I need container be able to use sshuttle tool.
I try either way in host or containner. But none of it will work.
Here's what I need:
I run : sshuttle -r [email protected] --dns 0/0
in host. It can help host application access internet via sshuttle. But for container, it can't resolve the DNS request. It seems --dns will affect container's DNS capability. how to make container work with host's sshuttle?
also if I run sshuttle inside the container. It seems container don't have the permission with "--dns"
option in sshuttle.
anyway, I need this option "--dns"
in container because it's the only way to get over government fire wall (GFW) in china.
anyone help to make it work?
Try sshuttle -l 0.0.0.0 --dns -vvr [email protected] 0/0
, that works for me. I guess we need -l 0.0.0.0
so that docker containers with "remote ip" can connect to the tunnel.
Normally, setting 0.0.0.0
entails listening on externally available interfaces, and this is also the case with sshuttle .
A more secure approach would be the following - on your host:
sshuttle
instance, listening on localhost,sshuttle
instance, listening on your docker host's virtual network interface.For example:
sshuttle --dns -r <your-ssh-server> 0/0
sshuttle -l 172.17.0.1 --dns -r <your-ssh-server> 0/0
Note that this will interfere with host <-> container communication (such as port binding), but it will allow for secure outside connections for your containers (you can further help yourself with excluding Docker's subnet, e.g. with -x 172.17.0.0/24
).
you can see your network bridge subnets and exclude it in sshuttle e.g,
sudo sshuttle -l 0.0.0.0:0 -r user@host -x host -x 127.0.0.1 -x 172.21.0.0/24 -x 172.22.0.0/24 -x 172.23.0.0/24 0/0 --dns
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With