Can sshuttle work with only (1) port IN/OUT

[czenc...@gmail.com]

Hello.

Can shuttle work with only one port in/out for ssh on the client ?

For example, if I can ssh from the client to the server without
problems with only port 5522 open, can sshuttle manage to
adjust itself on it's own or would it need manual firewall intervention ?

Thank you.

[Tony Godshall]

The iptables rules forward the traffic through the ssh port.

If you ssh to port 5522 the traffic will tunnel through that
ssh connection. You can see the ssh command it generates
and the iptables commands that direct the traffic through
the tunnel by running sshuttle with -v.

> --
> You received this message because you are subscribed to the Google Groups
> "sshuttle" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to sshuttle+u...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>



--
Best Regards.
This is unedited.

[czenc...@gmail.com]

Thanks Antonio.

Does that mean 'yes' , it's possible ?

Best regards.

[Avery Pennarun]

You need to rephrase your question to describe exactly what you're
trying to do. sshuttle uses a lot of different ports for different
things; it's a port forwarding program.

[czenc...@gmail.com]

It's not helpful to ask to restate the question without a recomendation of correction
to the question to produce a better question.

OK, here is my last attempt at a Yes or No answer... if not then my conclusion is
this forum is ineffective in producing help for sshuttle.

If I construct my firewall... whatever that firewall may be... to allow a single port
out and a single port in... for example

Allow all tcp in on port 2222
Allow all tcp out on port 2222

I am able to make a regular ssh connection by this configuration.

Question:
Does sshuttle posses the ability to force all traffic (tcp & udp)  through a single port by way of a connection
to a remote openssh-server ?

Thank you.

[Gabriel Filion]

On 02/15/2013 11:16 PM, czenc...@gmail.com wrote:
> It's not helpful to ask to restate the question without a recomendation
> of correction
> to the question to produce a better question.
>
> OK, here is my last attempt at a Yes or No answer... if not then my
> conclusion is
> this forum is ineffective in producing help for sshuttle.
>
> If I construct my firewall... whatever that firewall may be... to allow
> a single port
> out and a single port in... for example

the unclear part that Avery wanted you to rephrase was here: where's
that firewall in question? on the computer you're using as a sshuttle
client or somewhere between you and the internet, or maybe on the server
end?

> Allow all tcp in on port 2222
> Allow all tcp out on port 2222
>
> I am able to make a regular ssh connection by this configuration.
>

> *Question*:

> Does sshuttle posses the ability to force all traffic (tcp & udp)
> through a single port by way of a connection
> to a remote openssh-server ?

that's what sshuttle does. (although iirc sshuttle does _not_ forward
udp traffic)

if your firewall is between you and the internet (say on your router),
then one port will be enough.

but if it's on your computer, then you need to consider how sshuttle
works: it's using iptables to forward traffic to all tcp ports to one
port on your computer where sshuttle is listening. so you need to build
your iptables rules in order not to block this out.

--
Gabriel Filion

[czenc...@gmail.com]

Lelutin.

Thanks for clearing that up.
The firewall is on the same machine as the one I'm wishing to use sshuttle on.

I was hoping sshuttle could somehow magically handle the complexities
of setting up udp forwarding. Sigh.

Thanks again.
Armz.