prayishtar

Revision 966, 3.9 kB (checked in by alpt, 2 years ago)
Initial revision
Property svn:eol-style set to `native` Property svn:executable set to ``* Property svn:keywords set to `Author Date Id Revision`

Line
1	#!/bin/sh
2	# Prayishtar
3	# http://freaknet.org/alpt/src/utils/prayishtar
4	#
5	# prayishtar: forwards all your Internet traffic over two secure SSH tunnels
6	# or in other words: How to reach the Internet anonymously from a
7	# hostile network
8	#
9	# Requirements
10	# You need two trusted SSH servers, one with a BIG BIG upload
11	# bandwidth and another normal one. We call the former `bigbwhost' and the
12	# latter `myhome'.
13	# You also need OpenSSH >= 4.3 on bost this localhost and on `myhome'
14	# Be sure also to have the support for /dev/tun, iptables and LARTC.
15	#
16	# This is what we do
17	# We forward all of our Internet traffic trough a SSH vpn created with
18	# `myhome' and we use `bigbwhost' as a SSH proxy for applications which require
19	# a big bandwidth (like browsers):
20	#
21	# All outgoing Internet traffic -> SSH VPN -> myhome -> INTERNET
22	#
23	# All outgoing http traffic -> SSH SOCKS proxy -> bigbwhost -> INTERNET
24	#
25	# TODO
26	# Use Tor to create the SSH connections
27	#
28	# Usage
29	# The first command:
30	# # prayishtar myhomehost bigbwhost bighostuser
31	# f.e.:
32	# # prayishtar home.dyndns.org mybigserver.org foo
33	#
34	# You can also configure directly this script and launch it with no arguments:
35	# # prayishtar
36	#
37	# 2)
38	# In the browser we set a localhost:8080 SOCKS proxy, then leave the rest
39	# untouched.
40	#
41	# 3) You are done! Cryptolized trough SSH juicy tunnels. Even you dns query
42	# will be in this way "<awpivn]3qaw0erv2oipa9ysrbvpq[][023-402v"
43	#
44	# 4) Enjoy ^_^
45	#
46	#
47	# PS: use "prayishtar stop" to clean the mess created by this script.
48	#
49	#
50	# AlpT (@freaknet.org)
51	#
52
53
54	########### CONFIGURE HERE ################
55	myhome=""
56	bigbwhost=""
57	bighostuser=""
58
59	tuniphome=10.0.0.2
60	tuniplocal=10.0.0.3
61	tunipnet="10.0.0.0/8"
62	########### CONFIGURE HERE ################
63
64
65	die()
66	{
67	echo "$@"
68	rm -f /tmp/prayishtar_default_gw
69	exit 1
70	}
71
72	if test "$1" = "clean" -o "$1" = "stop"
73	then
74	ip rule del lookup 213
75	iptables -D POSTROUTING -t nat -j MASQUERADE -o ! lo
76	iptables -D OUTPUT -t mangle -p tcp --dport 22 -j MARK --set-mark 0x71
77	ip route del $tunipnet dev tun2 proto kernel scope link src $tuniplocal
78	ip route del default
79	ip route del default table 213
80	ip route replace $(< /tmp/prayishtar_default_gw)
81	exit
82	fi
83
84	if ! test -z "$1"
85	then
86	myhome="$1"
87	fi
88
89	if ! test -z "$2"
90	then
91	bigbwhost="$2"
92	fi
93	if ! test -z "$3"
94	then
95	bighostuser="$3"
96	fi
97
98	if test $(id -u) != 0
99	then
100	echo "Root privileges needed."
101	echo "Get them."
102	exit 1
103	fi
104
105	echo "Using myhome=$myhome and bigbwhost=$bighostuser@$bigbwhost"
106	if test -z "$myhome" -o -z "$bigbwhost" -o -z "$bighostuser"
107	then
108	echo ""
109	echo "[!] Please configure this script ( \"$0\" )"
110	exit 1
111	fi
112
113	homeip=`host $myhome \| cut -d ' ' -f 4`
114	bigbwhostip=`host $bigbwhost \| cut -d ' ' -f 4`
115	myinsecuregw=`ip route \| grep default \| cut -d ' ' -f 3`
116
117	echo ""
118
119	echo "Opening ssh tunnel"
120	modprobe tun
121	remotecmd="modprobe tun; sleep 1; ifconfig tun2 $tuniphome"
122	remotecmd="$remotecmd; iptables -A POSTROUTING -t nat -j MASQUERADE -o ! lo"
123	remotecmd="$remotecmd; ip route replace $tunipnet dev tun2 proto kernel scope link src $tuniphome"
124	ssh -fnw 2:2 $myhome "$remotecmd" \|\| die "Could not set up the SSH vpn"
125	sleep 1
126	ifconfig tun2 $tuniplocal
127
128	echo "Setting routes"
129	ip route replace $tunipnet dev tun2 proto kernel scope link src $tuniplocal
130	ip route \| grep default \| line > /tmp/prayishtar_default_gw
131	ip route del default
132	ip route replace default via $tuniphome dev tun2
133
134	echo "Setting iptables"
135	# Do not send ssh traffic over the ssh tunnel ;)
136	iptables -A POSTROUTING -t nat -j MASQUERADE -o ! lo
137	iptables -A OUTPUT -t mangle -p tcp --dport 22 -j MARK --set-mark 0x71
138	ip rule add from all fwmark 0x71 lookup 213
139	ip route replace default via $myinsecuregw table 213 \|\| die "Could not set default route"
140
141	echo "Remember to set the localhost:8080 SOCKS proxy in your browser"
142	echo ""
143	echo "Creating SOCKS to $bighostuser@$bigbwhost"
144	ssh -fnN $bigbwhostip -D 8080 -l $bighostuser \|\| die "Could not set up the SOCKS proxy"
145
146	echo ""
147	echo "All done!"

Note: See TracBrowser for help on using the browser.

root/misc/prayishtar

Download in other formats: