我正在尝试将来自客户端的流量重定向到外部代理服务器。
我有以下架构
+----------------------------+
| |
| External Server |
| |
+------------+---------------+
|eth0 public ip
|
|
|
|eth0 pubic ip
+------------+---------------+
| |
| Localnet Gateway |
| |
+------------+---------------+
|eth0 192.168.1.1
|
|
|
|
|
+---------------------+ | +--------------------+
| | | eth0 192.168.1.3| |
| Client +--------------+-----------------+ Clients gateway |
| |eth0 192.168.1.2 | |
| | | |
+---------------------+ +--------------------+
我跑了穿梭巴士在客户端网关上,它将所有流量从Clients gateway服务器隧道传输到外部服务器,但不会传输来自客户端的流量。当转储 tcp 连接时,Clients gateway我可以看到响应并回复到客户端,但无法连接到互联网。这些是运行 sshuttle 后的 iptables:
*nat
:PREROUTING ACCEPT [145:13378]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:sshuttle-12300 - [0:0]
-A PREROUTING -j sshuttle-12300
-A POSTROUTING -s 192.168.1.2/32 -j SNAT --to-source 192.168.1.3
-A OUTPUT -j sshuttle-12300
-A sshuttle-12300 -d 127.0.0.0/8 -p tcp -j RETURN
-A sshuttle-12300 -p tcp -j REDIRECT --to-ports 12300
输出tcpdump -nni eth0 host 192.168.1.2 and port 80:
21:10:22.812066 IP 85.12.58.8.80 > 192.168.1.2.64833: Flags [R.], seq 0, ack 1, win 0, length 0
21:10:23.313912 IP 192.168.1.2.64833 > 85.12.58.8.80: Flags [S], seq 4176760380, win 8192, options [mss 1460,nop,nop,sackOK], length 0
21:10:23.313926 IP 85.12.58.8.80 > 192.168.1.2.64833: Flags [R.], seq 0, ack 1, win 0, length 0
21:10:23.316556 IP 192.168.1.2.64834 > 212.73.221.202.80: Flags [S], seq 1828956934, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
21:10:23.316571 IP 212.73.221.202.80 > 192.168.1.2.64834: Flags [R.], seq 0, ack 1828956935, win 0, length 0
21:10:23.816987 IP 192.168.1.2.64834 > 212.73.221.202.80: Flags [S], seq 1828956934, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
21:10:23.817020 IP 212.73.221.202.80 > 192.168.1.2.64834: Flags [R.], seq 0, ack 1, win 0, length 0
21:10:24.317986 IP 192.168.1.2.64834 > 212.73.221.202.80: Flags [S], seq 1828956934, win 8192, options [mss 1460,nop,nop,sackOK], length 0
21:10:24.318001 IP 212.73.221.202.80 > 192.168.1.2.64834: Flags [R.], seq 0, ack 1, win 0, length 0
21:10:24.323263 IP 192.168.1.2.64836 > 38.124.168.119.80: Flags [S], seq 695092282, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
21:10:24.323277 IP 38.124.168.119.80 > 192.168.1.2.64836: Flags [R.], seq 0, ack 695092283, win 0, length 0
21:10:24.831593 IP 192.168.1.2.64836 > 38.124.168.119.80: Flags [S], seq 695092282, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
21:10:24.831623 IP 38.124.168.119.80 > 192.168.1.2.64836: Flags [R.], seq 0, ack 1, win 0, length 0
如您所见,服务器响应了客户端,但仍然无法连接到互联网。
有什么帮助吗?