You are not logged in.
Pages: 1
Hi all,
For a very long time I was using a patch applied to openssh client to make easier tcp redirects using DNAT target in iptables (should work with nft as well). Patched package is named openssh-dnat in AUR.
How to use:
Start ssh with -L $listen_port:0:1 and then with an iptables rule redirect whatever tcp connections you want via $listen_port , which basically works like socks proxy except kernel will
know the end target and ssh client will get it using the patch (using getsockopt SO_ORIGINAL_DST).
Example of usage:
[user@arch ~]$ ssh -L6666:0:1 66.66.66.66
From root redirect 1.1.1.1 via this ssh connection:
[ root@arch ] # iptables -t nat -A OUTPUT -p tcp -j DNAT -d 1.1.1.1 --to-destination 127.0.0.1:6666
Now any tcp connection to 1.1.1.1 will be redirected via the ssh to 66.66.66.66 (just like a magic socks proxy).
Last edited by cgm999 (2024-12-22 11:55:40)
Offline
I also add dropbear-dnat in AUR based on same patch , it works exactly the same like ssh client (-L5666:0:1)
Offline
Pages: 1