betolj
commented
8 years ago You can't do this.
The problem is the connection moment (start) x the application detection.
In beginning of tcp connection (3-way handshake), you can't detect the application type. But, any way, the connection are established like a simple tcp socket. If you redirect after the 3-way handshake, you will break the client session.
Hi,
In my s-m ndpi -sshystem (debian router) I want to do ssh protocole redirection. I successfully installed ndpi-netfilter and added following rules for ssh redirection
iptables -t mangle -A PREROUTING -m ndpi --dpi_check iptables -t mangle -A POSTROUTING -m ndpi --dpi_check iptables -t nat -A PREROUTING -p tcp -m ndpi -ssh -j REDIRECT --to-ports 9051
with this rules I only get first package redirected to 9051, then redirection stops.
It is working ok with iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 9051
but I don't want use ssh port, I want detect and redirect sssh protocole. Please help to implement this, it is possible to detect and redirect encrypted protocoles, like ssh, https ? what am I doing wrong in my iptables configs?