16

Has anyone fixed 'firewall.py' for sshuttle to use PF instead of IPFW for the Yosemite 10.10 update?

https://github.com/apenwarr/sshuttle
https://github.com/apenwarr/sshuttle/blob/master/firewall.py

I have looked around for a fix, but nothing seems to be available yet. I am more of rails guy, and don't know python too well. Besides being able to make a little sense of it, I don't know where to begin with making this change and hoping the community could help, or hoping someone has a fork already fixed.

nil
  • 2,238
  • 1
  • 19
  • 28
  • For anyone dealing with this, I found the best solution is doing a standard ssh tunnel. You can do this by ssh -D 5000 -N user@server and setting your browser's proxy setting to use SOCKS at 127.0.0.1 port 5000 -- This will of course tunnel all web traffic, so be sure to change whatever protocol you're using. – nil Oct 19 '14 at 17:20
  • SSH tunnel will not give you the flexibility of sshuttles. Even if you confiure system level proxy to use ssh tunnel, some apps still won't use that configuration. So I would prefer sshhutle. I hope a fix for Yosemite will come soon. – Iarwa1N Oct 19 '14 at 20:35
  • @larwa1N Yea I agree. Also you might need to speed it up. If you're using it and it's slow, you can use this link to help: http://jeromejaglale.com/doc/mac/fix_ssh_connection_delays – nil Oct 20 '14 at 14:21
  • Unrelated to sshuttle, but I actually went with setting my vps as a vpn instead, and it is a lot faster than ssh tunneling and sshuttle. sshutle has been awesome and is really handy is some circumstances, but I think I'll stick with VPN for a while. And I like that that UDP and TCP are both being transferred. – nil Oct 22 '14 at 03:30
  • I spent a while trying to get PacketFilter to work. There seems to be a feature missing. I wrote it up here: [Using PacketFilter to transparently proxy packets in OS X](http://stackoverflow.com/questions/25873329/using-packetfilter-to-transparently-proxy-packets-in-os-x) – Matt Smith Apr 06 '15 at 01:18

2 Answers2

10

Update: The pull request mentioned below, still fails after some time.

Original answer

Philip Thrasher har finalized Fredrik Gustafsson's work and created a pull request for sshuttle.

I tried it out and was able to get it to work (at the least for outgoing connections). I used this script:

#/bin/bash
sudo echo "Installing PyXAPI"
curl -O http://www.pps.univ-paris-diderot.fr/~ylg/PyXAPI/PyXAPI-0.1.tar.gz
tar -xzvf PyXAPI-0.1.tar.gz
cd PyXAPI-0.1
./configure
make
sudo make install
cd ..

echo "Installing autossh"
brew update
brew install autossh

echo "Getting sshuttle"
git clone https://github.com/pthrasher/sshuttle.git
cd sshuttle/src/
echo "Please add '`pwd`' to your path or run 'alias sshuttle=`pwd`/sshuttle'"

after this I can run it like usual 

sshuttle -r user@server 0.0.0.0/0 -vv
Tobber
  • 7,211
  • 8
  • 33
  • 56
8

Taken from Tom Luff's comment in the Google Group:

There are a few forks of the repository that have begun work on supporting the new packet filter interface (pfctl). I've not actually tried any of them yet but it could be worth looking over them.

This seems to be the most recent: https://github.com/zabracks/sshuttle/

This also looks promising: https://github.com/jagheterfredrik/sshuttle

petehare
  • 1,874
  • 16
  • 14
  • Did you do anything special to get zabracks' fork to work? When I try it seems to launch fine, but doesn't do any proxying. – Tobber Jan 21 '15 at 12:12
  • @Tobber I'm sorry, you're right. I thought it was working however I was looking at cached content. I've updated my answer to reflect. – petehare Jan 22 '15 at 17:27
  • https://github.com/jagheterfredrik/sshuttle.git works in Mac OS X 10.10 – torayeff Apr 05 '15 at 11:04