a Netfilter powered UDP proxy
Failed to load latest commit information.
man Add a manual page Aug 9, 2008
src build: fix warnings about implicit declarations Dec 2, 2015
Makefile.am README is now README.md. Update Makefile.am. May 28, 2011
configure.ac build: prefix notice and errors with stars Mar 5, 2015



udpproxy allows to proxy UDP flows using Netfilter queuing capabilities. This is not just an UDP relay: the destination does not need to be known in advance. First, flows to be proxied need to be selected with the help of iptables:

For example:

# iptables -I OUTPUT -p udp --dport 161 \
   --destination -j NFQUEUE --queue-num 10

Then, udpproxy is launched and will relay the packets sent to queue 10:

# udpproxy -e "ssh somehost ./udpproxy" -q 10

The remote udpproxy does not have to run as root. It only uses unpriviledged operations.

udpproxy does not handle fragmentation at all. If you use programs that sends large packets, you should create a dummy interface with a large MTU and route packets to this interface. udpproxy will then receives the packets unfragmented and forward them to the remote proxy which will relies on operating system to handle fragmentation.


You can get udpproxy from the git repository:

$ git clone git://git.luffy.cx/udpproxy.git

udpproxy uses autotools. So, you should get ready with:

$ autoreconf -i
$ ./configure
$ make
$ sudo make install

You need libevent and libnetfilter_queue. If you don't have the latest one, only client-side operations will be allowed.


You can get help with:

$ udpproxy -h

A simple invocation will start udpproxy stating the command to invoke the remote udpproxy with -e switch and selecting the right Netfilter queue with -q switch:

$ udpproxy -e "ssh somehost ./udpproxy" -q 10

On server-side, udpproxy needs root privileges. However, the remote one does not need to and usually, you want to run ssh command as an unprivileged user. You can use -u and -g switches for this:

# udpproxy -u 1000 -g 100 -e "ssh somehost ./udpproxy" -q 10

Or, with the help of the shell:

$ sudo udpproxy -u $(id -u) -g $(id -g) -e "ssh somehost ./udpproxy" -q 10