如何从docker容器通过ssh传输TCP流量？

以下是我的情况： 我有一个应用程序在docker容器中本地运行，基于lambci/lambda:build-nodejs8.10。应用程序通过两个URL向远程服务器发送https请求。然而，远程服务器只接受来自我的办公室网络的IP请求。我可以使用VPN连接到办公网络，但它没有配置为只允许我访问网络上的计算机才能进入internet。我能做的是将ssh连接到办公网络上的机器上，这些机器可以访问internet

尝试解决方案和以前的解决方案： 以前我只需要向一个URL发送请求，比如remote1.com。我通过ssh转发端口解决了这个问题，如下所示：

连接到本地计算机上的VPN

使用bashshell以交互模式启动docker容器

将remote1.com的流量重定向到本地主机：

echo“127.0.0.1 remote1.com”>/etc/hosts

通过ssh将流量转发到127.0.0.1:443到office.machine.com：

sshuser@office.machine.com-L 443:remote1.com:443

从新终端连接到docker容器并启动应用程序

这只适用于一个远程url。尝试执行步骤2-4两次将不起作用，因为端口已转发

我试过在docker集装箱上运行sshuttle。安装它工作正常（通过克隆git repo）：

但运行它会导致以下错误：

iptables v1.4.18: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
firewall manager: undoing changes.
firewall manager: undoing IPv4 changes.
iptables v1.4.18: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
firewall manager: Error trying to undo IPv4 firewall.
firewall manager: ---> Traceback (most recent call last):
firewall manager: --->   File "/usr/local/lib/python2.7/site-packages/sshuttle-0.78.5.dev10+g561b648-py2.7.egg/sshuttle/firewall.py", line 270, in main
firewall manager: --->     method.restore_firewall(port_v4, socket.AF_INET, udp, user)
firewall manager: --->   File "/usr/local/lib/python2.7/site-packages/sshuttle-0.78.5.dev10+g561b648-py2.7.egg/sshuttle/methods/nat.py", line 99, in restore_firewall
firewall manager: --->     if ipt_chain_exists(family, table, chain):
firewall manager: --->   File "/usr/local/lib/python2.7/site-packages/sshuttle-0.78.5.dev10+g561b648-py2.7.egg/sshuttle/linux.py", line 33, in ipt_chain_exists
firewall manager: --->     raise Fatal('%r returned %d' % (argv, rv))
firewall manager: ---> Fatal: ['iptables', '-t', 'nat', '-nL'] returned 3
firewall manager: undoing /etc/hosts changes.
firewall manager: Error trying to undo /etc/hosts changes.
firewall manager: ---> Traceback (most recent call last):
firewall manager: --->   File "/usr/local/lib/python2.7/site-packages/sshuttle-0.78.5.dev10+g561b648-py2.7.egg/sshuttle/firewall.py", line 282, in main
firewall manager: --->     restore_etc_hosts(port_v6 or port_v4)
firewall manager: --->   File "/usr/local/lib/python2.7/site-packages/sshuttle-0.78.5.dev10+g561b648-py2.7.egg/sshuttle/firewall.py", line 51, in restore_etc_hosts
firewall manager: --->     rewrite_etc_hosts({}, port)
firewall manager: --->   File "/usr/local/lib/python2.7/site-packages/sshuttle-0.78.5.dev10+g561b648-py2.7.egg/sshuttle/firewall.py", line 30, in rewrite_etc_hosts
firewall manager: --->     os.link(HOSTSFILE, BAKFILE)
firewall manager: ---> OSError: [Errno 18] Invalid cross-device link
fatal: ['iptables', '-t', 'nat', '-nL'] returned 3
c : fatal: cleanup: ['/usr/bin/python', '/usr/local/bin/sshuttle', '-v', '-v', '--method', 'auto', '--firewall'] returned 99
 s:   Ready: 1 r=[4] w=[] x=[]

我能做什么和不能做什么：

可以：

• 在我的本地PC（Win/Ubuntu）上安装软件并更改配置
• 在docker映像上安装软件（默认情况下并非所有软件包都可用）

不能：

• 在远程或office服务器上更改配置或安装软件

是否有一种方法可以通过ssh从docker容器中运行的应用程序运行所有（或对两个特定URL的所有HTTPS请求）TCP通信？

也许可以帮助您

首先，更改ssh命令以在端口9050打开socks代理：

sshuser@office.machine.com-D 9050

然后将docker映像配置为启动节点，如下所示：

proxychains节点——节点参数

这将导致从节点应用程序发出的所有请求都通过位于localhost:9050的socks代理

iptables v1.4.18: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
firewall manager: undoing changes.
firewall manager: undoing IPv4 changes.
iptables v1.4.18: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
firewall manager: Error trying to undo IPv4 firewall.
firewall manager: ---> Traceback (most recent call last):
firewall manager: --->   File "/usr/local/lib/python2.7/site-packages/sshuttle-0.78.5.dev10+g561b648-py2.7.egg/sshuttle/firewall.py", line 270, in main
firewall manager: --->     method.restore_firewall(port_v4, socket.AF_INET, udp, user)
firewall manager: --->   File "/usr/local/lib/python2.7/site-packages/sshuttle-0.78.5.dev10+g561b648-py2.7.egg/sshuttle/methods/nat.py", line 99, in restore_firewall
firewall manager: --->     if ipt_chain_exists(family, table, chain):
firewall manager: --->   File "/usr/local/lib/python2.7/site-packages/sshuttle-0.78.5.dev10+g561b648-py2.7.egg/sshuttle/linux.py", line 33, in ipt_chain_exists
firewall manager: --->     raise Fatal('%r returned %d' % (argv, rv))
firewall manager: ---> Fatal: ['iptables', '-t', 'nat', '-nL'] returned 3
firewall manager: undoing /etc/hosts changes.
firewall manager: Error trying to undo /etc/hosts changes.
firewall manager: ---> Traceback (most recent call last):
firewall manager: --->   File "/usr/local/lib/python2.7/site-packages/sshuttle-0.78.5.dev10+g561b648-py2.7.egg/sshuttle/firewall.py", line 282, in main
firewall manager: --->     restore_etc_hosts(port_v6 or port_v4)
firewall manager: --->   File "/usr/local/lib/python2.7/site-packages/sshuttle-0.78.5.dev10+g561b648-py2.7.egg/sshuttle/firewall.py", line 51, in restore_etc_hosts
firewall manager: --->     rewrite_etc_hosts({}, port)
firewall manager: --->   File "/usr/local/lib/python2.7/site-packages/sshuttle-0.78.5.dev10+g561b648-py2.7.egg/sshuttle/firewall.py", line 30, in rewrite_etc_hosts
firewall manager: --->     os.link(HOSTSFILE, BAKFILE)
firewall manager: ---> OSError: [Errno 18] Invalid cross-device link
fatal: ['iptables', '-t', 'nat', '-nL'] returned 3
c : fatal: cleanup: ['/usr/bin/python', '/usr/local/bin/sshuttle', '-v', '-v', '--method', 'auto', '--firewall'] returned 99
 s:   Ready: 1 r=[4] w=[] x=[]