You might have noticed that I'm running a little Raspberry Pi, acting as a server for my website as well as some other small server-ish tasks. This machine is actually on my home network and I also use it as the front-face to that network for incoming connections. There are other machines on this network, and while they are behind a NAT and so not addressible from the outside world, this is fine most of the time. But on the odd occasion where I'd like to directly address any other machine on that network, I have to do so through the Raspberry Pi. Depending on what it is I'm trying to do, exactly, that can be tricky.
I've just discovered sshuttle. It acts similarly to a VPN, using SSH under the hood to transport TCP packets through a server that you specify. The cool thing is that it doesn't require any complicated pre-configuration on the server—just Python. All you have to do is run it on the client machine you want to connect from. Nifty!
Debian has it packaged: run sudo aptitude install sshuttle. The binary itself apparently installs under /usr/sbin, which doesn't seem to be in a normal user's path by default. But you can run it directly as a normal user and it works fine, asking for sudo permission when it needs to configure the local machine's IP tables in order to redirect traffic.
In my case, I want to redirect IPs intended for the 192.168.0.0/24 subnet to my home network, so I run sshuttle like this:
/usr/sbin/sshuttle -r <user>@quantumfurball.net 192.168.0.0/24 -v
Replace <user> with the appropriate username to SSH-login to the server (which is quantumfurball.net in this case). The -v option is just to make sshuttle show a bit of what's going on in the background (which I like to see). It has a bunch of other options that may also be useful. Once running, do whatever it is you wanted to do with machines on your network. CTRL-C when done, I guess—sshuttle will deconfigure your IP tables as appropriate and terminate cleanly.
One note to self: Testing with ping doesn't appear to work, but I presume this is because ping packets are not TCP (which sshuttle supports), but are ICMP.
Comment to add? Send me a message: <brendon@quantumfurball.net>