Just like ssh, you can use any server specified in ~/.ssh/config.
The -v flag means verbose mode.
Besides TCP and DNS, currently sshuttledoes not forward other requests
such as UDP, ICMP ping etc.
2. Tunnel all traffic, but exclude some
You can exclude certain TCP traffic using -x option:
For instance, when I am in China, I don’t want to tunnel
Youku.com traffic to a foreign server,
because its movie streaming service is only available within China.
In this case, I use -x option to exclude Youku.com IP addresses.
3. Tunnel only certain traffic
To tunnel only certain TCP traffic, specify the IP addresses
or IP ranges that need tunneling.
This command comes in handy, whenever I need to test an app feature (e.g. Netflix movie streaming)
which only available in certain countries, or to bypass ISP faulty caches.
4. VPN to office network
I seldom do VPN, but all you need is the remote SSH server with -NH flags turned on.
sshuttle -NHvr office_ssh_server
-N flag tells sshuttle to figure out by itself the IP subnets to forward,
and -H flag to scan for hostnames within remote subnets and store them temporarily in /etc/hosts.
IP addresses.. troublesome?
Well, I try not to deal with IP addresses manually. So I wrote a few
sshuttle helpers
(tnl, tnlbut, tnlonly, vpnto) that allow me to use domain names instead of IP addresses:
Tunnel all traffic:
tnl
Tunnel all traffic, but exclude some:
tnlbut youku.com weibo.com
Tunnel only certain traffic:
tnlonly netflix.com movies.netflix.com
VPN to office network:
vpnto office_ssh_server
The script is available on my GitHub repo.
You can load it into your ~/.bashrc. To override the default tunneling SSH server in the script:
TNL_SERVER=user@another_server tnl
from http://teohm.github.com/blog/2012/04/01/using-sshuttle-in-daily-work/
---------------------------
仅能在linux桌面系统/mac下使用。
----------------------------------
Luckily for us, there’s this awesome tool called sshuttle.
Sshuttle allows you to setup what’s called IP-over-SSH. Basically it runs a local proxy server to a remote server over SSH and changes the routing for your machine to send everything through that proxy.
Besides giving you access to all the services you need, you also encrypt (e.g. hide) all your traffic from the prying eyes of any sys admins on the local network.
Installing sshuttle on your Mac is a breeze
$ brew install sshuttle
Then you can setup an IP-over-SSH connection to any remote server you have SSH access to. You’ll need your local admin password in order to setup routing properly.
$ sshuttle -r username@server 0/0 -vv
This routes all traffic over the tunnel towards server. Use on of those online ip checkers to see that you’re actually using your server’s IP address.
In the future you may want to change the -vv verbose option out and swap in -D to run in daemon mode.
The one thing this does not do is DNS. DNS is still done using your locally configured DNS server, mostly for speed.
Not to worry, you can go ‘full stealth’ with the --dns options, which also routes DNS over to the remote server:
$ sshuttle --dns -r username@server 0/0 -vv
To stop using your IP-over-SSH connection, simply press CTRL-C twice and sshuttle should restore your normal networking connections.
If sshuttle does not restore the connection properly, you can do so manually:
