You are not logged in.
- Topics: Active | Unanswered
#1 2014-08-30 20:42:43
- popoffka
- Member
- Registered: 2012-03-29
- Posts: 16
[solved] How to automate `ip route` and `ip rule` commands?
Hi,
I'm using SSLH, a piece of software that listens on port 443, fingerprints the incoming traffic and (in my setup), redirects it either to port 22, where OpenSSH is running, or to port 442, where nginx is serving HTTPS pages. I use this to be able to connect to my SSH from networks that block traffic on port 22.
The only shortcoming of my setup is that nginx and OpenSSH "see" all connections as coming from 127.0.0.1. SSLH has a "transparent proxying" mode to fix that, and the README says that the following commands must be used to enable it:
# iptables -t mangle -N SSLH
# iptables -t mangle -A OUTPUT --protocol tcp --out-interface eth0 --sport 22 --jump SSLH
# iptables -t mangle -A OUTPUT --protocol tcp --out-interface eth0 --sport 4443 --jump SSLH
# iptables -t mangle -A SSLH --jump MARK --set-mark 0x1
# iptables -t mangle -A SSLH --jump ACCEPT
# ip rule add fwmark 0x1 lookup 100
# ip route add local 0.0.0.0/0 dev lo table 100I'm wondering, what would be the best way to make Arch execute the last two on startup? I'm using netctl for my network connection setup, if that's relevant.
Last edited by popoffka (2014-08-30 21:15:17)
Offline
#2 2014-08-30 20:58:42
- Spider.007
- Member
- Registered: 2004-06-20
- Posts: 1,175
Re: [solved] How to automate `ip route` and `ip rule` commands?
Offline
#3 2014-08-30 21:14:59
- popoffka
- Member
- Registered: 2012-03-29
- Posts: 16
Re: [solved] How to automate `ip route` and `ip rule` commands?
Hm. I remembered that there was something like this when creating the thread, but then thought that these commands aren't actually "tied" to any of my NICs.
And now I realized that I was just being stupid and that I can ask netctl to execute those after starting my Ethernet connection. This makes perfect sense and I feel like an idiot.
Thanks.
Offline