- This topic has 1 reply, 1 voice, and was last updated 1 month, 2 weeks ago by
.
-
Posts
-
Hello,
Please can you share if you have tried to setup a simple tunnel between say node A and C with node B as the server, using say Sshuttle or any other. I used Sshuttle and while it appears alright from the iptables output below, the redirection doesn’t happen on the node with netcat test:
ubuntu@node1:~$ sudo iptables-save | grep -i sshuttle
:sshuttle-12300 – [0:0]
-A PREROUTING -j sshuttle-12300
-A OUTPUT -j sshuttle-12300
-A sshuttle-12300 -m ttl –ttl-eq 63 -j RETURN
-A sshuttle-12300 -m addrtype –dst-type LOCAL -j RETURN
-A sshuttle-12300 -d 10.10.10.2/32 -p tcp -j RETURN
-A sshuttle-12300 -d 127.0.0.1/32 -p tcp -j RETURN
-A sshuttle-12300 -d 10.10.20.0/24 -p tcp -j REDIRECT –to-ports 12300Regards,
Acheme
Just to update my post:
We realized that sshuttle needed kernel access that is somewhat limited on VMs and so had to add a dummy ip route via a VMs loopback (Node A here) so the application can capture the traffic and forward to the proxy (Node B).
So to setup the sshuttle tunnel:
- Have ssh access to Node B
- Create a route on Node A (“sudo ip route add {NodeB – NodeC network} via 127.0.0.1 dev lo”
- Run the sshuttle command similar to this: “sudo sshuttle –ssh-cmd “ssh -i fabric_test.pem” -r cc@10.130.129.7 10.52.0.0/22 -x 10.130.129.7″
- You must be logged in to reply to this topic.