Created
May 1, 2011 18:23
-
-
Save leto/950711 to your computer and use it in GitHub Desktop.
Hard to reproduce sshuttle bug
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ ./sshuttle --dns -r leto@example.com 0/0 -vv | |
Starting sshuttle proxy. | |
Binding: 12300 | |
Listening on ('127.0.0.1', 12300). | |
DNS listening on ('127.0.0.1', 12300). | |
[local sudo] Password: | |
Sorry, try again. | |
[local sudo] Password: | |
firewall manager ready. | |
c : connecting to server... | |
c : executing: ['ssh', 'leto@example.com', '--', 'P=python2; $P -V 2>/dev/null || P=python; "$P" -c \'import sys; skip_imports=1; verbosity=2; exec compile(sys.stdin.read(764), "assembler.py", "exec")\''] | |
c : > channel=0 cmd=PING len=7 (fullness=0) | |
server: assembling 'cmdline_options.py' (29 bytes) | |
server: assembling 'helpers.py' (693 bytes) | |
server: assembling 'ssubprocess.py' (13702 bytes) | |
server: assembling 'ssnet.py' (5100 bytes) | |
server: assembling 'hostwatch.py' (2242 bytes) | |
server: assembling 'server.py' (2380 bytes) | |
s: latency control setting = True | |
s: available routes: | |
s: 173.255.217.0/24 | |
s: > channel=0 cmd=PING len=7 (fullness=0) | |
s: > channel=0 cmd=ROUTES len=17 (fullness=7) | |
s: Waiting: 1 r=[4] w=[5] x=[] (fullness=24/0) | |
s: Ready: 1 r=[] w=[5] x=[] | |
s: mux wrote: 15/15 | |
s: mux wrote: 25/25 | |
s: Waiting: 1 r=[4] w=[] x=[] (fullness=24/0) | |
c : connected. | |
Connected. | |
c : Waiting: 3 r=[3, 5, 9] w=[9] x=[] (fullness=7/0) | |
c : Ready: 3 r=[9] w=[9] x=[] | |
c : < channel=0 cmd=PING len=7 | |
c : > channel=0 cmd=PONG len=7 (fullness=7) | |
c : < channel=0 cmd=ROUTES len=17 | |
firewall manager: starting transproxy. | |
>> iptables -t nat -N sshuttle-12300 | |
>> iptables -t nat -F sshuttle-12300 | |
>> iptables -t nat -I OUTPUT 1 -j sshuttle-12300 | |
>> iptables -t nat -I PREROUTING 1 -j sshuttle-12300 | |
>> iptables -t nat -A sshuttle-12300 -j RETURN --dest 127.0.0.0/8 -p tcp | |
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 0.0.0.0/0 -p tcp --to-ports 12300 -m ttl ! --ttl 42 | |
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest XX.7.43.10/32 -p udp --dport 53 --to-ports 12300 -m ttl ! --ttl 42 | |
>> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest XX.7.33.10/32 -p udp --dport 53 --to-ports 12300 -m ttl ! --ttl 42 | |
c : mux wrote: 15/15 | |
c : mux wrote: 15/15 | |
c : Waiting: 3 r=[3, 5, 9] w=[] x=[] (fullness=14/0) | |
Write failed: Broken pipe | |
c : Ready: 3 r=[9] w=[] x=[] | |
firewall manager: undoing changes. | |
>> iptables -t nat -D OUTPUT -j sshuttle-12300 | |
>> iptables -t nat -D PREROUTING -j sshuttle-12300 | |
>> iptables -t nat -F sshuttle-12300 | |
>> iptables -t nat -X sshuttle-12300 | |
c : fatal: server died with error code 255 |
This fixed the problem for me:
I added the--exclude XXX.XXX.XX.XXX
option, where the Xs are the IP addresses of the server.
Here is a link to the original answer:
https://www.reddit.com/r/archlinux/comments/7kxdvw/trouble_running_sshuttle_these_days/
This totally makes sense, I was getting the error broken pipe
and server died with error code 255
, but of course, the connection to the server was lost as soon as the firewall started enforcing every connections, including the current ssh client.
wow Thanks 👍
--exclude XXX.XXX.XX.XXX
Yup, thanks! 👍
sshuttle <user>@<server-ip> --exclude <server-ip> ...
Thanks! 💯
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This solved my problem.
Thanks 👍