Is there socksify script for dynamics forwardings to unix domain sockets?

[Jö Fahlke]

Am Do, 22. Feb 2018, 11:53:52 +1100 schrieb Damien Miller:
> On Wed, 21 Feb 2018, Jö Fahlke wrote:
> > Good point, I did not check that before, so I tried now (with tsocks on Debian
> > stretch and the "ssh -D" socks port on a random port on localhost) and got
> > mixed results.  Generally, anything name-lookup related does not seem to work
> > and I have to use IP addresses.
> 
> Yeah, IMO it would be better to write a small userspace NAT helper e.g.
> using IPPROTO_DIVERT that proxied things via SOCKS (assuming someone
> hasn't already done this).

Although dante's socksify does some trickery to support name lookup.  They
seem to make up an IP address for each requested name and keep a database of
those around.  Works well enough for firefox.

Here is how that looks like:
======================================================================
joe at paranoia:~$ SOCKS5_SERVER=127.0.0.1:7778 socksify getent hosts sky-bmc
epic-bmc
0.0.0.1         sky-bmc
0.0.0.2         epic-bmc
joe at paranoia:~$ SOCKS5_SERVER=127.0.0.1:7778 socksify ssh epic-bmc
The authenticity of host 'epic-bmc (0.0.0.1)' can't be established.
RSA key fingerprint is SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
Are you sure you want to continue connecting (yes/no)? ^C
======================================================================

Regards,
Jö.

-- 
Jorrit (Jö) Fahlke, Institute for Computational und Applied Mathematics,
University of Münster, Orleans-Ring 10, D-48149 Münster
Tel: +49 251 83 35146 Fax: +49 251 83 32729

Spaß mit I18N.  Hier StumpWM/clisp:
WARNUNG: DEFUN/DEFMACRO(GET-WM-CLASS): #<PACKAGE XLIB> ist abgeschlossen.
         Das Schloss umgehen und weitermachen.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20180222/4032bcdb/attachment.asc>