@greg @calpaliu A solution for this problem could be to use proxy_proto in combination with GitHub - path-network/go-mmproxy: Golang implementation of MMProxy
Go-MMProxy is a Go reimplementation of mmproxy, which was originally created by CloudFlare. Go-MMProxy improves on mmproxy’s runtime stability while providing potentially greater performance in terms of connection and packet throughput. Cloudflare’s blogpost on mmproxy serves as a great write-up on how go-mmproxy works under the hood.
I tested this with SSH and it works great, go-mmproxy also offers support for UDP so it shouldn’t be too hard to make it work for your use-case. Setting -p udp is all you need.
Here is my setup for SSH.
FLY
Forwarding port 10022 (as suggested by @kurt) to internal port 2222 where I have MMProxy listening on.
[[services]]
internal_port = 2222
protocol = "tcp"
[[services.ports]]
handlers = ["proxy_proto"]
port = 10022
MMProxy
For the routing setup
ip rule add from 127.0.0.1/8 iif lo table 123
ip route add local 0.0.0.0/0 dev lo table 123
#ip -6 rule add from ::1/128 iif lo table 123
#ip -6 route add local ::/0 dev lo table 123
Requirements:
apt-get install iproute2 go-mmproxy--cap-add NET_ADMIN
Then all all you need is:
/usr/bin/go-mmproxy -l 0.0.0.0:2222 -4 127.0.0.1:22 -v 1
Note that.
- I’m only routing IPv4. Docker doesn’t have IPv6 enabled by default. If you need it you could enable it when running in fly context only.
- You need to enable
--cap-add NET_ADMINrunning in Docker, or you will get errors when runningip rule add. If you don’t need/want to do local testing, you can get around this by only setting up your ip rules in the fly context.