我正在使用运行OpenWrt和Gargoyle的TP-Link TL-WR1043ND路由器。我想将来自本地网络(由路由器提供服务)的所有流量透明地转发到远程服务器。基本上,作为一个socks代理可以工作,只需要为代理配置连接的客户端机器。
我已经读过sshuttle是满足这种要求的方法。经过多次摆弄后,我终于设法满足所有先决条件,我可以在没有任何错误消息的情况下启动sshuttle,如下所示:
./sshuttle --dns -vvr XXXXXX@YY.YY.YY.YY 0/0
其中xxxxxx是我在远程服务器YY.YY.YY.YY sshuttle用户名似乎初始化就好了,没有错误消息,增加了iptables的所有必要的规则,但在建立本地代理后,我无法连接任何地方从我的本地网络。这是sshuttle的输出:
Starting sshuttle proxy.
Binding: 12300
Listening on ('127.0.0.1', 12300).
DNS listening on ('127.0.0.1', 12300).
firewall manager ready.
c : connecting to server...
c : executing: ['ssh', 'XXXXXX@YY.YY.YY.YY', '--', 'P=python2; $P -V 2>/dev/null || P=python; exec "$P" -c \'import sys; skip_imports=1; verbosity=2; exec compile(sys.stdin.read(764), "assembler.py", "exec")\'']
c : > channel=0 cmd=PING len=7 (fullness=0)
WARNING: Ignoring unknown argument '--'
XXXXXX@YY.YY.YY.YY's password:
server: assembling 'cmdline_options.py' (29 bytes)
server: assembling 'helpers.py' (914 bytes)
server: assembling 'ssubprocess.py' (13668 bytes)
server: assembling 'ssnet.py' (5446 bytes)
server: assembling 'hostwatch.py' (2270 bytes)
server: assembling 'server.py' (2370 bytes)
s: latency control setting = True
s: available routes:
s: 69.64.32.0/22
s: > channel=0 cmd=PING len=7 (fullness=0)
c : connected.
Connected.
c : Waiting: 3 r=[3, 5, 9] w=[9] x=[] (fullness=7/0)
c : Ready: 3 r=[] w=[9] x=[]
c : mux wrote: 15/15
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=7/0)
s: > channel=0 cmd=ROUTES len=14 (fullness=7)
s: Waiting: 1 r=[4] w=[5] x=[] (fullness=21/0)
s: Ready: 1 r=[] w=[5] x=[]
s: mux wrote: 15/15
s: mux wrote: 22/22
s: Waiting: 1 r=[4] w=[] x=[] (fullness=21/0)
c : Ready: 3 r=[9] w=[] x=[]
c : < channel=0 cmd=PING len=7
c : > channel=0 cmd=PONG len=7 (fullness=7)
c : < channel=0 cmd=ROUTES len=14
firewall manager: starting transproxy.
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=0 cmd=PING len=7
s: > channel=0 cmd=PONG len=7 (fullness=21)
s: mux wrote: 15/15
s: Waiting: 1 r=[4] w=[] x=[] (fullness=28/0)
>> iptables -t nat -N sshuttle-12300
>> iptables -t nat -F sshuttle-12300
>> iptables -t nat -I OUTPUT 1 -j sshuttle-12300
>> iptables -t nat -I PREROUTING 1 -j sshuttle-12300
>> iptables -t nat -A sshuttle-12300 -j RETURN --dest 127.0.0.0/8 -p tcp
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 0.0.0.0/0 -p tcp --to-ports 12300 -m ttl ! --ttl 42
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 127.0.0.1/32 -p udp --dport 53 --to-ports 12300 -m ttl ! --ttl 42
c : mux wrote: 15/15
c : < channel=0 cmd=PONG len=7
c : received PING response
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=0/0)
s: Ready: 1 r=[4] w=[] x=[]
s: < channel=0 cmd=PONG len=7
s: received PING response
s: Waiting: 1 r=[4] w=[] x=[] (fullness=0/0)
我不知道如何开始调试此问题。如果我停止sshuttle,它将删除iptables规则,网络连接将再次工作:
firewall manager: undoing changes.
>> iptables -t nat -D OUTPUT -j sshuttle-12300
>> iptables -t nat -D PREROUTING -j sshuttle-12300
>> iptables -t nat -F sshuttle-12300
>> iptables -t nat -X sshuttle-12300
c :
c : Keyboard interrupt: exiting.
有没有人设法在openwrt上设置一个有效的sshuttle实例?或者有没有其他方法来实现我需要的(openwrt路由器上的透明代理)?
相关和未回答的问题:在DD-WRT / OpenWRT路由器上的sshuttle