;; reply from unexpected source: 192.168.2.6#12300, expected 192.168.2.1#53
;; reply from unexpected source: 192.168.2.6#12300, expected 192.168.2.1#53
Works after commenting --listen 0.0.0.0:0.
-vv --dns -r $server --pidfile /tmp/sshuttle.pid 0.0.0.0/0 -x 192.168.0.0/16 --listen 0.0.0.0:0
After connected, all DNS lookup fails:
$ dig g.cn
;; reply from unexpected source: 192.168.2.6#12300, expected 192.168.2.1#53
;; reply from unexpected source: 192.168.2.6#12300, expected 192.168.2.1#53
Works after commenting --listen 0.0.0.0:0.
Brian May
Jan 13, 2012, 5:56:15 PM1/13/12
to sshu...@googlegroups.com
On 7 January 2012 20:21, <panyo...@gmail.com> wrote:
> Tested in lasted master and Ubuntu 0.53 version. Command line arguments are:
>
> -vv --dns -r $server --pidfile /tmp/sshuttle.pid 0.0.0.0/0 -x 192.168.0.0/16
> --listen 0.0.0.0:0
> Tested in lasted master and Ubuntu 0.53 version. Command line arguments are:
>
> -vv --dns -r $server --pidfile /tmp/sshuttle.pid 0.0.0.0/0 -x 192.168.0.0/16
> --listen 0.0.0.0:0
I see that you have already used -vv.
Can you please post the debugging output when starting the daemon?
There is no reason the options should conflict. In the master code,
dns listens on the UDP port, and the rest of sshuttle listens on the
TCP port.
Also on your network, what IP address is 192.168.2.6 and what IP
address is 192.168.2.1?
--
Brian May <br...@microcomaustralia.com.au>
Yongzhi Pan
Jan 15, 2012, 1:49:52 AM1/15/12
to Brian May, sshu...@googlegroups.com
192.168.2.6 is my computer IP address, and 192.168.2.1 is my DNS server also home router.
After the connection is established, I digged twitter.com:
$ dig twitter.com
;; reply from unexpected source: 192.168.2.6#12300, expected 192.168.2.1#53
;; reply from unexpected source: 192.168.2.6#12300, expected 192.168.2.1#53
;; reply from unexpected source: 192.168.2.6#12300, expected 192.168.2.1#53
The log is below:
$ mysshtunnel
Starting sshuttle proxy.
Binding: 12300
Listening on ('0.0.0.0', 12300).
DNS listening on ('0.0.0.0', 12300).
firewall manager ready.
c : connecting to server...
c : executing: ['ssh', 'user@server', '--', 'P=python2; $P -V 2>/dev/null || P=python; exec "$P" -c \'import sys; skip_imports=1; verbosity=2; exec compile(sys.stdin.read(764), "assembler.py", "exec")\'']
c : > channel=0 cmd=PING len=7 (fullness=0)
server: assembling 'cmdline_options.py' (29 bytes)
server: assembling 'helpers.py' (693 bytes)
server: assembling 'ssubprocess.py' (13702 bytes)
server: assembling 'ssnet.py' (5207 bytes)
server: assembling 'hostwatch.py' (2237 bytes)
server: assembling 'server.py' (2377 bytes)
s: latency control setting = True
s: available routes:
s: 10.146.18.0/23
s: > channel=0 cmd=PING len=7 (fullness=0)
s: > channel=0 cmd=ROUTES len=15 (fullness=7)
s: Waiting: 1 r=[4] w=[5] x=[] (fullness=22/0)
s: Ready: 1 r=[] w=[5] x=[]
s: mux wrote: 15/15
s: mux wrote: 23/23
s: Waiting: 1 r=[4] w=[] x=[] (fullness=22/0)
c : connected.
Connected.
c : Waiting: 3 r=[3, 5, 9] w=[9] x=[] (fullness=7/0)
c : Ready: 3 r=[9] w=[9] x=[]
c : < channel=0 cmd=PING len=7
c : > channel=0 cmd=PONG len=7 (fullness=7)
c : < channel=0 cmd=ROUTES len=15
firewall manager: starting transproxy.
>> iptables -t nat -N sshuttle-12300
>> iptables -t nat -F sshuttle-12300
>> iptables -t nat -I OUTPUT 1 -j sshuttle-12300
>> iptables -t nat -I PREROUTING 1 -j sshuttle-12300
>> iptables -t nat -A sshuttle-12300 -j RETURN --dest 192.168.0.0/16 -p tcp
>> iptables -t nat -A sshuttle-12300 -j RETURN --dest 127.0.0.0/8 -p tcp
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 0.0.0.0/0 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 192.168.2.1/32 -p udp --dport 53 --to-ports 12300 -m ttl ! --ttl 42
c : mux wrote: 15/15
c : mux wrote: 15/15
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=14/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=0 cmd=PING len=7
s: > channel=0 cmd=PONG len=7 (fullness=22)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=0 cmd=PONG len=7
c : received PING response
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=0/0)
s: mux wrote: 15/15
s: Waiting: 1 r=[4] w=[] x=[] (fullness=29/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=0 cmd=PONG len=7
s: received PING response
s: Waiting: 1 r=[4] w=[] x=[] (fullness=0/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 45401): 29 bytes
c : > channel=1 cmd=DNS_REQ len=29 (fullness=0)
c : mux wrote: 37/37
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=29/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=1 cmd=DNS_REQ len=29
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=0/0)
s: Ready: 2 r=[6] w=[] x=[]
s: DNS response: 77 bytes
s: > channel=1 cmd=DNS_RESPONSE len=77 (fullness=0)
s: mux wrote: 85/85
s: Waiting: 1 r=[4] w=[] x=[] (fullness=77/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=1 cmd=DNS_RESPONSE len=77
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=29/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 45401): 29 bytes
c : > channel=2 cmd=DNS_REQ len=29 (fullness=29)
c : mux wrote: 37/37
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=58/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=2 cmd=DNS_REQ len=29
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 7] w=[] x=[] (fullness=77/0)
s: Ready: 2 r=[7] w=[] x=[]
s: DNS response: 77 bytes
s: > channel=2 cmd=DNS_RESPONSE len=77 (fullness=77)
s: mux wrote: 85/85
s: Waiting: 1 r=[4] w=[] x=[] (fullness=154/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=2 cmd=DNS_RESPONSE len=77
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=58/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 53862): 32 bytes
c : > channel=3 cmd=DNS_REQ len=32 (fullness=58)
c : mux wrote: 40/40
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=90/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=3 cmd=DNS_REQ len=32
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=154/0)
s: Ready: 2 r=[6] w=[] x=[]
s: DNS response: 132 bytes
s: > channel=3 cmd=DNS_RESPONSE len=132 (fullness=154)
s: mux wrote: 140/140
s: Waiting: 1 r=[4] w=[] x=[] (fullness=286/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=3 cmd=DNS_RESPONSE len=132
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=90/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 45401): 29 bytes
c : > channel=4 cmd=DNS_REQ len=29 (fullness=90)
c : mux wrote: 37/37
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=119/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=4 cmd=DNS_REQ len=29
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 7] w=[] x=[] (fullness=286/0)
s: Ready: 2 r=[7] w=[] x=[]
s: DNS response: 77 bytes
s: > channel=4 cmd=DNS_RESPONSE len=77 (fullness=286)
s: mux wrote: 85/85
s: Waiting: 1 r=[4] w=[] x=[] (fullness=363/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=4 cmd=DNS_RESPONSE len=77
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=119/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 53862): 32 bytes
c : > channel=5 cmd=DNS_REQ len=32 (fullness=119)
c : mux wrote: 40/40
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=151/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=5 cmd=DNS_REQ len=32
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=363/0)
s: Ready: 2 r=[6] w=[] x=[]
s: DNS response: 132 bytes
s: > channel=5 cmd=DNS_RESPONSE len=132 (fullness=363)
s: mux wrote: 140/140
s: Waiting: 1 r=[4] w=[] x=[] (fullness=495/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=5 cmd=DNS_RESPONSE len=132
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=151/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 37985): 32 bytes
c : > channel=6 cmd=DNS_REQ len=32 (fullness=151)
c : mux wrote: 40/40
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=183/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=6 cmd=DNS_REQ len=32
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 7] w=[] x=[] (fullness=495/0)
s: Ready: 2 r=[7] w=[] x=[]
s: DNS response: 132 bytes
s: > channel=6 cmd=DNS_RESPONSE len=132 (fullness=495)
s: mux wrote: 140/140
s: Waiting: 1 r=[4] w=[] x=[] (fullness=627/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=6 cmd=DNS_RESPONSE len=132
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=183/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 34173): 33 bytes
c : > channel=7 cmd=DNS_REQ len=33 (fullness=183)
c : mux wrote: 41/41
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=216/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 56740): 33 bytes
c : > channel=8 cmd=DNS_REQ len=33 (fullness=216)
c : mux wrote: 41/41
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=249/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=7 cmd=DNS_REQ len=33
s: Incoming DNS request.
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 36611): 32 bytes
c : > channel=9 cmd=DNS_REQ len=32 (fullness=249)
c : mux wrote: 40/40
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=281/0)
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=627/0)
s: Ready: 2 r=[6] w=[] x=[]
s: DNS response: 108 bytes
s: > channel=7 cmd=DNS_RESPONSE len=108 (fullness=627)
s: mux wrote: 116/116
s: Waiting: 1 r=[4] w=[] x=[] (fullness=735/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=8 cmd=DNS_REQ len=33
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 7] w=[] x=[] (fullness=735/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=7 cmd=DNS_RESPONSE len=108
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=281/0)
s: Ready: 2 r=[7] w=[] x=[]
s: DNS response: 80 bytes
s: > channel=8 cmd=DNS_RESPONSE len=80 (fullness=735)
s: mux wrote: 88/88
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=8 cmd=DNS_RESPONSE len=80
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=281/0)
s: Waiting: 1 r=[4] w=[] x=[] (fullness=815/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=9 cmd=DNS_REQ len=32
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=815/0)
s: Ready: 2 r=[6] w=[] x=[]
s: DNS response: 132 bytes
s: > channel=9 cmd=DNS_RESPONSE len=132 (fullness=815)
s: mux wrote: 140/140
s: Waiting: 1 r=[4] w=[] x=[] (fullness=947/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=9 cmd=DNS_RESPONSE len=132
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=281/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 37985): 32 bytes
c : > channel=10 cmd=DNS_REQ len=32 (fullness=281)
c : mux wrote: 40/40
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=313/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=10 cmd=DNS_REQ len=32
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 7] w=[] x=[] (fullness=947/0)
s: Ready: 2 r=[7] w=[] x=[]
s: DNS response: 132 bytes
s: > channel=10 cmd=DNS_RESPONSE len=132 (fullness=947)
s: mux wrote: 140/140
s: Waiting: 1 r=[4] w=[] x=[] (fullness=1079/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=10 cmd=DNS_RESPONSE len=132
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=313/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 34173): 33 bytes
c : > channel=11 cmd=DNS_REQ len=33 (fullness=313)
c : mux wrote: 41/41
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=346/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 56740): 33 bytes
c : > channel=12 cmd=DNS_REQ len=33 (fullness=346)
c : mux wrote: 41/41
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=379/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=11 cmd=DNS_REQ len=33
s: Incoming DNS request.
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 36611): 32 bytes
c : > channel=13 cmd=DNS_REQ len=32 (fullness=379)
c : mux wrote: 40/40
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=411/0)
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=1079/0)
s: Ready: 2 r=[6] w=[] x=[]
s: DNS response: 108 bytes
s: > channel=11 cmd=DNS_RESPONSE len=108 (fullness=1079)
s: mux wrote: 116/116
s: Waiting: 1 r=[4] w=[] x=[] (fullness=1187/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=12 cmd=DNS_REQ len=33
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 7] w=[] x=[] (fullness=1187/0)
s: Ready: 2 r=[7] w=[] x=[]
s: DNS response: 80 bytes
s: > channel=12 cmd=DNS_RESPONSE len=80 (fullness=1187)
s: mux wrote: 88/88
s: Waiting: 1 r=[4] w=[] x=[] (fullness=1267/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=11 cmd=DNS_RESPONSE len=108
c : < channel=12 cmd=DNS_RESPONSE len=80
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=411/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=13 cmd=DNS_REQ len=32
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=1267/0)
s: Ready: 2 r=[6] w=[] x=[]
s: DNS response: 132 bytes
s: > channel=13 cmd=DNS_RESPONSE len=132 (fullness=1267)
s: mux wrote: 140/140
s: Waiting: 1 r=[4] w=[] x=[] (fullness=1399/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=13 cmd=DNS_RESPONSE len=132
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=411/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 48764): 33 bytes
c : > channel=14 cmd=DNS_REQ len=33 (fullness=411)
c : mux wrote: 41/41
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=444/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 53619): 33 bytes
c : > channel=15 cmd=DNS_REQ len=33 (fullness=444)
c : mux wrote: 41/41
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=477/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=14 cmd=DNS_REQ len=33
s: Incoming DNS request.
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 46535): 32 bytes
c : > channel=16 cmd=DNS_REQ len=32 (fullness=477)
c : mux wrote: 40/40
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=509/0)
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 7] w=[] x=[] (fullness=1399/0)
s: Ready: 2 r=[7] w=[] x=[]
s: DNS response: 108 bytes
s: > channel=14 cmd=DNS_RESPONSE len=108 (fullness=1399)
s: mux wrote: 116/116
s: Waiting: 1 r=[4] w=[] x=[] (fullness=1507/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=15 cmd=DNS_REQ len=33
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=1507/0)
s: Ready: 2 r=[6] w=[] x=[]
s: DNS response: 80 bytes
s: > channel=15 cmd=DNS_RESPONSE len=80 (fullness=1507)
s: mux wrote: 88/88
s: Waiting: 1 r=[4] w=[] x=[] (fullness=1587/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=14 cmd=DNS_RESPONSE len=108
c : < channel=15 cmd=DNS_RESPONSE len=80
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=509/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=16 cmd=DNS_REQ len=32
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 7] w=[] x=[] (fullness=1587/0)
s: Ready: 2 r=[7] w=[] x=[]
s: DNS response: 132 bytes
s: > channel=16 cmd=DNS_RESPONSE len=132 (fullness=1587)
s: mux wrote: 140/140
s: Waiting: 1 r=[4] w=[] x=[] (fullness=1719/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=16 cmd=DNS_RESPONSE len=132
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=509/0)
^Cfirewall manager: undoing changes.
>> iptables -t nat -D OUTPUT -j sshuttle-12300
>> iptables -t nat -D PREROUTING -j sshuttle-12300
>> iptables -t nat -F sshuttle-12300
>> iptables -t nat -X sshuttle-12300
Keyboard interrupt: exiting.
c : fatal: cleanup: ['sudo', '-p', '[local sudo] Password: ', 'python', '/usr/lib/sshuttle/main.py', 'python', '-v', '-v', '--firewall', '12300', '12300'] returned 1
$ mysshtunnel
Starting sshuttle proxy.
Binding: 12300
Listening on ('0.0.0.0', 12300).
DNS listening on ('0.0.0.0', 12300).
firewall manager ready.
c : connecting to server...
c : executing: ['ssh', 'user@server', '--', 'P=python2; $P -V 2>/dev/null || P=python; exec "$P" -c \'import sys; skip_imports=1; verbosity=2; exec compile(sys.stdin.read(764), "assembler.py", "exec")\'']
c : > channel=0 cmd=PING len=7 (fullness=0)
server: assembling 'cmdline_options.py' (29 bytes)
server: assembling 'helpers.py' (693 bytes)
server: assembling 'ssubprocess.py' (13702 bytes)
server: assembling 'ssnet.py' (5207 bytes)
server: assembling 'hostwatch.py' (2237 bytes)
server: assembling 'server.py' (2377 bytes)
s: latency control setting = True
s: available routes:
s: 10.146.18.0/23
s: > channel=0 cmd=PING len=7 (fullness=0)
s: > channel=0 cmd=ROUTES len=15 (fullness=7)
s: Waiting: 1 r=[4] w=[5] x=[] (fullness=22/0)
s: Ready: 1 r=[] w=[5] x=[]
s: mux wrote: 15/15
s: mux wrote: 23/23
s: Waiting: 1 r=[4] w=[] x=[] (fullness=22/0)
c : connected.
Connected.
c : Waiting: 3 r=[3, 5, 9] w=[9] x=[] (fullness=7/0)
c : Ready: 3 r=[9] w=[9] x=[]
c : < channel=0 cmd=PING len=7
c : > channel=0 cmd=PONG len=7 (fullness=7)
c : < channel=0 cmd=ROUTES len=15
firewall manager: starting transproxy.
>> iptables -t nat -N sshuttle-12300
>> iptables -t nat -F sshuttle-12300
>> iptables -t nat -I OUTPUT 1 -j sshuttle-12300
>> iptables -t nat -I PREROUTING 1 -j sshuttle-12300
>> iptables -t nat -A sshuttle-12300 -j RETURN --dest 192.168.0.0/16 -p tcp
>> iptables -t nat -A sshuttle-12300 -j RETURN --dest 127.0.0.0/8 -p tcp
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 0.0.0.0/0 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 192.168.2.1/32 -p udp --dport 53 --to-ports 12300 -m ttl ! --ttl 42
c : mux wrote: 15/15
c : mux wrote: 15/15
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=14/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=0 cmd=PING len=7
s: > channel=0 cmd=PONG len=7 (fullness=22)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=0 cmd=PONG len=7
c : received PING response
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=0/0)
s: mux wrote: 15/15
s: Waiting: 1 r=[4] w=[] x=[] (fullness=29/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=0 cmd=PONG len=7
s: received PING response
s: Waiting: 1 r=[4] w=[] x=[] (fullness=0/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 45401): 29 bytes
c : > channel=1 cmd=DNS_REQ len=29 (fullness=0)
c : mux wrote: 37/37
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=29/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=1 cmd=DNS_REQ len=29
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=0/0)
s: Ready: 2 r=[6] w=[] x=[]
s: DNS response: 77 bytes
s: > channel=1 cmd=DNS_RESPONSE len=77 (fullness=0)
s: mux wrote: 85/85
s: Waiting: 1 r=[4] w=[] x=[] (fullness=77/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=1 cmd=DNS_RESPONSE len=77
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=29/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 45401): 29 bytes
c : > channel=2 cmd=DNS_REQ len=29 (fullness=29)
c : mux wrote: 37/37
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=58/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=2 cmd=DNS_REQ len=29
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 7] w=[] x=[] (fullness=77/0)
s: Ready: 2 r=[7] w=[] x=[]
s: DNS response: 77 bytes
s: > channel=2 cmd=DNS_RESPONSE len=77 (fullness=77)
s: mux wrote: 85/85
s: Waiting: 1 r=[4] w=[] x=[] (fullness=154/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=2 cmd=DNS_RESPONSE len=77
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=58/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 53862): 32 bytes
c : > channel=3 cmd=DNS_REQ len=32 (fullness=58)
c : mux wrote: 40/40
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=90/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=3 cmd=DNS_REQ len=32
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=154/0)
s: Ready: 2 r=[6] w=[] x=[]
s: DNS response: 132 bytes
s: > channel=3 cmd=DNS_RESPONSE len=132 (fullness=154)
s: mux wrote: 140/140
s: Waiting: 1 r=[4] w=[] x=[] (fullness=286/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=3 cmd=DNS_RESPONSE len=132
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=90/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 45401): 29 bytes
c : > channel=4 cmd=DNS_REQ len=29 (fullness=90)
c : mux wrote: 37/37
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=119/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=4 cmd=DNS_REQ len=29
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 7] w=[] x=[] (fullness=286/0)
s: Ready: 2 r=[7] w=[] x=[]
s: DNS response: 77 bytes
s: > channel=4 cmd=DNS_RESPONSE len=77 (fullness=286)
s: mux wrote: 85/85
s: Waiting: 1 r=[4] w=[] x=[] (fullness=363/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=4 cmd=DNS_RESPONSE len=77
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=119/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 53862): 32 bytes
c : > channel=5 cmd=DNS_REQ len=32 (fullness=119)
c : mux wrote: 40/40
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=151/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=5 cmd=DNS_REQ len=32
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=363/0)
s: Ready: 2 r=[6] w=[] x=[]
s: DNS response: 132 bytes
s: > channel=5 cmd=DNS_RESPONSE len=132 (fullness=363)
s: mux wrote: 140/140
s: Waiting: 1 r=[4] w=[] x=[] (fullness=495/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=5 cmd=DNS_RESPONSE len=132
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=151/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 37985): 32 bytes
c : > channel=6 cmd=DNS_REQ len=32 (fullness=151)
c : mux wrote: 40/40
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=183/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=6 cmd=DNS_REQ len=32
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 7] w=[] x=[] (fullness=495/0)
s: Ready: 2 r=[7] w=[] x=[]
s: DNS response: 132 bytes
s: > channel=6 cmd=DNS_RESPONSE len=132 (fullness=495)
s: mux wrote: 140/140
s: Waiting: 1 r=[4] w=[] x=[] (fullness=627/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=6 cmd=DNS_RESPONSE len=132
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=183/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 34173): 33 bytes
c : > channel=7 cmd=DNS_REQ len=33 (fullness=183)
c : mux wrote: 41/41
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=216/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 56740): 33 bytes
c : > channel=8 cmd=DNS_REQ len=33 (fullness=216)
c : mux wrote: 41/41
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=249/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=7 cmd=DNS_REQ len=33
s: Incoming DNS request.
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 36611): 32 bytes
c : > channel=9 cmd=DNS_REQ len=32 (fullness=249)
c : mux wrote: 40/40
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=281/0)
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=627/0)
s: Ready: 2 r=[6] w=[] x=[]
s: DNS response: 108 bytes
s: > channel=7 cmd=DNS_RESPONSE len=108 (fullness=627)
s: mux wrote: 116/116
s: Waiting: 1 r=[4] w=[] x=[] (fullness=735/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=8 cmd=DNS_REQ len=33
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 7] w=[] x=[] (fullness=735/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=7 cmd=DNS_RESPONSE len=108
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=281/0)
s: Ready: 2 r=[7] w=[] x=[]
s: DNS response: 80 bytes
s: > channel=8 cmd=DNS_RESPONSE len=80 (fullness=735)
s: mux wrote: 88/88
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=8 cmd=DNS_RESPONSE len=80
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=281/0)
s: Waiting: 1 r=[4] w=[] x=[] (fullness=815/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=9 cmd=DNS_REQ len=32
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=815/0)
s: Ready: 2 r=[6] w=[] x=[]
s: DNS response: 132 bytes
s: > channel=9 cmd=DNS_RESPONSE len=132 (fullness=815)
s: mux wrote: 140/140
s: Waiting: 1 r=[4] w=[] x=[] (fullness=947/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=9 cmd=DNS_RESPONSE len=132
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=281/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 37985): 32 bytes
c : > channel=10 cmd=DNS_REQ len=32 (fullness=281)
c : mux wrote: 40/40
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=313/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=10 cmd=DNS_REQ len=32
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 7] w=[] x=[] (fullness=947/0)
s: Ready: 2 r=[7] w=[] x=[]
s: DNS response: 132 bytes
s: > channel=10 cmd=DNS_RESPONSE len=132 (fullness=947)
s: mux wrote: 140/140
s: Waiting: 1 r=[4] w=[] x=[] (fullness=1079/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=10 cmd=DNS_RESPONSE len=132
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=313/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 34173): 33 bytes
c : > channel=11 cmd=DNS_REQ len=33 (fullness=313)
c : mux wrote: 41/41
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=346/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 56740): 33 bytes
c : > channel=12 cmd=DNS_REQ len=33 (fullness=346)
c : mux wrote: 41/41
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=379/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=11 cmd=DNS_REQ len=33
s: Incoming DNS request.
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 36611): 32 bytes
c : > channel=13 cmd=DNS_REQ len=32 (fullness=379)
c : mux wrote: 40/40
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=411/0)
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=1079/0)
s: Ready: 2 r=[6] w=[] x=[]
s: DNS response: 108 bytes
s: > channel=11 cmd=DNS_RESPONSE len=108 (fullness=1079)
s: mux wrote: 116/116
s: Waiting: 1 r=[4] w=[] x=[] (fullness=1187/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=12 cmd=DNS_REQ len=33
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 7] w=[] x=[] (fullness=1187/0)
s: Ready: 2 r=[7] w=[] x=[]
s: DNS response: 80 bytes
s: > channel=12 cmd=DNS_RESPONSE len=80 (fullness=1187)
s: mux wrote: 88/88
s: Waiting: 1 r=[4] w=[] x=[] (fullness=1267/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=11 cmd=DNS_RESPONSE len=108
c : < channel=12 cmd=DNS_RESPONSE len=80
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=411/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=13 cmd=DNS_REQ len=32
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=1267/0)
s: Ready: 2 r=[6] w=[] x=[]
s: DNS response: 132 bytes
s: > channel=13 cmd=DNS_RESPONSE len=132 (fullness=1267)
s: mux wrote: 140/140
s: Waiting: 1 r=[4] w=[] x=[] (fullness=1399/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=13 cmd=DNS_RESPONSE len=132
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=411/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 48764): 33 bytes
c : > channel=14 cmd=DNS_REQ len=33 (fullness=411)
c : mux wrote: 41/41
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=444/0)
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 53619): 33 bytes
c : > channel=15 cmd=DNS_REQ len=33 (fullness=444)
c : mux wrote: 41/41
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=477/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=14 cmd=DNS_REQ len=33
s: Incoming DNS request.
c : Ready: 3 r=[5] w=[] x=[]
c : DNS request from ('192.168.2.6', 46535): 32 bytes
c : > channel=16 cmd=DNS_REQ len=32 (fullness=477)
c : mux wrote: 40/40
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=509/0)
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 7] w=[] x=[] (fullness=1399/0)
s: Ready: 2 r=[7] w=[] x=[]
s: DNS response: 108 bytes
s: > channel=14 cmd=DNS_RESPONSE len=108 (fullness=1399)
s: mux wrote: 116/116
s: Waiting: 1 r=[4] w=[] x=[] (fullness=1507/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=15 cmd=DNS_REQ len=33
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 6] w=[] x=[] (fullness=1507/0)
s: Ready: 2 r=[6] w=[] x=[]
s: DNS response: 80 bytes
s: > channel=15 cmd=DNS_RESPONSE len=80 (fullness=1507)
s: mux wrote: 88/88
s: Waiting: 1 r=[4] w=[] x=[] (fullness=1587/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=14 cmd=DNS_RESPONSE len=108
c : < channel=15 cmd=DNS_RESPONSE len=80
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=509/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=16 cmd=DNS_REQ len=32
s: Incoming DNS request.
s: DNS: sending to '172.16.0.23'
s: Waiting: 2 r=[4, 7] w=[] x=[] (fullness=1587/0)
s: Ready: 2 r=[7] w=[] x=[]
s: DNS response: 132 bytes
s: > channel=16 cmd=DNS_RESPONSE len=132 (fullness=1587)
s: mux wrote: 140/140
s: Waiting: 1 r=[4] w=[] x=[] (fullness=1719/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=16 cmd=DNS_RESPONSE len=132
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=509/0)
^Cfirewall manager: undoing changes.
>> iptables -t nat -D OUTPUT -j sshuttle-12300
>> iptables -t nat -D PREROUTING -j sshuttle-12300
>> iptables -t nat -F sshuttle-12300
>> iptables -t nat -X sshuttle-12300
Keyboard interrupt: exiting.
c : fatal: cleanup: ['sudo', '-p', '[local sudo] Password: ', 'python', '/usr/lib/sshuttle/main.py', 'python', '-v', '-v', '--firewall', '12300', '12300'] returned 1
jo...@jfloren.net
Mar 20, 2013, 7:06:18 PM3/20/13
to sshu...@googlegroups.com, panyo...@gmail.com
It's been a long time, I know, but I'm seeing this same thing.
Brian May
May 29, 2013, 11:40:12 PM5/29/13
to jo...@jfloren.net, sshuttle, panyo...@gmail.com
On 21 March 2013 10:06, <jo...@jfloren.net> wrote:
It's been a long time, I know, but I'm seeing this same thing.
It's been a long time, but ...
Can you confirm this only happens when you use both --listen and --dns at the same time?
What happens if you use --listen 127.0.0.1:0 ? (should be the default, but worth double checking)
ec3...@gmail.com
Oct 28, 2015, 3:57:33 AM10/28/15
to sshuttle, panyo...@gmail.com
Hi,
We have found that putting 'nameserver 127.0.0.1' at the top of /etc/resolv.conf fixes this issue.
Just wonder which DNS server it is using? The one set on the server?
Likely to be non-optimum DNS when sshuttle is not running.
Brian May
Oct 28, 2015, 6:19:37 AM10/28/15
to sshuttle
ec3...@gmail.com writes:
> We have found that putting 'nameserver 127.0.0.1' at the top of
> /etc/resolv.conf fixes this issue.
>
> Just wonder which DNS server it is using? The one set on the server?
What is suppose to happen is that sshuttle will intercept all attempts
> We have found that putting 'nameserver 127.0.0.1' at the top of
> /etc/resolv.conf fixes this issue.
>
> Just wonder which DNS server it is using? The one set on the server?
to access the nameservers on the client side.
There is a pull request to make these servers configurable. Currently I
think it just looks at /etc/resolv.conf:
https://github.com/sshuttle/sshuttle/pull/23
The request is then sent to the server.
The server then randomly picks an address from its /etc/resolv.conf,
assumes it is an IPv4 address, and then attempts to forward the request
on to this address.
Once the server gets the result, it then should return it to the client
which then passes the result on to the DNS client.
From one of the previous emails:
$ dig twitter.com
;; reply from unexpected source: 192.168.2.6#12300, expected 192.168.2.1#53
;; reply from unexpected source: 192.168.2.6#12300, expected 192.168.2.1#53
;; reply from unexpected source: 192.168.2.6#12300, expected 192.168.2.1#53
This is somewhat interesting. I am guessing what is happening is:
;; reply from unexpected source: 192.168.2.6#12300, expected 192.168.2.1#53
;; reply from unexpected source: 192.168.2.6#12300, expected 192.168.2.1#53
1. DNS client at 192.168.2.6 sends request to 192.168.2.1
2. This is intercepted by sshuttle. sshuttle forwards it to the server.
3. The server picks a random entry from /etc/resolv.conf, in this case
172.16.0.23. The server sends the request to 172.16.0.23.
4. The server gets a response and sends it back to the client.
5. The client returns the result to the server. It needs to fake the
source address so it looks like the reponse is coming from 192.168.2.1
However I can't see how faking the source address in step 5 works. I
know it works, I have just tested it. I just can't see the code to do
it. Maybe the iptables redirect target somehow rewrites the response
packets too. For some reason maybe it isn't always working properly, and
the source address becomes the address of the local computer instead of
the name server the client thinks it is talking to. So the DNS client
(correctly) drops the packet.
--
Brian May <br...@microcomaustralia.com.au>
Reply all
Reply to author
Forward
0 new messages