这是我的情况: 我有一个基于lambci / lambda:build-nodejs8.10在docker容器中本地运行的应用程序。该应用程序通过两个URL将https请求发送到远程服务器。但是,远程服务器仅接受来自我的办公室网络的IP发出的请求。我可以使用VPN连接到办公室网络,但未配置为仅向我访问网络上的计算机的路由。我所能做的就是在办公室网络中的SSH服务器上上网,这些机器确实可以访问互联网。
尝试解决方案和以前的解决方案: 在我只需要向一个URL发送请求之前,请说remote1.com。我已经通过在ssh上转发端口来解决了这个问题,就像这样:
将remote1.com的流量重定向到本地主机:
echo "127.0.0.1 remote1.com" >> /etc/hosts
通过ssh将流量转发到127.0.0.1:443到office.machine.com:
ssh user@office.machine.com -L 443:remote1.com:443
这对于一个远程URL非常有效。尝试执行步骤2-4两次将不起作用,因为该端口已被转发。
我尝试在docker-container上运行shuttle。安装它工作正常(通过克隆git repo):
git clone https://github.com/sshuttle/sshuttle.git
cd sshuttle
sudo ./setup.py install
但是运行它会导致以下错误:
iptables v1.4.18: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
firewall manager: undoing changes.
firewall manager: undoing IPv4 changes.
iptables v1.4.18: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
firewall manager: Error trying to undo IPv4 firewall.
firewall manager: ---> Traceback (most recent call last):
firewall manager: ---> File "/usr/local/lib/python2.7/site-packages/sshuttle-0.78.5.dev10+g561b648-py2.7.egg/sshuttle/firewall.py", line 270, in main
firewall manager: ---> method.restore_firewall(port_v4, socket.AF_INET, udp, user)
firewall manager: ---> File "/usr/local/lib/python2.7/site-packages/sshuttle-0.78.5.dev10+g561b648-py2.7.egg/sshuttle/methods/nat.py", line 99, in restore_firewall
firewall manager: ---> if ipt_chain_exists(family, table, chain):
firewall manager: ---> File "/usr/local/lib/python2.7/site-packages/sshuttle-0.78.5.dev10+g561b648-py2.7.egg/sshuttle/linux.py", line 33, in ipt_chain_exists
firewall manager: ---> raise Fatal('%r returned %d' % (argv, rv))
firewall manager: ---> Fatal: ['iptables', '-t', 'nat', '-nL'] returned 3
firewall manager: undoing /etc/hosts changes.
firewall manager: Error trying to undo /etc/hosts changes.
firewall manager: ---> Traceback (most recent call last):
firewall manager: ---> File "/usr/local/lib/python2.7/site-packages/sshuttle-0.78.5.dev10+g561b648-py2.7.egg/sshuttle/firewall.py", line 282, in main
firewall manager: ---> restore_etc_hosts(port_v6 or port_v4)
firewall manager: ---> File "/usr/local/lib/python2.7/site-packages/sshuttle-0.78.5.dev10+g561b648-py2.7.egg/sshuttle/firewall.py", line 51, in restore_etc_hosts
firewall manager: ---> rewrite_etc_hosts({}, port)
firewall manager: ---> File "/usr/local/lib/python2.7/site-packages/sshuttle-0.78.5.dev10+g561b648-py2.7.egg/sshuttle/firewall.py", line 30, in rewrite_etc_hosts
firewall manager: ---> os.link(HOSTSFILE, BAKFILE)
firewall manager: ---> OSError: [Errno 18] Invalid cross-device link
fatal: ['iptables', '-t', 'nat', '-nL'] returned 3
c : fatal: cleanup: ['/usr/bin/python', '/usr/local/bin/sshuttle', '-v', '-v', '--method', 'auto', '--firewall'] returned 99
s: Ready: 1 r=[4] w=[] x=[]
我可以做什么和不能做什么:
可以:
不能:
是否可以通过ssh通过办公室计算机运行在docker容器中运行的应用程序中的所有(或对两个特定url的所有HTTPS请求)所有TCP流量?
答案 0 :(得分:0)
也许proxychains可以为您提供帮助。
首先,更改您的ssh命令以在端口9050上打开袜子代理:
ssh user@office.machine.com -D 9050
然后将您的docker映像配置为启动节点,如下所示:
proxychains node --node_parameters
这将导致从节点应用程序发出的所有请求都通过位于本地主机:9050的socks代理传递。