Skip to content
a Netfilter powered UDP proxy
Find file
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


udpproxy allows to proxy UDP flows using Netfilter queuing capabilities. This is not just an UDP relay: the destination does not need to be known in advance. First, flows to be proxied need to be selected with the help of iptables:

For example:

# iptables -I OUTPUT -p udp --dport 161 \
   --destination -j NFQUEUE --queue-num 10

Then, udpproxy is launched and will relay the packets sent to queue 10:

# udpproxy -e "ssh somehost ./udpproxy" -q 10

The remote udpproxy does not have to run as root. It only uses unpriviledged operations.

udpproxy does not handle fragmentation at all. If you use programs that sends large packets, you should create a dummy interface with a large MTU and route packets to this interface. udpproxy will then receives the packets unfragmented and forward them to the remote proxy which will relies on operating system to handle fragmentation.


You can get udpproxy from the git repository:

$ git clone git://

udpproxy uses autotools. So, you should get ready with:

$ autoreconf -i
$ ./configure
$ make
$ sudo make install

You need libevent and libnetfilter_queue. If you don't have the latest one, only client-side operations will be allowed.


You can get help with:

$ udpproxy -h

A simple invocation will start udpproxy stating the command to invoke the remote udpproxy with -e switch and selecting the right Netfilter queue with -q switch:

$ udpproxy -e "ssh somehost ./udpproxy" -q 10

On server-side, udpproxy needs root privileges. However, the remote one does not need to and usually, you want to run ssh command as an unprivileged user. You can use -u and -g switches for this:

# udpproxy -u 1000 -g 100 -e "ssh somehost ./udpproxy" -q 10

Or, with the help of the shell:

$ sudo udpproxy -u $(id -u) -g $(id -g) -e "ssh somehost ./udpproxy" -q 10
Something went wrong with that request. Please try again.