File size: 4,552 Bytes
6c71751 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 |
# Docker-based SSH/SOCKS5 NAT Gateway
This project sets up a Docker-based NAT Gateway using SSH Tunneling and a SOCKS5 proxy on Ubuntu 22.04. It allows you to route traffic from connected clients through the SOCKS5 proxy, which then uses the Docker host's internet connection with NAT.
## Project Structure
```
project-root/
βββ Dockerfile
βββ docker-compose.yml
βββ entrypoint.sh
βββ ssh-config/ # Contains SSH server configuration and authorized_keys
β βββ sshd_config
β βββ authorized_keys
β βββ tunneluser_key # Private key for SSH tunneling (KEEP THIS SECURE!)
β βββ tunneluser_key.pub # Public key for SSH tunneling
βββ socks5-config/ # Contains Dante SOCKS5 server configuration
βββ danted.conf
```
## Setup Instructions
### Prerequisites
- Docker installed on your Ubuntu 22.04 host.
- `docker-compose` (version 1.29.2 or later) installed.
- An SSH client on your local machine (e.g., OpenSSH client).
### 1. Clone the Repository (or create files manually)
If you receive a zip file, extract it. Otherwise, create the `project-root` directory and the files as structured above.
### 2. Build and Run the Docker Container
Navigate to the `project-root` directory in your terminal and run:
```bash
sudo docker-compose up --build -d
```
This command will:
- Build the Docker image (`ssh-socks-nat-gateway`).
- Start the `nat-gateway` service in detached mode (`-d`).
- Map host port `2222` to container SSH port `22`.
- Map host port `1080` to container SOCKS5 port `1080`.
- Mount the `ssh-config` and `socks5-config` directories into the container.
- Run the container with `NET_ADMIN` and `SYS_MODULE` capabilities and in privileged mode for network manipulation.
### 3. Verify the Setup
1. **Check Docker Container Status:**
```bash
sudo docker ps
```
You should see `nat-gateway` running.
2. **Check Container Logs:**
```bash
sudo docker logs nat-gateway
```
Look for messages indicating:
- "Detected public IP: YOUR_HOST_PUBLIC_IP" (the IP of your host machine)
- "SSH server started."
- "Dante SOCKS5 server started."
- "iptables NAT rules set."
### 4. Connect and Use the SOCKS5 Proxy
**A. Get your Host's Public IP:**
```bash
curl ifconfig.me
```
Let's assume your host's public IP is `YOUR_HOST_PUBLIC_IP` (e.g., `13.218.209.184`).
**B. Establish an SSH Tunnel (SOCKS5 Proxy) on your Local Machine:**
Open a terminal on your local machine (the one you want to route traffic from) and run the following command. Make sure you are in the directory where `tunneluser_key` is located.
```bash
ssh -i ssh-config/tunneluser_key -N -D 1080 tunneluser@YOUR_HOST_PUBLIC_IP -p 2222
```
- `-i ssh-config/tunneluser_key`: Specifies the private key for authentication.
- `-N`: Do not execute a remote command (just forward ports).
- `-D 1080`: Creates a dynamic SOCKS5 proxy on your local machine at port `1080`.
- `tunneluser@YOUR_HOST_PUBLIC_IP`: Connects to the SSH server on your Docker host as `tunneluser`.
- `-p 2222`: Specifies the SSH port on your Docker host.
Keep this terminal window open; the SSH tunnel will remain active as long as this command is running.
**C. Configure Your Applications/System to Use the SOCKS5 Proxy:**
Now, configure your applications (e.g., web browser, chat client) or your system's network settings to use a SOCKS5 proxy at `localhost:1080`.
- **Proxy Type:** SOCKS5
- **Proxy Host/Address:** `127.0.0.1` or `localhost`
- **Proxy Port:** `1080`
Once configured, all traffic from those applications will be routed through the SSH tunnel to your Docker container, and then out to the internet via the Docker host's NAT.
## Important Notes
- **Security:** Running Docker containers in `privileged` mode and with `NET_ADMIN`/`SYS_MODULE` capabilities grants significant power. Ensure your host system is secure. The `tunneluser_key` is your private key; **keep it secure and do not share it.**
- **IP Forwarding:** The `Dockerfile` and `entrypoint.sh` ensure IP forwarding is enabled and iptables rules are set up for NAT.
- **SOCKS5 vs. VPN:** This setup provides a SOCKS5 proxy, which is application-layer. It's not a full VPN tunnel that routes all system traffic by default. You need to configure applications to use the proxy. For system-wide routing, you might need additional tools (e.g., `proxychains` on Linux/macOS) or system-level proxy settings.
This setup provides a flexible and relatively easy-to-manage NAT gateway using SSH and SOCKS5.
|