You are not logged in.

#1 2013-08-25 20:42:00

Danice123
Member
Registered: 2013-08-25
Posts: 17

[Solved]SSH tunnel server setup

I'm trying to setup a system to tunnel ssh through a server to a router. Basically

Internet > External Server > SShuttle > Local Server > Router > Local Computers

The problem arises between the local server and router. I have two network cards, one into my local internet and one to the router, and tunneling works fine on the server. I have also setup the server to share its internet, or at least I think I have. DHCP server works fine, and I get an ip address assigned when I plug in another computer to the server, but i have no network access. I'm not sure of the next step to take here, do I need a iptables setup or something? Is it even possible?

Last edited by Danice123 (2013-08-27 01:13:50)

Offline

#2 2013-08-25 23:19:17

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,130

Re: [Solved]SSH tunnel server setup

Welcome to the forums.

What are you actually trying to do? That is, what is that set up designed to achieve? Maybe your description would make more sense to somebody more knowledgeable but it doesn't to me, at least. Shouldn't the router be distributing IP addresses? And in what sense does tunnelling work on the server? Which server? How can it work fine on a single box?

Just very confused...


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#3 2013-08-26 02:33:27

Danice123
Member
Registered: 2013-08-25
Posts: 17

Re: [Solved]SSH tunnel server setup

Sorry for being confusing, I don't really know what information is needed identify my problem.

I have a desktop computer (my local server) running arch. This server uses sshuttle (https://github.com/apenwarr/sshuttle) to tunnel its connection through to a server I am renting, sshuttle is basically an ssh tunnel with added python steamlining. It is configured to forward set subnets through said tunnel. I then wish to connect a computer into the local server through an additional network card on the local server. This computer's connection is also supposed to be tunneled through the tunnel on the server.

Where everything breaks down is the connection between the local server and the computer plugged into it. I have dhcp configured and working, but the computer gets no connection to the internet. I've messed around with iptables using this guide (https://wiki.archlinux.org/index.php/Internet_Share), but I haven't succeeded in getting anything working. The tunnel does work on the local server however, so it;s not a problem there (i think).

The whole point here is to tunnel around a http proxy, I want to hook up xbox's and other devices that have no proxy settings, so a tunnel becomes necessary.

I think I just need a point in the right direction on what I should look at to get this working. Again, sorry if this is rather confusing, I am just stumped. I'd really appreciate any help.

Offline

#4 2013-08-26 02:59:50

Danice123
Member
Registered: 2013-08-25
Posts: 17

Re: [Solved]SSH tunnel server setup

I would like to add that even without the tunnel, I still am not able to share the internet through my server. I followed the Internet_Share wiki, and I get nothing. What am I missing here...

Offline

#5 2013-08-26 03:17:37

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,130

Re: [Solved]SSH tunnel server setup

Thanks. That's much clearer.

So probably you should post your iptables rules for the local server and explain how you try to connect to the internet from the connected computer and what errors you get. Trying this with as simple a network as possible will probably help diagnose the problem. E.g. try it, as you say, without the tunnel since that doesn't seem to be the problem and ditto for the router or whatever.

EDIT: I assume you have either a crossover cable or know you don't need one as explained in the wiki?

Last edited by cfr (2013-08-26 03:19:02)


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#6 2013-08-26 03:29:47

Danice123
Member
Registered: 2013-08-25
Posts: 17

Re: [Solved]SSH tunnel server setup

I do have a gigabit Ethernet card in the server, so I assume that all I need is a Ethernet cord.

The two configurations I have used in iptables is this from internet share

# iptables -t nat -A POSTROUTING -o internet0 -j MASQUERADE
# iptables-save > /etc/iptables/iptables.rules
# systemctl start iptables

And this from Router: https://wiki.archlinux.org/index.php/Si … AT_gateway

The first seemed to work better, but neither allow me any internet connection. This is without the tunnel also.

[edit] Would this problem be related to dns resolution? Should I be setting up a dnsmasq server also?

Last edited by Danice123 (2013-08-26 03:31:16)

Offline

#7 2013-08-26 03:35:27

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,130

Re: [Solved]SSH tunnel server setup

Is the interface name really internet0?

You should post the output of iptables --list-rules. [Assuming you are using ipv4.]

Last edited by cfr (2013-08-26 03:38:08)


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#8 2013-08-26 03:36:46

Danice123
Member
Registered: 2013-08-25
Posts: 17

Re: [Solved]SSH tunnel server setup

No sorry, I just posted the example off the page. My interfaces are enp2s0 and emp3s5, and I did switch the names in.

The other ends up being:

# Generated by iptables-save v1.4.19.1 on Mon Aug 26 11:12:54 2013
*filter
:INPUT ACCEPT [1703:163541]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [128:11660]
:fw-interfaces - [0:0]
:fw-open - [0:0]
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j fw-interfaces
-A FORWARD -j fw-open
-A FORWARD -j REJECT --reject-with icmp-host-unreachable
-A fw-interfaces -i enp2s0 -j ACCEPT
COMMIT
# Completed on Mon Aug 26 11:12:54 2013
# Generated by iptables-save v1.4.19.1 on Mon Aug 26 11:12:54 2013
*nat
:PREROUTING ACCEPT [428:45078]
:INPUT ACCEPT [428:45078]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o enp2s0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.0/24 -o enp3s5 -j MASQUERADE
COMMIT
# Completed on Mon Aug 26 11:12:54 2013

Last edited by Danice123 (2013-08-26 03:38:57)

Offline

#9 2013-08-26 03:38:43

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,130

Re: [Solved]SSH tunnel server setup

Please post the output of iptables --list-rules. [Assuming you are using ipv4.]


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#10 2013-08-26 03:44:12

Danice123
Member
Registered: 2013-08-25
Posts: 17

Re: [Solved]SSH tunnel server setup

-P INPUT ACCEPT
-P FORWARD DROP
-N fw-interfaces
-N fw-open
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j fw-interfaces
-A FORWARD -j fw-open
-A FORWARD -j REJECT --reject-with icmp-host-unreach
-A fw-interfaces -i enp2s0 -j ACCEPT

Offline

#11 2013-08-27 01:13:33

Danice123
Member
Registered: 2013-08-25
Posts: 17

Re: [Solved]SSH tunnel server setup

I finally switched to using netctl and bridging my two ethernet cards, which works great.

Offline

Board footer

Powered by FluxBB