I'm trying to redirect the traffic coming from clients to external proxy server.
I've the following architecture
+----------------------------+
| |
| External Server |
| |
+------------+---------------+
|eth0 public ip
|
|
|
|eth0 pubic ip
+------------+---------------+
| |
| Localnet Gateway |
| |
+------------+---------------+
|eth0 192.168.1.1
|
|
|
|
|
+---------------------+ | +--------------------+
| | | eth0 192.168.1.3| |
| Client +--------------+-----------------+ Clients gateway |
| |eth0 192.168.1.2 | |
| | | |
+---------------------+ +--------------------+
I ran sshuttle on clients' gateway and it tunnels all traffic from Clients gateway server to the external server, but not the traffic coming from clients.
When dumping tcp connections on Clients gateway I can see the response and reply to the client but can't connect to the internet. These are iptables after running sshuttle:
*nat
:PREROUTING ACCEPT [145:13378]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:sshuttle-12300 - [0:0]
-A PREROUTING -j sshuttle-12300
-A POSTROUTING -s 192.168.1.2/32 -j SNAT --to-source 192.168.1.3
-A OUTPUT -j sshuttle-12300
-A sshuttle-12300 -d 127.0.0.0/8 -p tcp -j RETURN
-A sshuttle-12300 -p tcp -j REDIRECT --to-ports 12300
and the tcpdump -nni eth0 host 192.168.1.2 and port 80 output:
21:10:22.812066 IP 85.12.58.8.80 > 192.168.1.2.64833: Flags [R.], seq 0, ack 1, win 0, length 0
21:10:23.313912 IP 192.168.1.2.64833 > 85.12.58.8.80: Flags [S], seq 4176760380, win 8192, options [mss 1460,nop,nop,sackOK], length 0
21:10:23.313926 IP 85.12.58.8.80 > 192.168.1.2.64833: Flags [R.], seq 0, ack 1, win 0, length 0
21:10:23.316556 IP 192.168.1.2.64834 > 212.73.221.202.80: Flags [S], seq 1828956934, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
21:10:23.316571 IP 212.73.221.202.80 > 192.168.1.2.64834: Flags [R.], seq 0, ack 1828956935, win 0, length 0
21:10:23.816987 IP 192.168.1.2.64834 > 212.73.221.202.80: Flags [S], seq 1828956934, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
21:10:23.817020 IP 212.73.221.202.80 > 192.168.1.2.64834: Flags [R.], seq 0, ack 1, win 0, length 0
21:10:24.317986 IP 192.168.1.2.64834 > 212.73.221.202.80: Flags [S], seq 1828956934, win 8192, options [mss 1460,nop,nop,sackOK], length 0
21:10:24.318001 IP 212.73.221.202.80 > 192.168.1.2.64834: Flags [R.], seq 0, ack 1, win 0, length 0
21:10:24.323263 IP 192.168.1.2.64836 > 38.124.168.119.80: Flags [S], seq 695092282, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
21:10:24.323277 IP 38.124.168.119.80 > 192.168.1.2.64836: Flags [R.], seq 0, ack 695092283, win 0, length 0
21:10:24.831593 IP 192.168.1.2.64836 > 38.124.168.119.80: Flags [S], seq 695092282, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
21:10:24.831623 IP 38.124.168.119.80 > 192.168.1.2.64836: Flags [R.], seq 0, ack 1, win 0, length 0
as you can see the server responses to the client but still unable to connect to the internet.
any help ?
0 Answers