ssh+tun生成的老式vpn "Virtual Private Networks" via the tunnel driver
SSH Server S 111.111.111.111
Client Server C 10.0.0.20
client.lan ssh gateway private network
eth0 10.10.0.20 <--DSL-nat--> eth0 gw.example.com------------->jailbreak
tun0 10.0.2.2 <-pointopoint-> tun0 10.0.2.1
Client Server C:ssh -w 0:0 username@111.111.111.111
SSH Server S:ifconfig tun0 10.0.2.1 netmask 255.255.255.252 pointopoint 10.0.2.2
设定server S的tun0的ip地址及点对点到10.0.2.2
sysctl -w net.ipv4.ip_forward=1
开启ip转发功能
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
源地址发送数据--> {PREROUTING-->路由规则-->POSTROUTING} -->目的地址接收到数据
MASQUERADE 改写封包来源 IP 为防火墙 NIC IP,可以指定 port 对应的范围,进行完此处理动作后,直接跳往下一个规则炼(mangle:postrouting)。
route add -net 10.0.0.0/24 gw 10.0.2.2 dev tun0
添加路由规则,凡是Client的数据都由tun0,即10.0.2.2转发过去
Client Server C:ifconfig tun0 10.0.2.2 netmask 255.255.255.252 pointopoint 10.0.2.1
设定Client的tun0的ip地址及点对点到10.0.2.1
route add -net 111.111.111.0/24 gw 10.0.2.1 dev tun0
凡是到Server S的数据都走tun0,即10.0.2.1
route add 111.111.111.111 gw 10.0.0.1
走111.111.111.111的数据经过client的网关10.0.0.1
route add default gw 10.0.2.1 tun0
默认网关变为走tun0
route del default gw 10.0.0.1
删除原来网关
Done.
ssh+transocks_ev
ssh -D 7070 -N user@RemoteHost
./transocks_ev -f -p 1211 -s 7070 -S 127.0.0.1
iptables -t nat -N transocks
iptables -t nat -I transocks -o lo -j RETURN
iptables -t nat -I transocks -p tcp -d 127.0.0.1 --dport 7070 -j RETURN
iptables -t nat -I transocks -p udp -d 127.0.0.1 --dport 7070 -j RETURN
iptables -t nat -A transocks -p tcp -j REDIRECT --to-port 1211
iptables -t nat -A transocks -p udp -j REDIRECT --to-port 1211
iptables -t nat -A PREROUTING -j transocks
cmwap
iptables -t nat -A OUTPUT -o rmnet0 -p tcp –dport 80 -j DNAT –to-destination 10.0.0.172:80
something going on
没有评论:
发表评论