You are not logged in.

#1 2024-12-22 11:55:17

cgm999
Member
Registered: 2013-07-18
Posts: 24

openssh DNAT patch in AUR

Hi all,

For a very long time I was using a patch applied to openssh client to make easier tcp redirects using DNAT target in iptables (should work with nft as well). Patched package is named openssh-dnat in AUR.

How to use:
Start ssh with -L $listen_port:0:1 and then with an iptables rule redirect whatever tcp connections you want via $listen_port , which basically works like socks proxy except kernel will
know the end target and ssh client will get it using the patch (using getsockopt SO_ORIGINAL_DST).

Example of usage:
[user@arch ~]$ ssh -L6666:0:1 66.66.66.66

From root redirect 1.1.1.1 via this ssh connection:
[ root@arch ] # iptables -t nat -A OUTPUT -p tcp -j DNAT -d 1.1.1.1 --to-destination 127.0.0.1:6666

Now any tcp connection to 1.1.1.1 will be redirected via the ssh to 66.66.66.66 (just like a magic socks proxy).

Last edited by cgm999 (2024-12-22 11:55:40)

Offline

#2 2024-12-25 11:24:01

cgm999
Member
Registered: 2013-07-18
Posts: 24

Re: openssh DNAT patch in AUR

I also add dropbear-dnat in AUR  based on same patch , it works exactly the same like ssh client (-L5666:0:1)

Offline

#3 2025-01-15 12:07:22

cgm999
Member
Registered: 2013-07-18
Posts: 24

Re: openssh DNAT patch in AUR

This is not archlinux specific,to build a static dropbear client with the patch using docker:

[build@linux test-docker]$  cat alpine-dropbear-static/Dockerfile 

ARG BASEIMAGE
FROM alpine:edge

ENV USERID=1000
ENV USERNAME=builduser

RUN apk add --upgrade apk-tools

RUN apk upgrade --available

RUN apk add --no-cache alpine-sdk linux-headers \
        build-base clang openssl-dev linux-headers \
        gcc make musl-dev ncurses-static \
        openssl-libs-static zlib-dev zlib-static gnupg \
        flex bison lftp file bash xz autoconf automake

RUN addgroup -g ${USERID} -S ${USERNAME} && \
    adduser -u ${USERID} -S ${USERNAME} -G ${USERNAME} -s /bin/bash && \
    mkdir /src /dist && chown ${USERNAME}:${USERNAME} /src /dist

WORKDIR /src

ENV dropbearversion=2024.86
ENV ARCH=amd64
ENV PARALLEL=4

USER builduser

#for smaller size add to ./configure --disable-zlib
RUN wget https://dropbear.nl/mirror/releases/dropbear-${dropbearversion}.tar.bz2 && \
    wget -qO patch-dropbear-DNAT.txt 'https://aur.archlinux.org/cgit/aur.git/plain/patch-dropbear-DNAT.txt?h=dropbear-dnat' && \
    tar xvf dropbear-${dropbearversion}.tar.bz2 && \
    cd $(find . -maxdepth 1 -mindepth 1 -type d) && ls -lisah && pwd && \
    patch --ignore-whitespace -p1 < ../patch-dropbear-DNAT.txt && \
    autoreconf && \
    ./configure --enable-static --bindir=/usr/bin --prefix=/usr --sbindir=/usr/bin && \
    make -j$PARALLEL PROGRAMS='dbclient' && \
    mv dbclient /dist/dbclient.$ARCH && strip /dist/dbclient.$ARCH && chmod a+x /dist/dbclient.amd64 && \
    echo && ls -ld /dist/dbclient.amd64

# to get the image out:
RUN : to get file out: "docker run --rm alpine-dropbear-static cat /dist/dbclient.amd64 > dbclient.amd64"

[build@linux test-docker]$  
[build@linux test-docker]$  docker build  -t alpine-dropbear-static alpine-dropbear-static

Offline

Board footer

Powered by FluxBB