OS X; can't find either ipfw or iptables; check your PATH

[Me...@ioexception.at]

Hey,

For some reason sshuttle stopped being functional on OS X Yosemite. It still works on my linux workstation though. 

When I try to create a tunnel to my server the following happens:

```

~ > sudo sshuttle -r ro...@basbieling.com 0/0 --dns -v

Starting sshuttle proxy.
Binding: 12300
Listening on ('127.0.0.1', 12300).
DNS listening on ('127.0.0.1', 12300).
fatal: can't find either ipfw or iptables; check your PATH
fatal: ['python2', '/usr/local/Cellar/sshuttle/0.61/libexec/main.py', 'python2', '-v', '-v', '-v', '-v', '-v', '--firewall', '12300', '12300'] expected READY, got ‘'

```

Was support for OS X dropped?

[Brian May]

On 19 September 2014 18:44, <Me...@ioexception.at> wrote:

For some reason sshuttle stopped being functional on OS X Yosemite. It still works on my linux workstation though. 

When I try to create a tunnel to my server the following happens:

Hello,

Before I answer, can I please check: what version of sshuttle are you using? Where are you downloading it from?

Thanks 

--
Brian May <br...@microcomaustralia.com.au>

[Gabriel Filion]

On 19/09/14 04:44 AM, Me...@ioexception.at wrote:
> For some reason sshuttle stopped being functional on OS X Yosemite. It
> still works on my linux workstation though.
> When I try to create a tunnel to my server the following happens:

this was recently discussed:

https://groups.google.com/d/msg/sshuttle/YcT8vPMGEqE/fzugFR5Sa3cJ

> Was support for OS X dropped?

or not yet implemented, rather.

--
Gabriel Filion

[Brian May]

On 20 September 2014 03:02, Gabriel Filion <gab...@lelutin.ca> wrote:

this was recently discussed:

https://groups.google.com/d/msg/sshuttle/YcT8vPMGEqE/fzugFR5Sa3cJ

> Was support for OS X dropped?

or not yet implemented, rather.

Also the following is not the "official" sshuttle.

https://github.com/sshuttle/sshuttle

However there are changes includes in apenwarr's repository, mostly Mac OS X changes (before Yosemite), that have not yet made it to the official repository. However I don't use or have access to OS X, so I don't know if any changes are still relevant (is supporting OS X releases before Yosemite still beneficial?); if they are I can't test them. Merge requests welcome.

There are also some changes that aren't OS X specific, probably should look at incorporating these sometime.

--
Brian May <br...@microcomaustralia.com.au>

[Brian May]

On 22 September 2014 09:26, Brian May <br...@microcomaustralia.com.au> wrote:

Also the following is not the "official" sshuttle.

https://github.com/sshuttle/sshuttle

Sorry, typo, meant to say "Also the following is now the official sshuttle."

Apologies for any confusion caused.

--
Brian May <br...@microcomaustralia.com.au>

[Shodan]

Currently Mavericks is the "official" version. Yosimite is just in beta at the moment. I'll have a look at the changes and I'll see if I can get it working again.

---- Brian May wrote ----

[Brian May]

On 22 September 2014 15:43, Shodan <me...@ioexception.at> wrote:

Currently Mavericks is the "official" version. Yosimite is just in beta at the moment. I'll have a look at the changes and I'll see if I can get it working again.

What about MaxOS 10.7 Lion support? There is a change here "workaround MacOS 10.7 Lion bug" - is that still needed?

Anyway, here is a list of patches from aopenwarr that i haven't looked at yet.

9ce2fa0 (apenwarr/master) README: add a suggestion to try the MacOS GUI app.

860c2a0 Merge branch 'fqdn'

6450c37 hostwatch: handle fully qualified domain names

432e98c auto-hosts: don't add hosts that aren't being routed by sshuttle.

29d2e06 (tag: sshuttle-0.61) Added --exclude-from feature.

bff1610 Document missing --dns option in sshuttle manpage

cce6a9d firewall.py: catch SIGINT and SIGTERM too.

5743f29 server.py: slightly rearrange previous commit.

42bc6d6 Two small changes to server.py that allow it to run on python2.2

274ee85 clean.do: don't forget to do version/clean.

12f6a52 Fix runpython.do for systems with unxpected configurations.

e737f4b (tag: sshuttle-0.60) firewall.py: add comments about sysctl problems.

d9f761a ui-macos: tell the user that we need to reboot on MacOS Lion.

bd20841 firewall.py: clean up repeated calls to ssubprocess.call().

4c1a505 firewall.py: workaround MacOS 10.7 Lion bug.

I have merged the following into my "aopenwarr" branch, however don't like these changes. e.g. we create a new top level python module called "version" which is a very generic name, and likely to cause conflicts.

41d1f73 Add a --version (-V) option.

cbc32ff Import the non-pandoc manpage generator from redo.

I have just merged this changes, they seem to be straightforward, have pushed these to master.

6698992 Use the new arguments from redo v0.10.

e2c6820 firewall: catch SIGHUP and SIGPIPE.

89e914e ui-macos/main.py: fix wait() to avoid deadlock.

2268e76 ipfw: don't use 'log' parameter.

--
Brian May <br...@microcomaustralia.com.au>

[har...@gmail.com]

Brian, it might be a good idea to update the Homebrew repo for sshuttle to reflect this? Looks like it's still linked to the old package.

https://github.com/Homebrew/homebrew/blob/master/Library/Formula/sshuttle.rb

Cheers,

Pete

[Brian May]

On 9 October 2014 04:24, <har...@gmail.com> wrote:

Brian, it might be a good idea to update the Homebrew repo for sshuttle to reflect this? Looks like it's still linked to the old package.

https://github.com/Homebrew/homebrew/blob/master/Library/Formula/sshuttle.rb

Sorry, I don't know anything about Homebrew, what it is, how it works, or how to update it. I probably could guess though - some sort of package management system for Mac OS X?

I don't know if this version works with current versions Mac OS X, as I can't test it.

-- 

Brian May <br...@microcomaustralia.com.au>

[Pete Hare]

Yeah it’s package management on OS X. 

[Vinay]

I built and ran sshuttle from the suggested repository https://github.com/sshuttle/sshuttle but I still get the following error.

Starting sshuttle proxy.

UDP support requires tproxy; disabling UDP.

Binding redirector: 12300

TCP redirector listening on ('127.0.0.1', 12300).

Binding DNS: 12300

DNS listening on ('127.0.0.1', 12300).

fatal: can't find either ipfw or iptables; check your PATH

fatal: ['sudo', '-p', '[local sudo] Password: ', 'python2', './main.py', 'python2', '-v', '-v', '--firewall', '0', '12300', '0', '12300', 'auto', '0'] returned 99

[mike...@gmail.com]

I am having the same problem with homebrew sshuttle on OSX Yosemite 10.10.1

[er...@ashman.com]

I appears Apple has removed "ipfw" from Yosemite according to this other project message board: 

https://github.com/basecamp/pow/issues/452

Quite annoying.  Not sure if it can be easily compiled from sources somewhere else.   It's not in Homebrew.   I'm going to look around today and see.

-Eric

[Tom Luff]

There are a few forks of the repository that have begun work on supporting the new packet filter interface (pfctl). I've not actually tried any of them yet but it could be worth looking over them.

This seems to be the most recent: https://github.com/zabracks/sshuttle/

This also looks promising: https://github.com/jagheterfredrik/sshuttle

[philipt...@gmail.com]

zabracks changes are not complete, however, jagheterfredrik's were.

I pulled them over into mainline sshuttle/sshuttle, made some modifications, and submitted a PR.

Can someone take a look? https://github.com/sshuttle/sshuttle/pull/3

[Ovidiu Pacuraru]

What is the current status on this project?

[Brian May]

On Thu, 28 May 2015 at 18:53 Ovidiu Pacuraru <ovi...@pacura.ru> wrote:

What is the current status on this project?

sshuttle is still being maintained and bugs fixed.

Unfortunately I don't have time to do the work I would like see happen, and I don't see this changing any time soon.

[Pacuraru, Ovidiu]

OK, thanks but which one is the "main" project to keep an eye on? 

https://github.com/sshuttle/sshuttle 

or 

https://github.com/apenwarr/sshuttle

--
The information in this email and attachments hereto may contain legally privileged, proprietary or confidential information that is intended for a particular recipient. If you are not the intended recipient(s), or the employee or agent responsible for delivery of this message to the intended recipient(s), you are hereby notified that any disclosure, copying, distribution, retention or use of the contents of this e-mail information is prohibited and may be unlawful. When addressed to customers or vendors, any information contained in this e-mail is subject to the terms and conditions in the governing contract, if applicable. If you have received this communication in error, please immediately notify us by return e-mail, permanently delete any electronic copies of this communication and destroy any paper copies.

--
You received this message because you are subscribed to a topic in the Google Groups "sshuttle" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sshuttle/jdTzJGjTDMg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sshuttle+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Gabriel Filion]

Hey there,

On 28/05/15 07:27 AM, Pacuraru, Ovidiu wrote:
> OK, thanks but which one is the "main" project to keep an eye on?
>
> https://github.com/sshuttle/sshuttle
> or
>
> https://github.com/apenwarr/sshuttle

The current "main" project is https://github.com/sshuttle/sshuttle as
Avery let someone else take maintainership of this project since he
didn't have time for doing it.

> On 28 May 2015 at 11:50, Brian May <br...@microcomaustralia.com.au

> <mailto:br...@microcomaustralia.com.au>> wrote:
>
> On Thu, 28 May 2015 at 18:53 Ovidiu Pacuraru <ovi...@pacura.ru
> <mailto:ovi...@pacura.ru>> wrote:
>
> What is the current status on this project?
>
>
> sshuttle is still being maintained and bugs fixed.
>
> Unfortunately I don't have time to do the work I would like see
> happen, and I don't see this changing any time soon.

r more options, visit https://groups.google.com/d/optout.

--
Gabriel Filion