[ppp][vpn][ssh]通过 ssh 建立 ppp 通道, 以及重定向客户端 http 请求 Options

[猫猫草]

代码

# pppd can easily be used to create a tunnel through an SSH server:
# https://wiki.archlinux.org/index.php/VPN_over_SSH#Using_PPP_over_SSH
/usr/sbin/pppd updetach noauth silent nodeflate pty \
    "/usr/bin/ssh root@remote-gw /usr/sbin/pppd nodetach notty noauth" \
    ipparam vpn 10.0.8.1:10.0.8.2

# route -n
#Kernel IP routing table
#Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
#0.0.0.0         172.19.111.253  0.0.0.0         UG    0      0        0 eth0
#10.0.8.2        0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
#172.19.96.0     0.0.0.0         255.255.240.0   U     0      0        0 eth0

# https://unix.stackexchange.com/questions/21093/output-traffic-on-different-interfaces-based-on-destination-port
# Edit /etc/iproute2/rt_tables and add a new table by appending the following line:
#200 proxy-route
# Populate secondary routing table
ip route add default via 10.0.8.2 dev ppp0 table proxy-route
# Anything with this fwmark will use the secondary routing table
ip rule add fwmark 0x1 table proxy-route
# Mark these packets so that iproute can route it through wlan-route
iptables -A OUTPUT -t mangle -o eth0 -p udp --dport 53 -j MARK --set-mark 1
iptables -A OUTPUT -t mangle -o eth0 -p tcp --dport 80 -j MARK --set-mark 1
iptables -A OUTPUT -t mangle -o eth0 -p tcp --dport 443 -j MARK --set-mark 1
# now rewrite the src-addr
iptables -A POSTROUTING -t nat -o ppp0 -p udp --dport 53 -j SNAT --to 10.0.8.1
iptables -A POSTROUTING -t nat -o ppp0 -p tcp --dport 80 -j SNAT --to 10.0.8.1
iptables -A POSTROUTING -t nat -o ppp0 -p tcp --dport 443 -j SNAT --to 10.0.8.1

for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $f; done