| # Docker-based SSH/SOCKS5 NAT Gateway | |
| This project sets up a Docker-based NAT Gateway using SSH Tunneling and a SOCKS5 proxy on Ubuntu 22.04. It allows you to route traffic from connected clients through the SOCKS5 proxy, which then uses the Docker host's internet connection with NAT. | |
| ## Project Structure | |
| ``` | |
| project-root/ | |
| βββ Dockerfile | |
| βββ docker-compose.yml | |
| βββ entrypoint.sh | |
| βββ ssh-config/ # Contains SSH server configuration and authorized_keys | |
| β βββ sshd_config | |
| β βββ authorized_keys | |
| β βββ tunneluser_key # Private key for SSH tunneling (KEEP THIS SECURE!) | |
| β βββ tunneluser_key.pub # Public key for SSH tunneling | |
| βββ socks5-config/ # Contains Dante SOCKS5 server configuration | |
| βββ danted.conf | |
| ``` | |
| ## Setup Instructions | |
| ### Prerequisites | |
| - Docker installed on your Ubuntu 22.04 host. | |
| - `docker-compose` (version 1.29.2 or later) installed. | |
| - An SSH client on your local machine (e.g., OpenSSH client). | |
| ### 1. Clone the Repository (or create files manually) | |
| If you receive a zip file, extract it. Otherwise, create the `project-root` directory and the files as structured above. | |
| ### 2. Build and Run the Docker Container | |
| Navigate to the `project-root` directory in your terminal and run: | |
| ```bash | |
| sudo docker-compose up --build -d | |
| ``` | |
| This command will: | |
| - Build the Docker image (`ssh-socks-nat-gateway`). | |
| - Start the `nat-gateway` service in detached mode (`-d`). | |
| - Map host port `2222` to container SSH port `22`. | |
| - Map host port `1080` to container SOCKS5 port `1080`. | |
| - Mount the `ssh-config` and `socks5-config` directories into the container. | |
| - Run the container with `NET_ADMIN` and `SYS_MODULE` capabilities and in privileged mode for network manipulation. | |
| ### 3. Verify the Setup | |
| 1. **Check Docker Container Status:** | |
| ```bash | |
| sudo docker ps | |
| ``` | |
| You should see `nat-gateway` running. | |
| 2. **Check Container Logs:** | |
| ```bash | |
| sudo docker logs nat-gateway | |
| ``` | |
| Look for messages indicating: | |
| - "Detected public IP: YOUR_HOST_PUBLIC_IP" (the IP of your host machine) | |
| - "SSH server started." | |
| - "Dante SOCKS5 server started." | |
| - "iptables NAT rules set." | |
| ### 4. Connect and Use the SOCKS5 Proxy | |
| **A. Get your Host's Public IP:** | |
| ```bash | |
| curl ifconfig.me | |
| ``` | |
| Let's assume your host's public IP is `YOUR_HOST_PUBLIC_IP` (e.g., `13.218.209.184`). | |
| **B. Establish an SSH Tunnel (SOCKS5 Proxy) on your Local Machine:** | |
| Open a terminal on your local machine (the one you want to route traffic from) and run the following command. Make sure you are in the directory where `tunneluser_key` is located. | |
| ```bash | |
| ssh -i ssh-config/tunneluser_key -N -D 1080 tunneluser@YOUR_HOST_PUBLIC_IP -p 2222 | |
| ``` | |
| - `-i ssh-config/tunneluser_key`: Specifies the private key for authentication. | |
| - `-N`: Do not execute a remote command (just forward ports). | |
| - `-D 1080`: Creates a dynamic SOCKS5 proxy on your local machine at port `1080`. | |
| - `tunneluser@YOUR_HOST_PUBLIC_IP`: Connects to the SSH server on your Docker host as `tunneluser`. | |
| - `-p 2222`: Specifies the SSH port on your Docker host. | |
| Keep this terminal window open; the SSH tunnel will remain active as long as this command is running. | |
| **C. Configure Your Applications/System to Use the SOCKS5 Proxy:** | |
| Now, configure your applications (e.g., web browser, chat client) or your system's network settings to use a SOCKS5 proxy at `localhost:1080`. | |
| - **Proxy Type:** SOCKS5 | |
| - **Proxy Host/Address:** `127.0.0.1` or `localhost` | |
| - **Proxy Port:** `1080` | |
| Once configured, all traffic from those applications will be routed through the SSH tunnel to your Docker container, and then out to the internet via the Docker host's NAT. | |
| ## Important Notes | |
| - **Security:** Running Docker containers in `privileged` mode and with `NET_ADMIN`/`SYS_MODULE` capabilities grants significant power. Ensure your host system is secure. The `tunneluser_key` is your private key; **keep it secure and do not share it.** | |
| - **IP Forwarding:** The `Dockerfile` and `entrypoint.sh` ensure IP forwarding is enabled and iptables rules are set up for NAT. | |
| - **SOCKS5 vs. VPN:** This setup provides a SOCKS5 proxy, which is application-layer. It's not a full VPN tunnel that routes all system traffic by default. You need to configure applications to use the proxy. For system-wide routing, you might need additional tools (e.g., `proxychains` on Linux/macOS) or system-level proxy settings. | |
| This setup provides a flexible and relatively easy-to-manage NAT gateway using SSH and SOCKS5. | |