Hugging Face's logo

Spaces:
Fred808
/
NAT
Paused

App Files Community
NAT / README.md
Fred808's picture
Fred808
Upload 12 files
6c71751 verified
preview code
|
raw
history blame contribute delete
4.55 kB

Docker-based SSH/SOCKS5 NAT Gateway

This project sets up a Docker-based NAT Gateway using SSH Tunneling and a SOCKS5 proxy on Ubuntu 22.04. It allows you to route traffic from connected clients through the SOCKS5 proxy, which then uses the Docker host's internet connection with NAT.

Project Structure 

project-root/
β”œβ”€β”€ Dockerfile
β”œβ”€β”€ docker-compose.yml
β”œβ”€β”€ entrypoint.sh
β”œβ”€β”€ ssh-config/         # Contains SSH server configuration and authorized_keys
β”‚   β”œβ”€β”€ sshd_config
β”‚   β”œβ”€β”€ authorized_keys
β”‚   └── tunneluser_key  # Private key for SSH tunneling (KEEP THIS SECURE!)
β”‚   └── tunneluser_key.pub # Public key for SSH tunneling
└── socks5-config/      # Contains Dante SOCKS5 server configuration
    └── danted.conf

Setup Instructions

Prerequisites

  • Docker installed on your Ubuntu 22.04 host.
  • docker-compose (version 1.29.2 or later) installed.
  • An SSH client on your local machine (e.g., OpenSSH client).

1. Clone the Repository (or create files manually)

If you receive a zip file, extract it. Otherwise, create the project-root directory and the files as structured above.

2. Build and Run the Docker Container

Navigate to the project-root directory in your terminal and run:

sudo docker-compose up --build -d

This command will:

  • Build the Docker image (ssh-socks-nat-gateway).
  • Start the nat-gateway service in detached mode (-d).
  • Map host port 2222 to container SSH port 22.
  • Map host port 1080 to container SOCKS5 port 1080.
  • Mount the ssh-config and socks5-config directories into the container.
  • Run the container with NET_ADMIN and SYS_MODULE capabilities and in privileged mode for network manipulation.

3. Verify the Setup

  1. Check Docker Container Status:

    sudo docker ps

    You should see nat-gateway running.

  2. Check Container Logs:

    sudo docker logs nat-gateway

    Look for messages indicating:

    • "Detected public IP: YOUR_HOST_PUBLIC_IP" (the IP of your host machine)
    • "SSH server started."
    • "Dante SOCKS5 server started."
    • "iptables NAT rules set."

4. Connect and Use the SOCKS5 Proxy

A. Get your Host's Public IP:

curl ifconfig.me

Let's assume your host's public IP is YOUR_HOST_PUBLIC_IP (e.g., 13.218.209.184).

B. Establish an SSH Tunnel (SOCKS5 Proxy) on your Local Machine:

Open a terminal on your local machine (the one you want to route traffic from) and run the following command. Make sure you are in the directory where tunneluser_key is located.

ssh -i ssh-config/tunneluser_key -N -D 1080 tunneluser@YOUR_HOST_PUBLIC_IP -p 2222
  • -i ssh-config/tunneluser_key: Specifies the private key for authentication.
  • -N: Do not execute a remote command (just forward ports).
  • -D 1080: Creates a dynamic SOCKS5 proxy on your local machine at port 1080.
  • tunneluser@YOUR_HOST_PUBLIC_IP: Connects to the SSH server on your Docker host as tunneluser.
  • -p 2222: Specifies the SSH port on your Docker host.

Keep this terminal window open; the SSH tunnel will remain active as long as this command is running.

C. Configure Your Applications/System to Use the SOCKS5 Proxy:

Now, configure your applications (e.g., web browser, chat client) or your system's network settings to use a SOCKS5 proxy at localhost:1080.

  • Proxy Type: SOCKS5
  • Proxy Host/Address: 127.0.0.1 or localhost
  • Proxy Port: 1080

Once configured, all traffic from those applications will be routed through the SSH tunnel to your Docker container, and then out to the internet via the Docker host's NAT.

Important Notes

  • Security: Running Docker containers in privileged mode and with NET_ADMIN/SYS_MODULE capabilities grants significant power. Ensure your host system is secure. The tunneluser_key is your private key; keep it secure and do not share it.
  • IP Forwarding: The Dockerfile and entrypoint.sh ensure IP forwarding is enabled and iptables rules are set up for NAT.
  • SOCKS5 vs. VPN: This setup provides a SOCKS5 proxy, which is application-layer. It's not a full VPN tunnel that routes all system traffic by default. You need to configure applications to use the proxy. For system-wide routing, you might need additional tools (e.g., proxychains on Linux/macOS) or system-level proxy settings.

This setup provides a flexible and relatively easy-to-manage NAT gateway using SSH and SOCKS5.