[ppp][vpn][ssh]通过 ssh 建立 ppp 通道, 以及重定向客户端 http 请求 |
[ppp][vpn][ssh]通过 ssh 建立 ppp 通道, 以及重定向客户端 http 请求 |
2018-04-14 15:54:45, Sat
Post
#1
|
|
猫猫猫 Group: Power Cat Posts: 626 Joined: 2006-12-8 Member No.: 2 |
代码 # pppd can easily be used to create a tunnel through an SSH server:
# https://wiki.archlinux.org/index.php/VPN_over_SSH#Using_PPP_over_SSH /usr/sbin/pppd updetach noauth silent nodeflate pty \ "/usr/bin/ssh root@remote-gw /usr/sbin/pppd nodetach notty noauth" \ ipparam vpn 10.0.8.1:10.0.8.2 # route -n #Kernel IP routing table #Destination Gateway Genmask Flags Metric Ref Use Iface #0.0.0.0 172.19.111.253 0.0.0.0 UG 0 0 0 eth0 #10.0.8.2 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 #172.19.96.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0 # https://unix.stackexchange.com/questions/21093/output-traffic-on-different-interfaces-based-on-destination-port # Edit /etc/iproute2/rt_tables and add a new table by appending the following line: #200 proxy-route # Populate secondary routing table ip route add default via 10.0.8.2 dev ppp0 table proxy-route # Anything with this fwmark will use the secondary routing table ip rule add fwmark 0x1 table proxy-route # Mark these packets so that iproute can route it through wlan-route iptables -A OUTPUT -t mangle -o eth0 -p udp --dport 53 -j MARK --set-mark 1 iptables -A OUTPUT -t mangle -o eth0 -p tcp --dport 80 -j MARK --set-mark 1 iptables -A OUTPUT -t mangle -o eth0 -p tcp --dport 443 -j MARK --set-mark 1 # now rewrite the src-addr iptables -A POSTROUTING -t nat -o ppp0 -p udp --dport 53 -j SNAT --to 10.0.8.1 iptables -A POSTROUTING -t nat -o ppp0 -p tcp --dport 80 -j SNAT --to 10.0.8.1 iptables -A POSTROUTING -t nat -o ppp0 -p tcp --dport 443 -j SNAT --to 10.0.8.1 for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $f; done |
|
|
Lo-Fi Version | Time is now: 2024-11-1 22:41 |