From 925209ef4f474a85e7ff68087f5fec7881785473 Mon Sep 17 00:00:00 2001
From: Alexander Neumann <alexander@bumpern.de>
Date: Fri, 20 Feb 2015 07:47:35 +0100
Subject: [PATCH] Add hints for using Linux iptables REDIRECT target

---
 sslsplit.1 | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/sslsplit.1 b/sslsplit.1
index e888b4d..fbdecbe 100644
--- a/sslsplit.1
+++ b/sslsplit.1
@@ -487,7 +487,9 @@ Assuming inbound interface \fBbge0\fP:
 .B netfilter
 Linux netfilter using the iptables REDIRECT target.
 Only supports IPv4 due to limitations in the SO_ORIGINAL_DST getsockopt(2)
-interface.
+interface. Please note that SSLsplit is only able to accept incoming
+connections if it binds to the correct IP address (e.g. 192.0.2.1) or on all
+interfaces (0.0.0.0).
 .LP
 .RS
 .nf
@@ -552,6 +554,11 @@ available on your system):
 .fi
 .RE
 .LP
+If the Linux netfilter engine is used with the iptables REDIRECT target, it is
+important to listen to the correct IP address (e.g. 192.0.2.1) or on the
+wildcard (0.0.0.0), otherwise SSLsplit is not able to accept incoming
+connections.
+.LP
 Intercepting IMAP/IMAPS using the same settings:
 .LP
 .HS