diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2012-02-15 19:19:31 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2012-02-15 19:19:31 +0100 |
| commit | 0ee36041674aec7bc04daee592dfe450b4d00b78 (patch) | |
| tree | e5395590f2c70f777cfb2c765da321feeda1d86b | |
| parent | Support domain specific. (diff) | |
| download | stunnel-interceptor-0ee36041674aec7bc04daee592dfe450b4d00b78.tar.xz stunnel-interceptor-0ee36041674aec7bc04daee592dfe450b4d00b78.zip | |
Specify source IP.
| -rwxr-xr-x | intercept-iptables.sh | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/intercept-iptables.sh b/intercept-iptables.sh index f7a0f28..69034d0 100755 --- a/intercept-iptables.sh +++ b/intercept-iptables.sh @@ -2,7 +2,7 @@ # File stdin format: # -# basePort +# sourceIP basePort1 basePort2 # interceptedIP interceptedPort interceptedDomain # interceptedIP interceptedPort interceptedDomain # interceptedIP interceptedPort interceptedDomain @@ -11,7 +11,7 @@ # ... # # Sample: -# 9000 10000 +# 192.168.0.4 9000 10000 # 123.48.12.122 443 googblie.com # 123.48.12.128 143 schmooblie.com # 123.43.12.112 587 lars.mooblie.com @@ -19,8 +19,9 @@ set -e read localBase -localBasePort1="$(cut -f 1 <<< "$localBase")" -localBasePort2="$(cut -f 2 <<< "$localBase")" +sourceIP="$(cut -f 1 <<< "$localBase")" +localBasePort1="$(cut -f 2 <<< "$localBase")" +localBasePort2="$(cut -f 3 <<< "$localBase")" stunnelConfigDir="$(mktemp -d)" cd $stunnelConfigDir @@ -57,7 +58,7 @@ while read line; do clientConfig="client-$counter.conf" echo "[+] Configuring iptables to redirect $remoteIP:$remotePort <--> incoming:$localPort1" - iptables -t nat -A PREROUTING -p TCP --destination "$remoteIP" --dport "$remotePort" -j REDIRECT --to-port "$localPort1" + iptables -t nat -A PREROUTING -p TCP --source "$sourceIP" --destination "$remoteIP" --dport "$remotePort" -j REDIRECT --to-port "$localPort1" if [ ! -f "$remoteDomain.pem" ]; then echo "[+] Generating host certificate." |