How to takeover forwarded tcp streams in Linux? [closed]

Question

Closed. This question needs details or clarity. It is not currently accepting answers.

Want to improve this question? As written, this question is lacking some of the information it needs to be answered. If the author adds details in comments, consider editing them into the question. Once there's sufficient detail to answer, vote to reopen the question.

Closed last year.

Improve this question

I have some TCP streams which are only going over my linux box. In theory, it only packet forwards them. Now some new idea happened on which now I think, it would be much better to also alter their content.

My idea is that the forwarded tcp stream should be handled as if it would be an incoming stream, and then processed by my own tools.

Is it somehow possible? I think, somehow the packet should be handled as if it had been sent to the machine and not for forwarding, in an early phase of the handling of the incoming packets.

I still can not see the reason to close this question. It is very clear, just like the answer. — peterh
– peterh, Commented Jun 5, 2024 at 7:59
Note that Stéphane Chazelas has written a comment which should be an essentially different answer. — peterh
– peterh, Commented Jun 16, 2024 at 6:21

peterh · Accepted Answer · 2024-05-31 22:03:52Z

-1

@telcoM explained a very useful solution: the REDIRECT target of the PREROUTING iptables section. That affects incoming packets before their target is decided (will they be forwarded or handled by a local socket).

iptables -t nat -A PREROUTING -p tcp --dport <orig dest port> -j REDIRECT --to-ports <new local port>

He also mentions, encrypted protocols tend to fight exactly this, because it can lead to MiTM attacks. However, in the lack of the intent to eavesdrop or alter the content, this is probably not a serious problem.

Another important thing is that this solution destroys the information of the original destination port and address. There is no easy way to do it significantly differently.

answered May 31, 2024 at 22:03

peterh

10.5k18 gold badges69 silver badges99 bronze badges

If a better answer appears, that will get the pipe and not mine. A solution where the original target ip/port is preserved, is surely a better answer.

peterh
– peterh

2024-05-31 22:04:43 +00:00
Commented May 31, 2024 at 22:04
tproxy is often better as it allows the proxying/mangling application to see and preserve the original destination address.

Stéphane Chazelas
– Stéphane Chazelas

2024-06-13 20:42:48 +00:00
Commented Jun 13, 2024 at 20:42

Add a comment |

Stack Exchange Network

How to takeover forwarded tcp streams in Linux? [closed]

1 Answer 1

Hot Network Questions

How to takeover forwarded tcp streams in Linux? [closed]

1 Answer 1

Related

Hot Network Questions