You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have an Ubuntu 18.04 server in which I've created two virtual interface pairs (veth0a & veth0b) and assigned the end of one interface (veth0b) to a new network namespace (netns0):
ip netns add netns0
ip netns exec netns0 ip link set lo up
ip link add veth0a type veth peer name veth0b
ip link set veth0b netns netns0
I then used firejail to force a specific user (test-user) to use this new namespace by default by setting /usr/bin/firejail as the default shell for this user and by adding the following to the /etc/firejail/login.users file:
test-user: --netns=netns0
I've ran the following test to make sure this works:
Run tshark -i veth0a -f "port 443" from the root account
SSH into the server as test-user
Run curl https://1.1.1.1 as SSH user
The tshark output shows the proper veth0b source IP address for the 1.1.1.1 traffic.
The issue I'm running into is when trying to use the test-user account to establish socks5 dynamic port forwarding over SSH:
ssh -D 10000 -q -C -N test-user@server_ip
Running this command from my laptop or workstation allows me to establish a local socks5 server on port 1000 and tunnel it over the SSH connection. Setting this as my local socks5 proxy and going to https://api.ipify.org demonstrates that the proxy is working and that my laptop is using the server's IP address.
The issue is that the sock5 traffic does not appear to be going through the proper namespace. In other words, while browsing the web on my laptop while connected to the socks5 server over the test-user ssh connection my traffic does not appear in tshark -i veth0a.
The text was updated successfully, but these errors were encountered:
I have an Ubuntu 18.04 server in which I've created two virtual interface pairs (veth0a & veth0b) and assigned the end of one interface (veth0b) to a new network namespace (netns0):
I then used firejail to force a specific user (test-user) to use this new namespace by default by setting
/usr/bin/firejailas the default shell for this user and by adding the following to the/etc/firejail/login.usersfile:I've ran the following test to make sure this works:
tshark -i veth0a -f "port 443"from the root accountcurl https://1.1.1.1as SSH userThe tshark output shows the proper veth0b source IP address for the 1.1.1.1 traffic.
The issue I'm running into is when trying to use the test-user account to establish socks5 dynamic port forwarding over SSH:
Running this command from my laptop or workstation allows me to establish a local socks5 server on port 1000 and tunnel it over the SSH connection. Setting this as my local socks5 proxy and going to
https://api.ipify.orgdemonstrates that the proxy is working and that my laptop is using the server's IP address.The issue is that the sock5 traffic does not appear to be going through the proper namespace. In other words, while browsing the web on my laptop while connected to the socks5 server over the test-user ssh connection my traffic does not appear in tshark -i veth0a.
The text was updated successfully, but these errors were encountered: