Jump to content

!marvin

Active Members
  • Content Count

    5
  • Joined

  • Last visited

About !marvin

  • Rank
    Newbie

Profile Information

  • Gender
    Male
  • Location
    CH

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. You could attache the WAN interface to a network providing DHCP. In that case you would recive the DHCP Address on WAN and you would have WLAN with the 172.16.42.0/24 subnet. LAN interface is not in use in this case. If you do not have access to the router on WAN side (Jasagers WAN Gateway). Hide the 172.16.42.0/24 behind the Jasager's WAN IP. Should look somehow like this (you can add the commands over the webinterface -> advanced tab): iptables -A FORWARD -m state --state NEW -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat
  2. 1) Regarding your first point (running sslstrip before IPtabel): don't want to see my own password in the log file No, serious: didn't try that but makes sense. You probably do not even have to start the script first BUT you have to start it and it should not crash, otherwise you have to use ssh or the powercycle method to access the webinterface ... 2) Don't want to correct you :) . You are correct of course. I’m connecting from a different IP as you noted but not from 172.16.42.0/24 subnet. 3) Don't know if I got your idea but then it should be iptables -t nat -A PREROUTING -s ! 17
  3. Two cases I can think about iptable customization would help: 1) I sometimes use a topology where I connect the MK4 directly to the DSL Subnet but do not use a separate PC for connection sharing (ics). Therefor I hide (masquerade) normally the WLAN subnet behind the WAN Port IP address (DSL Range) with an iptable rule (safes me from creating back routes on DSL router ). This is more to iptables directly and has more or less nothing to do with your sslstrip module I guess. But the whole thinks works perfect - also with sslstrip :) 2) Correct me if I'm wrong but if I redirect the whole tra
  4. Sorry, didn't notice that. Just saw the print screens and the feature list saying: "- iptables rules automatically installed". There were nothing mentioned regarding „customizable“ iptable settings
  5. cool, I would have a feature request :-) Would be great if iptable nat rules would be editable. Example do only NAT if source is in net x.x.x.x e.g.: iptables -t nat -A PREROUTING -p tcp -s 172.16.42.0/24 --destination-port 443 -j REDIRECT --to-ports 10000 Helps to access the port 80 webinterface if only some subnets are redirected :-)
×
×
  • Create New...