You are not logged in.
Pages: 1
Hi all,
For a very long time I was using a patch applied to openssh client to make easier tcp redirects using DNAT target in iptables (should work with nft as well). Patched package is named openssh-dnat in AUR.
How to use:
Start ssh with -L $listen_port:0:1 and then with an iptables rule redirect whatever tcp connections you want via $listen_port , which basically works like socks proxy except kernel will
know the end target and ssh client will get it using the patch (using getsockopt SO_ORIGINAL_DST).
Example of usage:
[user@arch ~]$ ssh -L6666:0:1 66.66.66.66
From root redirect 1.1.1.1 via this ssh connection:
[ root@arch ] # iptables -t nat -A OUTPUT -p tcp -j DNAT -d 1.1.1.1 --to-destination 127.0.0.1:6666
Now any tcp connection to 1.1.1.1 will be redirected via the ssh to 66.66.66.66 (just like a magic socks proxy).
Last edited by cgm999 (2024-12-22 11:55:40)
Offline
I also add dropbear-dnat in AUR based on same patch , it works exactly the same like ssh client (-L5666:0:1)
Offline
This is not archlinux specific,to build a static dropbear client with the patch using docker:
[build@linux test-docker]$ cat alpine-dropbear-static/Dockerfile
ARG BASEIMAGE
FROM alpine:edge
ENV USERID=1000
ENV USERNAME=builduser
RUN apk add --upgrade apk-tools
RUN apk upgrade --available
RUN apk add --no-cache alpine-sdk linux-headers \
build-base clang openssl-dev linux-headers \
gcc make musl-dev ncurses-static \
openssl-libs-static zlib-dev zlib-static gnupg \
flex bison lftp file bash xz autoconf automake
RUN addgroup -g ${USERID} -S ${USERNAME} && \
adduser -u ${USERID} -S ${USERNAME} -G ${USERNAME} -s /bin/bash && \
mkdir /src /dist && chown ${USERNAME}:${USERNAME} /src /dist
WORKDIR /src
ENV dropbearversion=2024.86
ENV ARCH=amd64
ENV PARALLEL=4
USER builduser
#for smaller size add to ./configure --disable-zlib
RUN wget https://dropbear.nl/mirror/releases/dropbear-${dropbearversion}.tar.bz2 && \
wget -qO patch-dropbear-DNAT.txt 'https://aur.archlinux.org/cgit/aur.git/plain/patch-dropbear-DNAT.txt?h=dropbear-dnat' && \
tar xvf dropbear-${dropbearversion}.tar.bz2 && \
cd $(find . -maxdepth 1 -mindepth 1 -type d) && ls -lisah && pwd && \
patch --ignore-whitespace -p1 < ../patch-dropbear-DNAT.txt && \
autoreconf && \
./configure --enable-static --bindir=/usr/bin --prefix=/usr --sbindir=/usr/bin && \
make -j$PARALLEL PROGRAMS='dbclient' && \
mv dbclient /dist/dbclient.$ARCH && strip /dist/dbclient.$ARCH && chmod a+x /dist/dbclient.amd64 && \
echo && ls -ld /dist/dbclient.amd64
# to get the image out:
RUN : to get file out: "docker run --rm alpine-dropbear-static cat /dist/dbclient.amd64 > dbclient.amd64"
[build@linux test-docker]$
[build@linux test-docker]$ docker build -t alpine-dropbear-static alpine-dropbear-static
Offline
Pages: 1