Re: [qubes-users] sshuttle?

Peter_Palensky · March 30, 2024, 11:52am

I need a sys-sshuttle qube to encapsulate traffic via sshuttle. Locally (from sys-sshuttle) it works, but connected qubes get the previously mentioned “no connection to host” message.

Played around with various nft ideas, but no success.

tcpdump on the vif shows requests (e.g. DNS, http, etc.) but they are not answered.

How do i redirect incoming traffic from vif to the sshuttle process listening on port 12300 as it is happening with local traffic?

Tim_Faber · March 30, 2024, 2:00pm

Hi Peter,

that does the trick for me (in /rw/config/rc.local on Qubes 4.1):
iptables -I INPUT 2 -i vif+ -j ACCEPT
ip route add local default dev lo table 100
ip rule add fwmark 1 lookup 100

sshuttle --dns -D --method tproxy --exclude REMOTE_SERVER --exclude 10.0.0.0/8 --disable-ipv6 --listen 0.0.0.0:0 -r REMOTE_SERVER 0/0

All the best

Peter_Palensky · March 30, 2024, 6:54pm

Thanks Tim! In my case (Qubes 4.2) it was

nft add rule ip qubes custom-input iifname “vif*” accept