Mac OS X El Capitan (10.11.1): requests are not forwarded through a proxy

[valmol]

Hello,

A tunnel via ssh -NC XXXX@XXXX -L 9999:10.150.135.166:1526 works just fine.

When I run sshuttle my requests to 10.150.135.166 are not forwarded.
This is how I run it:

toyota$ sshuttle -r XXXX@XXXXX XX.XXXX.135.166 -N  -vv
Starting sshuttle proxy.
[local sudo] Password: 
firewall manager: Starting firewall with Python version 2.7.10
firewall manager: ready method name pf.
UDP enabled: False
Binding redirector: 12300
TCP redirector listening on ('127.0.0.1', 12300).
TCP redirector listening with <socket._socketobject object at 0x10c2d7980>.
Starting client with Python version 2.7.10
c : connecting to server...
c : executing: ['ssh', 'XXXX@XXXXXX', '--', 'P=python3.5; $P -V 2>/dev/null || P=python; exec "$P" -c \'import sys; verbosity=2; exec(compile(sys.stdin.read(890), "assembler.py", "exec"))\'']
XXXXX@XXXXXX.net's password: 
c :  > channel=0 cmd=PING len=7 (fullness=0)
server: assembling 'sshuttle' (8 bytes)
server: assembling 'sshuttle.cmdline_options' (27 bytes)
server: assembling 'sshuttle.helpers' (765 bytes)
server: assembling 'sshuttle.ssnet' (5506 bytes)
server: assembling 'sshuttle.hostwatch' (2307 bytes)
server: assembling 'sshuttle.server' (3047 bytes)
Starting server with Python version 2.6.6
 s: latency control setting = True
 s: available routes:
 s:   2/146.213.0.128/27
 s:   2/169.254.0.0/16
 s:  > channel=0 cmd=PING len=7 (fullness=0)
c : Connected.
 s:  > channel=0 cmd=ROUTES len=36 (fullness=7)
c : Waiting: 2 r=[8, 9] w=[9] x=[] (fullness=7/0)
c :   Ready: 2 r=[] w=[9] x=[]
c : mux wrote: 15/15
c : Waiting: 2 r=[8, 9] w=[] x=[] (fullness=7/0)
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=43/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=43/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 44/44
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=43/0)
c :   Ready: 2 r=[9] w=[] x=[]
c : <  channel=0 cmd=PING len=7
c :  > channel=0 cmd=PONG len=7 (fullness=7)
c : <  channel=0 cmd=ROUTES len=36
firewall manager: Got subnets: [(2, 32, False, '10.150.135.166'), (2, 27, False, '146.213.0.128'), (2, 16, False, '169.254.0.0'), (2, 8, True, '127.0.0.0')]
firewall manager: Got nslist: []
firewall manager: Got ports: 0,12300,0,0
firewall manager: Got udp: False
firewall manager: setting up.
firewall manager: setting up IPv4.
>> pfctl -s all
>> pfctl -a sshuttle -f /dev/stdin
>> pfctl -E
 s:   Ready: 1 r=[4] w=[] x=[]
 s: <  channel=0 cmd=PING len=7
 s:  > channel=0 cmd=PONG len=7 (fullness=43)
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=50/0)
c : mux wrote: 15/15
c : <  channel=0 cmd=PONG len=7
c : received PING response
c : Waiting: 2 r=[8, 9] w=[] x=[] (fullness=0/0)
 s:   Ready: 1 r=[4] w=[] x=[]
 s: <  channel=0 cmd=PONG len=7
 s: received PING response
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=0/0)

What can be an issue? NO errors reported.

[vieira]

Hello,

I tried to reproduce the problem on OSX10.11.2 (python 2.7.10 client; python 2.6.8 server) but was unable to. Is it happening with other servers?

While I was testing this I noticed that sshuttle is not properly cleaning up the ruleset on exit. I don't think that it is the cause of your issue but maybe you can try restarting your machine and see if the problem persists. You can also try with pr #37 although I am unsure if the problem you are experiencing is fixed there.

[valmol]

Just updated to 10.11.2. Restarted.
Proxy still does not work. It is happening with other servers too.

[vieira]

What kind of traffic? HTTP?

On 12 Dec 2015, at 19:31, Valeriy Molyakov notifications@github.com wrote:

Just updated to 10.1.2. Restarted.
Proxy still does not work. It is happening with other servers too.

—
Reply to this email directly or view it on GitHub.

[valmol]

i use sshuttle to connect to remote servers via ssh, connect to http servers, database servers etc.
all traffic to certain subnets shall be forwarded via a tunnel.
I have tried PR #37 - does not help.

[brianmay]

Sounds very similar to #35 to me. Don't know what is going wrong, sorry. I note that the pf method doesn't log the pf rules being configured, maybe we should change that.

[valmol]

Rules:

toyota:sshuttle vmolyakov$  sudo pfctl -a sshuttle -s rules
No ALTQ support in kernel
ALTQ related functions disabled
pass out route-to lo0 inet proto tcp from any to <forward_subnets> flags S/SA keep state

I also do not see anything in pf log

toyota:sshuttle vmolyakov$ sudo tcpdump -n -e -ttt -i pflog0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 262144 bytes
00:00:00.000000 rule 4294967295/8(ip-option): pass in on en0: 192.168.1.1 > 224.0.0.1: igmp query v2

no "pass out" entries when I tried to connect to external servers. It means that pf rules are not applied for some reason.

[ethus3h]

(I reported #35)
Yeah, I'm using 10.11.1; I'll test again when I get around to updating to 10.11.2 and let you know if that fixes it. Thanks!

[ethus3h]

(Oh also feel free to close #35 as a duplicate if you want; I think it might be the same issue as here)

[brianmay]

What @molyakov posted doesn't list all the rules we setup. For example, the definition of <forward_subnets> is not given.

The latest version in git should output all of that in its debug output now.

[valmol]

I have run latest version from repository:

vmolyakov:sshuttle vmolyakov$ sshuttle -r XXXX@XXXXX  XXXX.216.10 -N  -vv
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 2.7.10
firewall manager: ready method name pf.
UDP enabled: False
Binding redirector: 12300
TCP redirector listening on ('127.0.0.1', 12300).
TCP redirector listening with <socket._socketobject object at 0x110454980>.
Starting client with Python version 2.7.10
c : connecting to server...
c : executing: ['ssh', 'XXXX@XXXXXX', '--', 'P=python3.5; $P -V 2>/dev/null || P=python; exec "$P" -c \'import sys; verbosity=2; exec(compile(sys.stdin.read(890), "assembler.py", "exec"))\'']

########################################################
#                                                      #
# This system is for the use of authorized users only. #
#                                                      #
########################################################

Password: 
c :  > channel=0 cmd=PING len=7 (fullness=0)
server: assembling 'sshuttle' (8 bytes)
server: assembling 'sshuttle.cmdline_options' (27 bytes)
server: assembling 'sshuttle.helpers' (765 bytes)
server: assembling 'sshuttle.ssnet' (5506 bytes)
server: assembling 'sshuttle.hostwatch' (2307 bytes)
server: assembling 'sshuttle.server' (3047 bytes)
Starting server with Python version 2.6.6
 s: latency control setting = True
 s: available routes:
 s:   2/10.XXX.136.64/27
 s:   2/146.XXX.128.128/27
 s:   2/XXX.XXX.140.0/26
 s:   2/XXX.254.0.0/16
 s:   2/XXX.254.0.0/16
 s:  > channel=0 cmd=PING len=7 (fullness=0)
 s:  > channel=0 cmd=ROUTES len=93 (fullness=7)
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=100/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=100/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 101/101
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=100/0)
c : Connected.
c : Waiting: 2 r=[8, 9] w=[9] x=[] (fullness=7/0)
c :   Ready: 2 r=[9] w=[9] x=[]
c : <  channel=0 cmd=PING len=7
c :  > channel=0 cmd=PONG len=7 (fullness=7)
c : <  channel=0 cmd=ROUTES len=93
firewall manager: Got subnets: [(2, 32, False, '10.150.135.166'), (2, 32, False, '139.114.216.10'), (2, 27, False, '10.158.136.64'), (2, 27, False, '146.213.128.128'), (2, 26, False, '153.110.140.0'), (2, 16, False, '169.254.0.0'), (2, 16, False, '169.254.0.0'), (2, 8, True, '127.0.0.0')]
firewall manager: Got nslist: []
firewall manager: Got ports: 0,12300,0,0
firewall manager: Got udp: False
firewall manager: setting up.
firewall manager: setting up IPv4.
>> pfctl -s all
>> pfctl -a sshuttle -f /dev/stdin
>> pfctl -E
c : mux wrote: 15/15
c : mux wrote: 15/15
c : Waiting: 2 r=[8, 9] w=[] x=[] (fullness=14/0)
 s:   Ready: 1 r=[4] w=[] x=[]
 s: <  channel=0 cmd=PING len=7
 s:  > channel=0 cmd=PONG len=7 (fullness=100)
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=107/0)
c :   Ready: 2 r=[9] w=[] x=[]
c : <  channel=0 cmd=PONG len=7
c : received PING response
c : Waiting: 2 r=[8, 9] w=[] x=[] (fullness=0/0)
 s:   Ready: 1 r=[4] w=[] x=[]
 s: <  channel=0 cmd=PONG len=7
 s: received PING response
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=0/0)

[brianmay]

You need to use -vvv not just -vv to get the rules displayed.

[valmol]

Output with pf rules:

vmolyakov:sshuttle vmolyakov$ sshuttle -r XXXX@XXXXXXX 10.150.135.166 139.114.216.10 -N  -vvv
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 2.7.10
firewall manager: ready method name pf.
UDP enabled: False
Binding redirector: 12300
TCP redirector listening on ('127.0.0.1', 12300).
TCP redirector listening with <socket._socketobject object at 0x1087988a0>.
Starting client with Python version 2.7.10
c : connecting to server...
c : executing: ['ssh', 'XXXX@XXXXX', '--', 'P=python3.5; $P -V 2>/dev/null || P=python; exec "$P" -c \'import sys; verbosity=3; exec(compile(sys.stdin.read(890), "assembler.py", "exec"))\'']
et4818@ssh.cosng.net's password: 
c :  > channel=0 cmd=PING len=7 (fullness=0)
server: assembling 'sshuttle' (8 bytes)
server: assembling 'sshuttle.cmdline_options' (27 bytes)
server: assembling 'sshuttle.helpers' (864 bytes)
server: assembling 'sshuttle.ssnet' (5500 bytes)
server: assembling 'sshuttle.hostwatch' (2308 bytes)
server: assembling 'sshuttle.server' (3048 bytes)
Starting server with Python version 2.6.6
 s: latency control setting = True
 s: available routes:
 s:   2/146.213.0.128/27
 s:   2/169.254.0.0/16
 s:  > channel=0 cmd=PING len=7 (fullness=0)
 s:  > channel=0 cmd=ROUTES len=36 (fullness=7)
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=43/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=43/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 44/44
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=43/0)
c : Connected.
c : Waiting: 2 r=[8, 9] w=[9] x=[] (fullness=7/0)
c :   Ready: 2 r=[9] w=[9] x=[]
c : <  channel=0 cmd=PING len=7
c :  > channel=0 cmd=PONG len=7 (fullness=7)
c : <  channel=0 cmd=ROUTES len=36
firewall manager: Got subnets: [(2, 32, False, '10.150.135.166'), (2, 32, False, '139.114.216.10'), (2, 27, False, '146.213.0.128'), (2, 16, False, '169.254.0.0'), (2, 8, True, '127.0.0.0')]
firewall manager: Got nslist: []
firewall manager: Got ports: 0,12300,0,0
firewall manager: Got udp: False
firewall manager: setting up.
firewall manager: setting up IPv4.
rules:
---> table <forward_subnets> {10.150.135.166/32,139.114.216.10/32,146.213.0.128/27,169.254.0.0/16,!127.0.0.0/8}
---> rdr pass on lo0 proto tcp to <forward_subnets> -> 127.0.0.1 port 12300
---> pass out route-to lo0 inet proto tcp to <forward_subnets> keep state
>> pfctl -s all
>> pfctl -a sshuttle -f /dev/stdin
>> pfctl -E
c : mux wrote: 15/15
c : mux wrote: 15/15
c : Waiting: 2 r=[8, 9] w=[] x=[] (fullness=14/0)
 s:   Ready: 1 r=[4] w=[] x=[]
 s: <  channel=0 cmd=PING len=7
 s:  > channel=0 cmd=PONG len=7 (fullness=43)
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=50/0)
 s:   Ready: 1 r=[4] w=[] x=[]
 s: <  channel=0 cmd=PONG len=7
 s: received PING response
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=0/0)
c :   Ready: 2 r=[9] w=[] x=[]
c : <  channel=0 cmd=PONG len=7
c : received PING response
c : Waiting: 2 r=[8, 9] w=[] x=[] (fullness=0/0)

``

[valmol]

Just updated my previous comments by new debug output (after correct update of sources and re-install a tool)

[John-K]

I'm running into the same issue:

sshuttle --python python2  -x 10.0.0.0/8 -r stealthy.ninja 0/0 -vvv
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 2.7.10
firewall manager: ready method name pf.
IPv6 enabled: False
UDP enabled: False
DNS enabled: False
Binding redirector: 12300
TCP redirector listening on ('127.0.0.1', 12300).
TCP redirector listening with <socket._socketobject object at 0x104ca12f0>.
Starting client with Python version 2.7.10
c : connecting to server...
c : executing: ['ssh', 'stealthy.ninja', '--', '\'python2\' -c \'import sys; verbosity=3; stdin=getattr(sys.stdin,"buffer",sys.stdin); exec(compile(stdin.read(915), "assembler.py", "exec"))\'']
Warning: Permanently added the ECDSA host key for IP address '192.241.233.215' to the list of known hosts.
c :  > channel=0 cmd=PING len=7 (fullness=0)
server: assembling u'sshuttle' (8 bytes)
server: assembling u'sshuttle.cmdline_options' (27 bytes)
server: assembling u'sshuttle.helpers' (864 bytes)
server: assembling u'sshuttle.ssnet' (5500 bytes)
server: assembling u'sshuttle.hostwatch' (2334 bytes)
server: assembling u'sshuttle.server' (3089 bytes)
Starting server with Python version 2.7.11
 s: latency control setting = True
 s: available routes:
 s:   2/192.241.233.0/24
 s:  > channel=0 cmd=PING len=7 (fullness=0)
 s:  > channel=0 cmd=ROUTES len=19 (fullness=7)
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=26/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=26/0)
 s:   Ready: 1 r=[] w=[5] x=[]
c : Connected.
c : Waiting: 2 r=[7, 8] w=[8] x=[] (fullness=7/0)
c :   Ready: 2 r=[8] w=[8] x=[]
c : <  channel=0 cmd=PING len=7
c :  > channel=0 cmd=PONG len=7 (fullness=7)
c : mux wrote: 15/15
c : mux wrote: 15/15
c : Waiting: 2 r=[7, 8] w=[] x=[] (fullness=14/0)
 s: mux wrote: 27/27
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=26/0)
c :   Ready: 2 r=[8] w=[] x=[]
c : <  channel=0 cmd=ROUTES len=19
firewall manager: Got subnets: [(2, 0, False, '0.0.0.0'), (2, 8, True, '127.0.0.0'), (2, 8, True, '10.0.0.0')]
firewall manager: Got nslist: []
firewall manager: Got ports: 0,12300,0,0
firewall manager: Got udp: False
firewall manager: setting up.
firewall manager: setting up IPv4.
rules:
---> table <forward_subnets> {!127.0.0.0/8,!10.0.0.0/8,0.0.0.0/0}
---> rdr pass on lo0 proto tcp to <forward_subnets> -> 127.0.0.1 port 12300
---> pass out route-to lo0 inet proto tcp to <forward_subnets> keep state
>> pfctl -s all
>> pfctl -a sshuttle -f /dev/stdin
 s:   Ready: 1 r=[4] w=[] x=[]
 s: <  channel=0 cmd=PING len=7
 s:  > channel=0 cmd=PONG len=7 (fullness=26)
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=33/0)
 s:   Ready: 1 r=[4] w=[] x=[]
 s: <  channel=0 cmd=PONG len=7
 s: received PING response
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=0/0)
>> pfctl -E
c : <  channel=0 cmd=PONG len=7
c : received PING response
c : Waiting: 2 r=[7, 8] w=[] x=[] (fullness=0/0)

[vieira]

Could you give me any hints to reproduce this? I tried to reproduce this problem a few times but never managed to. Do you have some other rules on your pf? Have you ever enabled or configured your OSX firewall?

[John-K]

I don't have any pf rules that I know of. Firewall is currently off but was certainly enabled at some point in the past.

[achempion]

Have the same issue. It arised after switching to other PPPoE connection.

[achempion]

Ok, I know what cause this issue. You need run pfctl -F all to flush all port forwarding rules. After that all works fine.

[John-K]

I'll give this a shot and see if it resolves my issues as well

On Tuesday, February 16, 2016, Boris Kuznetsov notifications@github.com
wrote:

Ok, I know what cause this issue. You need run pfctl -F all to flush all
port forwarding rules. After that all works fine.

—
Reply to this email directly or view it on GitHub
#43 (comment).

[thshdw]

@achempion @John-K I'm using an older build with 10.11.3 https://github.com/sshuttle/sshuttle/tree/57d1cb1e119ac3a575fe25c3b73a2be2cfb92211

I can ssh to sites using reverse tunnels with no issues and when I exit the terminal I see the following

^CKilled by signal 2.
firewall manager: undoing changes.
>> pfctl -a sshuttle -F all
>> pfctl -X 11054111950947285861
c : 
c : Keyboard interrupt: exiting.

[vieira]

What rules were there before flushing? Are there any steps I can follow to reproduce getting those rules appended and sshuttle not working?

Thanks!

On 16 Feb 2016, at 21:27, Boris Kuznetsov notifications@github.com wrote:

Ok, I know what cause this issue. You need run pfctl -F all to flush all port forwarding rules. After that all works fine.

—
Reply to this email directly or view it on GitHub.

[achempion]

@vieira Rules gone :) I think you need try to change network and NetBIOS name (System Preferences > Sharing > Computer name > Edit). That what I did to get this issue, I think.

[havvg]

I'm encountering the same issue when running both commands. (OS X 10.11.3, sshuttle 0.75). Both commands are unable to connect to the hosts on the destination network (destination network is a Cisco IPSec VPN).

 sshuttle -r overmind 172.16.0.0/12 -vv
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 2.7.10
firewall manager: ready method name pf.
IPv6 enabled: False
UDP enabled: False
DNS enabled: False
Binding redirector: 12300
TCP redirector listening on ('127.0.0.1', 12300).
TCP redirector listening with <socket._socketobject object at 0x10d9b7590>.
Starting client with Python version 2.7.10
c : connecting to server...
c : executing: ['ssh', 'overmind', '--', 'P=python3.5; $P -V 2>/dev/null || P=python; exec "$P" -c \'import sys; verbosity=2; stdin=getattr(sys.stdin,"buffer",sys.stdin); exec(compile(stdin.read(915), "assembler.py", "exec"))\'']
c :  > channel=0 cmd=PING len=7 (fullness=0)
server: assembling u'sshuttle' (8 bytes)
server: assembling u'sshuttle.cmdline_options' (27 bytes)
server: assembling u'sshuttle.helpers' (864 bytes)
server: assembling u'sshuttle.ssnet' (5500 bytes)
server: assembling u'sshuttle.hostwatch' (2334 bytes)
server: assembling u'sshuttle.server' (3089 bytes)
Starting server with Python version 2.6.6
 s: latency control setting = True
 s: available routes:
 s:   2/10.210.0.0/24
 s:   2/172.30.63.0/24
 s:   2/169.254.0.0/16
 s:  > channel=0 cmd=PING len=7 (fullness=0)
 s:  > channel=0 cmd=ROUTES len=50 (fullness=7)
c : Connected.
c : Waiting: 2 r=[8, 9] w=[9] x=[] (fullness=7/0)
c :   Ready: 2 r=[] w=[9] x=[]
c : mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=57/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 15/15
c : <  channel=0 cmd=PING len=7
c :  > channel=0 cmd=PONG len=7 (fullness=7)
c : mux wrote: 15/15
c : Waiting: 2 r=[8, 9] w=[] x=[] (fullness=14/0)
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=57/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 58/58
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=57/0)
c :   Ready: 2 r=[9] w=[] x=[]
c : <  channel=0 cmd=ROUTES len=50
firewall manager: Got subnets: [(2, 12, False, '172.16.0.0'), (2, 8, True, '127.0.0.0')]
firewall manager: Got nslist: []
firewall manager: Got ports: 0,12300,0,0
firewall manager: Got udp: False
firewall manager: setting up.
firewall manager: setting up IPv4.
>> pfctl -s all
>> pfctl -a sshuttle -f /dev/stdin
 s:   Ready: 1 r=[4] w=[] x=[]
 s: <  channel=0 cmd=PING len=7
 s:  > channel=0 cmd=PONG len=7 (fullness=57)
 s: <  channel=0 cmd=PONG len=7
 s: received PING response
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=0/0)
>> pfctl -E
c : <  channel=0 cmd=PONG len=7
c : received PING response
c : Waiting: 2 r=[8, 9] w=[] x=[] (fullness=0/0)
^Cfirewall manager: undoing changes.
Killed by signal 2.
firewall manager: undoing IPv4 changes.
>> pfctl -a sshuttle -F all
>> pfctl -X 6695040540956425419
firewall manager: undoing /etc/hosts changes.
c :
c : Keyboard interrupt: exiting.

 sshuttle -x 0.0.0.0/8 -x 127.0.0.0/8 -x 169.254.0.0/16 -x 192.0.0.0/24 -r overmind 0/0 -vv
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 2.7.10
firewall manager: ready method name pf.
IPv6 enabled: False
UDP enabled: False
DNS enabled: False
Binding redirector: 12300
TCP redirector listening on ('127.0.0.1', 12300).
TCP redirector listening with <socket._socketobject object at 0x10ded7590>.
Starting client with Python version 2.7.10
c : connecting to server...
c : executing: ['ssh', 'overmind', '--', 'P=python3.5; $P -V 2>/dev/null || P=python; exec "$P" -c \'import sys; verbosity=2; stdin=getattr(sys.stdin,"buffer",sys.stdin); exec(compile(stdin.read(915), "assembler.py", "exec"))\'']
c :  > channel=0 cmd=PING len=7 (fullness=0)
server: assembling u'sshuttle' (8 bytes)
server: assembling u'sshuttle.cmdline_options' (27 bytes)
server: assembling u'sshuttle.helpers' (864 bytes)
server: assembling u'sshuttle.ssnet' (5500 bytes)
server: assembling u'sshuttle.hostwatch' (2334 bytes)
server: assembling u'sshuttle.server' (3089 bytes)
Starting server with Python version 2.6.6
 s: latency control setting = True
 s: available routes:
 s:   2/10.210.0.0/24
 s:   2/172.30.63.0/24
 s:   2/169.254.0.0/16
c : Connected.
c : Waiting: 2 r=[8, 9] w=[9] x=[] (fullness=7/0)
 s:  > channel=0 cmd=PING len=7 (fullness=0)
 s:  > channel=0 cmd=ROUTES len=50 (fullness=7)
c :   Ready: 2 r=[] w=[9] x=[]
c : mux wrote: 15/15
c : Waiting: 2 r=[8, 9] w=[] x=[] (fullness=7/0)
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=57/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 15/15
c :   Ready: 2 r=[9] w=[] x=[]
c : <  channel=0 cmd=PING len=7
c :  > channel=0 cmd=PONG len=7 (fullness=7)
c : mux wrote: 15/15
c : Waiting: 2 r=[8, 9] w=[] x=[] (fullness=14/0)
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=57/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 58/58
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=57/0)
c :   Ready: 2 r=[9] w=[] x=[]
c : <  channel=0 cmd=ROUTES len=50
firewall manager: Got subnets: [(2, 0, False, '0.0.0.0'), (2, 8, True, '127.0.0.0'), (2, 8, True, '0.0.0.0'), (2, 8, True, '127.0.0.0'), (2, 16, True, '169.254.0.0'), (2, 24, True, '192.0.0.0')]
firewall manager: Got nslist: []
firewall manager: Got ports: 0,12300,0,0
firewall manager: Got udp: False
firewall manager: setting up.
firewall manager: setting up IPv4.
>> pfctl -s all
>> pfctl -a sshuttle -f /dev/stdin
>> pfctl -E
 s:   Ready: 1 r=[4] w=[] x=[]
 s: <  channel=0 cmd=PING len=7
 s:  > channel=0 cmd=PONG len=7 (fullness=57)
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=64/0)
 s:   Ready: 1 r=[4] w=[] x=[]
 s: <  channel=0 cmd=PONG len=7
 s: received PING response
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=0/0)
c : <  channel=0 cmd=PONG len=7
c : received PING response
c : Waiting: 2 r=[8, 9] w=[] x=[] (fullness=0/0)
^CKilled by signal 2.
firewall manager: undoing changes.
firewall manager: undoing IPv4 changes.
>> pfctl -a sshuttle -F all
>> pfctl -X 6695040540882176715
firewall manager: undoing /etc/hosts changes.
c :
c : Keyboard interrupt: exiting.

[vieira]

Could you guys please post the output of the following commands (while sshuttle is running)?
pfctl -s Interfaces -v # checking for skip on lo or lo0
pfctl -s rules # checking for any conflicting rules in the main ruleset
pfctl -a sshuttle -s rules # checking that all rules in the sshuttle anchor were set

[havvg]

@vieira I ran sshuttle -r overmind 172.16.0.0/12 -vv

 sudo pfctl -s Interfaces -v
No ALTQ support in kernel
ALTQ related functions disabled
ALL
awdl0
bridge0
bridge100
en0
en1
en2
en4
gif0
lo0 (skip)
p2p0
stf0
utun0
utun1
utun2
vboxnet0
vboxnet1
vboxnet2
vboxnet3
 sudo pfctl -s rules
No ALTQ support in kernel
ALTQ related functions disabled
scrub-anchor "com.apple/*" all fragment reassemble
scrub-anchor "com.apple.internet-sharing" all fragment reassemble
anchor "com.apple/*" all
anchor "com.apple.internet-sharing" all
anchor "sshuttle" all
 sudo pfctl -a sshuttle -s rules
No ALTQ support in kernel
ALTQ related functions disabled
pass out route-to lo0 inet proto tcp from any to <forward_subnets> flags S/SA keep state

[vieira]

@havvg Thanks a lot, that was helpful! I have some ideas now I will put to the test tomorrow.

[vieira]

@havvg I was able to reproduce the problem you reported. e84a8df should fix it. I am not sure if this is the same problem that other people reported. It would be very helpful if someone else could test.

[evanscottgray]

@vieira, I tested out the fix in e84a8df on the same version of OS X that @havvg was using with the lo0 (skip) issue and sshuttle works as intended now fwiw. Thanks for the fix!

[John-K]

This also fixes the issue for me. Great work!

On Tue, Mar 1, 2016 at 10:44 PM, Evan Gray notifications@github.com wrote:

@vieira https://github.com/vieira, I tested out the fix in e84a8df
e84a8df
on the same version of OS X that @havvg https://github.com/havvg was
using with the lo0 (skip) issue and sshuttle works as intended now fwiw.
Thanks for the fix!

—
Reply to this email directly or view it on GitHub
#43 (comment).

[brianmay]

Closing due to reports that change (which was merged) fixes this.

[havvg]

That was fast, @brianmay could you tag a new release so homebrew may update easily?

[brianmay]

@havvg Have released version 0.77. Looks like I stuffed up the upload to pypi (forgot to pass the --sign parameter) so I may have to release version 0.78 shortly to rectify this.

[havvg]

Indeed, there is no tarball available on pypi.

[brianmay]

pypi is now fixed.