-
Notifications
You must be signed in to change notification settings - Fork 3
Using network redirection
Anthony M edited this page Jan 4, 2016
·
2 revisions
finto can be run using a virtual interface and network redirection. The below example uses pf on OSX.
Create and confirm a virtual interface:
$ ifconfig vlan169 create inet 169.254.169.254 netmask 255.255.255.255
$ ifconfig vlan169
vlan169: flags=1<UP> mtu 0
inet 169.254.169.254 netmask 0xffffffff
vlan: 0 parent interface: <none>
media: <unknown type>
status: inactive
Create and test a redirect rule:
$ cat <<EOF > /etc/pf.anchors/com.threadwaste
> rdr pass on lo0 inet proto tcp from any to 169.254.169.254 port 80 -> 169.254.169.254 port 16925
> EOF
$ pfctl -vnf /etc/pf.anchors/com.threadwaste
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
rdr pass on lo0 inet proto tcp from any to 169.254.169.254 port = 80 -> 169.254.169.254 port 16925
Add the anchor for loading to pf.conf:
$ cat /etc/pf.conf
scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
rdr-anchor "com.threadwaste"
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
load anchor "com.threadwaste" from "/etc/pf.anchors/com.threadwaste"
$ diff /etc/pf.conf /etc/pf.conf.original
25d24
< rdr-anchor "com.threadwaste"
29d27
< load anchor "com.threadwaste" from "/etc/pf.anchors/com.threadwaste"
Load the anchor set:
$ pfctl -evf /etc/pf.conf
Run finto:
$ finto