If your anything like me you’ll have various ssh port forwarding tunnels set up to gain access to hosts on a private network through a jumphost or behind a firewall for which you don’t have a VPN. Every time I need to access to another port I add another configuration (or command line parameter) to my ssh tunnel.
Recently I hit a need for 1 tunnel too many. I started looking for a easier way and after a brief investigation into the possibilities with iptables I found the problem was already solved, I found sshuttle.
On Fedora 21 to install sshuttle
> sudo yum install sshuttle
Using sshuttle a user can ssh to a host and have all tcp traffic to a particular subnet be tunneled over the ssh connection
For example, for as long as I can remember I have been ssh’ing to “jumphostX” in order to access or tunnel ports to a private subnet (lets say 10.1.10.0/24), over time this becomes tiring
Instead I can now simply run the command
> sshuttle 10.1.10.0/24 -r jumphostX
sshuttle will create the iptables rule
-A sshuttle-12300 -d 10.1.10.0/24 -p tcp -m ttl ! –ttl-eq 42 -j REDIRECT –to-ports 12300
this will capture all of the tcp traffic bound for the private subnet and tunnel it through the ssh connection. I can now start tcp connections from my client machine as if I was plugged directly into the private network or on a VPN.
Its one way traffic, I don’t have an IP on the private subnet so can’t accept connections, sshuttle’s documentation describes it as a “poor man’s VPN” and its exactly what I was looking for.
Perhaps most of you who stumble across this post are already familiar with sshuttle but it somehow slipped passed me.