diff --git a/sslsplit.1 b/sslsplit.1 index 91fba93..0e917ba 100644 --- a/sslsplit.1 +++ b/sslsplit.1 @@ -508,9 +508,7 @@ Assuming inbound interface \fBbge0\fP: .B netfilter Linux netfilter using the iptables REDIRECT target. Only supports IPv4 due to limitations in the SO_ORIGINAL_DST getsockopt(2) -interface. Please note that SSLsplit is only able to accept incoming -connections if it binds to the correct IP address (e.g. 192.0.2.1) or on all -interfaces (0.0.0.0). +interface. .LP .RS .nf @@ -521,6 +519,11 @@ interfaces (0.0.0.0). -p tcp --dport 443 \\ -j REDIRECT --to-ports 10443\fP .fi +.LP +Note that SSLsplit is only able to accept incoming connections if it binds +to the correct IP address (e.g. 192.0.2.1) or on all interfaces (0.0.0.0). +REDIRECT uses the local interface address of the incoming interface as +target IP address, or 127.0.0.1 for locally generated packets. .RE .TP .B tproxy @@ -576,8 +579,8 @@ available on your system): .RE .LP If the Linux netfilter engine is used with the iptables REDIRECT target, it is -important to listen to the correct IP address (e.g. 192.0.2.1) or on the -wildcard (0.0.0.0), otherwise SSLsplit is not able to accept incoming +important to listen to the correct IP address (e.g. 192.0.2.1) or on all +interfaces (0.0.0.0), otherwise SSLsplit is not able to accept incoming connections. .LP Intercepting IMAP/IMAPS using the same settings: