# Docker-based SSH/SOCKS5 NAT Gateway This project sets up a Docker-based NAT Gateway using SSH Tunneling and a SOCKS5 proxy on Ubuntu 22.04. It allows you to route traffic from connected clients through the SOCKS5 proxy, which then uses the Docker host's internet connection with NAT. ## Project Structure ``` project-root/ ├── Dockerfile ├── docker-compose.yml ├── entrypoint.sh ├── ssh-config/ # Contains SSH server configuration and authorized_keys │ ├── sshd_config │ ├── authorized_keys │ └── tunneluser_key # Private key for SSH tunneling (KEEP THIS SECURE!) │ └── tunneluser_key.pub # Public key for SSH tunneling └── socks5-config/ # Contains Dante SOCKS5 server configuration └── danted.conf ``` ## Setup Instructions ### Prerequisites - Docker installed on your Ubuntu 22.04 host. - `docker-compose` (version 1.29.2 or later) installed. - An SSH client on your local machine (e.g., OpenSSH client). ### 1. Clone the Repository (or create files manually) If you receive a zip file, extract it. Otherwise, create the `project-root` directory and the files as structured above. ### 2. Build and Run the Docker Container Navigate to the `project-root` directory in your terminal and run: ```bash sudo docker-compose up --build -d ``` This command will: - Build the Docker image (`ssh-socks-nat-gateway`). - Start the `nat-gateway` service in detached mode (`-d`). - Map host port `2222` to container SSH port `22`. - Map host port `1080` to container SOCKS5 port `1080`. - Mount the `ssh-config` and `socks5-config` directories into the container. - Run the container with `NET_ADMIN` and `SYS_MODULE` capabilities and in privileged mode for network manipulation. ### 3. Verify the Setup 1. **Check Docker Container Status:** ```bash sudo docker ps ``` You should see `nat-gateway` running. 2. **Check Container Logs:** ```bash sudo docker logs nat-gateway ``` Look for messages indicating: - "Detected public IP: YOUR_HOST_PUBLIC_IP" (the IP of your host machine) - "SSH server started." - "Dante SOCKS5 server started." - "iptables NAT rules set." ### 4. Connect and Use the SOCKS5 Proxy **A. Get your Host's Public IP:** ```bash curl ifconfig.me ``` Let's assume your host's public IP is `YOUR_HOST_PUBLIC_IP` (e.g., `13.218.209.184`). **B. Establish an SSH Tunnel (SOCKS5 Proxy) on your Local Machine:** Open a terminal on your local machine (the one you want to route traffic from) and run the following command. Make sure you are in the directory where `tunneluser_key` is located. ```bash ssh -i ssh-config/tunneluser_key -N -D 1080 tunneluser@YOUR_HOST_PUBLIC_IP -p 2222 ``` - `-i ssh-config/tunneluser_key`: Specifies the private key for authentication. - `-N`: Do not execute a remote command (just forward ports). - `-D 1080`: Creates a dynamic SOCKS5 proxy on your local machine at port `1080`. - `tunneluser@YOUR_HOST_PUBLIC_IP`: Connects to the SSH server on your Docker host as `tunneluser`. - `-p 2222`: Specifies the SSH port on your Docker host. Keep this terminal window open; the SSH tunnel will remain active as long as this command is running. **C. Configure Your Applications/System to Use the SOCKS5 Proxy:** Now, configure your applications (e.g., web browser, chat client) or your system's network settings to use a SOCKS5 proxy at `localhost:1080`. - **Proxy Type:** SOCKS5 - **Proxy Host/Address:** `127.0.0.1` or `localhost` - **Proxy Port:** `1080` Once configured, all traffic from those applications will be routed through the SSH tunnel to your Docker container, and then out to the internet via the Docker host's NAT. ## Important Notes - **Security:** Running Docker containers in `privileged` mode and with `NET_ADMIN`/`SYS_MODULE` capabilities grants significant power. Ensure your host system is secure. The `tunneluser_key` is your private key; **keep it secure and do not share it.** - **IP Forwarding:** The `Dockerfile` and `entrypoint.sh` ensure IP forwarding is enabled and iptables rules are set up for NAT. - **SOCKS5 vs. VPN:** This setup provides a SOCKS5 proxy, which is application-layer. It's not a full VPN tunnel that routes all system traffic by default. You need to configure applications to use the proxy. For system-wide routing, you might need additional tools (e.g., `proxychains` on Linux/macOS) or system-level proxy settings. This setup provides a flexible and relatively easy-to-manage NAT gateway using SSH and SOCKS5.