Skip to content
This repository


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

a Netfilter powered UDP proxy

branch: master

Fetching latest commit…


Cannot retrieve the latest commit at this time

Octocat-spinner-32 man Add a manual page August 09, 2008
Octocat-spinner-32 src Complete usage with -u and -g switchs. January 12, 2010
Octocat-spinner-32 README is now Update May 28, 2011
Octocat-spinner-32 Rename README to April 30, 2011
Octocat-spinner-32 Prepare to release 0.2 October 18, 2012


udpproxy allows to proxy UDP flows using Netfilter queuing capabilities. This is not just an UDP relay: the destination does not need to be known in advance. First, flows to be proxied need to be selected with the help of iptables:

For example:

# iptables -A OUTPUT -p udp --dport 161 \
   --destination -j NFQUEUE --queue-num 10

Then, udpproxy is launched and will relay the packets sent to queue 10:

# udpproxy -e "ssh somehost ./udpproxy" -q 10

The remote udpproxy does not have to run as root. It only uses unpriviledged operations.

udpproxy does not handle fragmentation at all. If you use programs that sends large packets, you should create a dummy interface with a large MTU and route packets to this interface. udpproxy will then receives the packets unfragmented and forward them to the remote proxy which will relies on operating system to handle fragmentation.


You can get udpproxy from the git repository:

$ git clone git://

There is also a cgit interface where you can browse the sources or use github.

udpproxy uses autotools. So, you should get ready with:

$ ./configure
$ make
$ sudo make install

You need libevent and libnetfilter_queue. If you don't have the latest one, only client-side operations will be allowed.


You can get help with:

$ udpproxy -h

A simple invocation will start udpproxy stating the command to invoke the remote udpproxy with -e switch and selecting the right Netfilter queue with -q switch:

$ udpproxy -e "ssh somehost ./udpproxy" -q 10

On server-side, udpproxy needs root privileges. However, the remote one does not need to and usually, you want to run ssh command as an unprivileged user. You can use -u and -g switches for this:

# udpproxy -u 1000 -g 100 -e "ssh somehost ./udpproxy" -q 10

Or, with the help of the shell:

# udpproxy -u $(id -u) -g $(id -g) -e "ssh somehost ./udpproxy" -q 10

By default, udpproxy turns itself in the background after being launched. If you want to keep it in the foreground, use -d:

# udpproxy -d -u $(id -u) -g $(id -g) -e "ssh somehost ./udpproxy" -q 10
Something went wrong with that request. Please try again.