lefoyer
commented
7 years ago I'm sorry, I'm not the developer of this software. It is the mirror with minor modifications. Maybe you can help iptables CONNMARK.
Open nikdavnik opened 7 years ago
lefoyer
commented
7 years ago I'm sorry, I'm not the developer of this software. It is the mirror with minor modifications. Maybe you can help iptables CONNMARK.
gi
Hi,
In my s-m ndpi -sshystem (debian router) I want to do ssh protocole redirection. I successfully installed ndpi-netfilter and added following rules for ssh redirection
iptables -t mangle -A PREROUTING -m ndpi --dpi_check iptables -t mangle -A POSTROUTING -m ndpi --dpi_check iptables -t nat -A PREROUTING -p tcp -m ndpi -ssh -j REDIRECT --to-ports 9051
with this rules I only get first package redirected to 9051, then redirection stops.
It is working ok with iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 9051
but I don't want use ssh port, I want detect and redirect sssh protocole. Please help to implement this, it is possible to detect and redirect encrypted protocoles, like ssh, https ? what am I doing wrong in my iptables configs?