Using Sshuttle in Daily Work
I was first introduced to sshuttle by Sooyoung (@5ooyoung) in Favorite Medium as a workaround to The Great Firewall in China.
Since then, it has become my light-weight network tunneling tool in daily work.
Install sshuttle
The installation is easy now. You can install it through Mac OSX Homebrew, or Ubuntu apt-get.
1 |
|
I use sshuttle to..
1. Tunnel all traffic
This is the first command I learned. It forwards all TCP traffic and DNS requests to a remote SSH server.
1 |
|
Just like ssh
, you can use any server specified in ~/.ssh/config
. The -v
flag means verbose mode.
Besides TCP and DNS, currently sshuttle
does not forward other requests such as UDP, ICMP ping etc.
2. Tunnel all traffic, but exclude some
You can exclude certain TCP traffic using -x
option.
1 |
|
For instance, when I am in China, I don’t want to tunnel Youku.com traffic to a foreign server, because its movie streaming service is only available within China.
In this case, I use -x
option to exclude Youku.com IP addresses.
3. Tunnel only certain traffic
To tunnel only certain TCP traffic, specify the IP addresses or IP ranges that need tunneling.
1 |
|
This command comes in handy, whenever I need to test an app feature (e.g. Netflix movie streaming) which only available in certain countries, or to bypass ISP faulty caches.
4. VPN to office network
I seldom do VPN, but all you need is the remote SSH server with -NH
flags turned on.
1 |
|
-N
flag tells sshuttle to figure out by itself the IP subnets to forward, and -H
flag to scan for hostnames within remote subnets and store them temporarily in /etc/hosts
.
IP addresses.. troublesome?
Well, I try not to deal with IP addresses manually. So I wrote a few sshuttle helpers (tnl
, tnlbut
, tnlonly
, vpnto
) that allow me to use domain names instead of IP addresses:
Tunnel all traffic
1 |
|
Tunnel all traffic, but exclude some
1 |
|
Tunnel only certain traffic
1 |
|
VPN to office network
1 |
|
The script is available on my GitHub repo. You can load it into your ~/.bashrc
. To override the default tunneling SSH server in the script:
1 |
|
原文:http://teohm.github.com/blog/2012/04/01/using-sshuttle-in-daily-work/
我曾在“sshuttle: 穷人的VPN”、“关闭ssh tunnel的shell帐号如果做代理”和“Elitter – 提供免费shell账户、web主机和DNS服务”提到过Sshuttle这个程序,本文更为详细,有兴趣的看看。
这个以前也用过,好用。