WFPSampler端口重定向帮助 [英] WFPSampler Port Redirection Help
问题描述
我已经尝试了好几个小时才能让它正常工作,但却无法实现。 看起来像这样的基本事情。
I have tried for several hours now to get this to work right and just cannot make it happen. Seems like such a basic thing to do.
我想将TCP连接重定向到127.0.0.1:22到127.0.0.1:2222。
I want to redirect TCP connections to 127.0.0.1:22 to 127.0.0.1:2222.
还有另一个进程运行,绑定到0.0.0.0:22,我需要接管127.0.0.1。 不能这样做吗?
There is another process running which is bound to 0.0.0.0:22 and I need to take over just 127.0.0.1. Can't that be done?
WFPSampler.exe -s BASIC_PACKET_MODIFICATION -l FWPM_LAYER_OUTBOUND_TRANSPORT_V4 -ipra 127.0.0.1 -iprp 22 -mtdp 2222 -v
WFPSampler.exe -s BASIC_PACKET_MODIFICATION -l FWPM_LAYER_OUTBOUND_IPPACKET_V4 -ipra 127.0.0.1 -iprp 22 -mtdp 2222 -v
WFPSampler.exe -s BASIC_PACKET_MODIFICATION -l FWPM_LAYER_INBOUND_IPPACKET_V4 -ipra 127.0.0.1 -iprp 2222 -mtsp 22 -v
WFPSampler.exe -s BASIC_PACKET_MODIFICATION -l FWPM_LAYER_INBOUND_TRANSPORT_V4 -ipra 127.0.0.1 -iprp 2222 -mtsp 22 -v一旦我这样做,我就会在127.0.0.1:22上断开连接。
As soon as I do that, I loose connectivity on 127.0.0.1:22.
帮助?
推荐答案
WFPSampler的原始版本不支持修改IPPACKET层的传输头。  这种支持被注释掉了,因为它需要比我有时间更严格的检查。 所以我的第一个问题是,您是否编写了
代码来实现此功能?
The original version of the WFPSampler did not support modifying the transport header at the IPPACKET layers. This support was commented out as it required more rigorous checks than I had time for. So the first question I have is, did you write code to achieve this functionality?
对于您正在执行的重定向,您应该使用FWPM_LAYER_ALE_CONNECT_REDIRECT_V4。 (这是在PROXY场景中)。根据我的理解,您实际上并不代理数据,但CONNECT REDIRECT层将更改连接的tcb
,以便127.0.0.1:22现在流向127.0.0.1:2222。
For the redirection you are performing, you should be using the FWPM_LAYER_ALE_CONNECT_REDIRECT_V4. (This is in the PROXY Scenario). From my understanding, you are not actually proxying the data, however the CONNECT REDIRECT layer will change the tcb of the connection so that 127.0.0.1:22 now flows to 127.0.0.1:2222.
如果使用旧版重定向(正如您所做的那样),您需要坐在FWPM_LAYER_OUTBOUND_TRANSPORT_V4和FWPM_LAYER_INBOUND_IPPACKET_V4。 您列出的其他过滤器可能不会受到影响。 此外,IPPACKET不支持REMOTE_PORT,
所以您的过滤器将被调用到127.0.0.1的所有流量。
If using legacy redirection (as you are doing), you need to sit at FWPM_LAYER_OUTBOUND_TRANSPORT_V4 and FWPM_LAYER_INBOUND_IPPACKET_V4. The other filters you have listed likely won't get hit. Additionally, IPPACKET doesn't support REMOTE_PORT, so your filter is being invoked for all traffic to 127.0.0.1.
您的命令看起来如此:
WFPSampler.exe -s BASIC_PACKET_MODIFICATION -l FWPM_LAYER_OUTBOUND_TRANSPORT_V4 -ipp TCP -ipra 127.0.0.1 -iprp 22 -mtdp 2222 -v
$
WFPSampler.exe -s BASIC_PACKET_MODIFICATION - l FWPM_LAYER_INBOUND_IPPACKET_V4 -ipra 127.0.0.1 -mtdp 22 -v
(你需要在callout中添加代码来验证这是你想要修改的流量(即检查TL头并验证其TCP和源端口2222 +修改TCP标头)
Your commands would look thusly:
WFPSampler.exe -s BASIC_PACKET_MODIFICATION -l FWPM_LAYER_OUTBOUND_TRANSPORT_V4 -ipp TCP -ipra 127.0.0.1 -iprp 22 -mtdp 2222 -v
WFPSampler.exe -s BASIC_PACKET_MODIFICATION -l FWPM_LAYER_INBOUND_IPPACKET_V4 -ipra 127.0.0.1 -mtdp 22 -v
(And you will need to add code in the callout to verify this is the traffic you do want to modify (i.e. inspect the TL header and verify its TCP and source port 2222 + modification of the TCP header)
希望这有帮助,
这篇关于WFPSampler端口重定向帮助的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
