Cannot make it work on a private VM network
fkerem opened this issue · comments
Hi,
Thank you very much for your contributions.
In my case, I am running a client on my host machine (Mac Ventura) and an SMB server on my VM (Ubuntu 14.04).
The VM is configured to use the private network (interface: vmenet3) with the host.
Here are the IP addresses and the port numbers:
Server on my VM has the IP 192.168.139.130
, and listens on port 445.
Client connects to the VM using the IP 192.168.139.1
, and connects using the port 55419.
I would like to run the relay server on my host machine running the client.
Therefore, relay's IP address will also be 192.168.139.1
but it will listen on 445 (the same with the SMB server on my VM).
Here is my host configuration below.
I first enable IP forwarding, then forward the packets to the relay using pfctl
.
sysctl -w net.inet.ip.forwarding=1
echo "rdr pass inet proto tcp from any to any port 445 -> 192.168.139.1 port 445" | sudo pfctl -ef -
Then, I run the script as below.
sudo python3 mitm_relay.py -l 192.168.139.1 -r 445:192.168.139.130:445
However, it does not capture any packets. Do you have any intuition why?
Any help is much appreciated,
Hi,
My first guess is that because of your pfctl
rule, and using the same port for the relay and for the destination, the packets relayed by mitm_relay
are also caught by the rule and go back to itself instead of being forwarded to the destination.
A couple options that I can think of:
- If possible for you, you may want to completely get rid of
pfctl
, and point your SMB client to192.168.139.1:445
directly. It will be intercepted by the relay and forwarded to the destination. - If not possible, you could try to make the relay listen on another port, for example
5555
, and change yourpfctl
rule to something likerdr pass inet proto tcp from any to 192.168.139.1 port 445 -> 192.168.139.1 port 5555
Hope this helps.
Thank you very much for your super quick response!
My server (destination) and relay have different IP addresses, although they use the same ports, would that still cause issues?
I will test it without pfctl
first and let you know.
Unfortunately, it didn't not work both ways.
When testing with pfctl, here is my rule:
echo "rdr pass inet proto tcp from any to 192.168.139.130 port 445 -> 192.168.139.1 port 4445" | sudo pfctl -ef -
The command you suggested was different but destination is actually 192.168.139.130, so I updated it that way.
echo "rdr pass inet proto tcp from any to 192.168.139.130 port 445 -> 192.168.139.1 port 4445" | sudo pfctl -ef -
I suppose the issue remains the same then.
- Packets go from your client to 192.168.130:445, are redirected by pfctl to 192.168.139.1:4445 (
mitm_relay
) mitm_relay
relays to 192.168.139.130:445, but since it's on the same host, will be caught again by pfctl
You basically need to tell pfctl
to only redirect packets coming from the client, but not those coming from mitm_relay
.
You could try to create an additional IP address on your host, make mitm_relay
listen on it, and either point your SMB client to it or make pfctl
redirect packetc to it. Or you could run mitm_relay
in a separate VM, which would solve the issue too.
Alternatively, if somehow you know which source port the client is using, you can filter on it in your pfctl
"from" condition.
Thank you so much for your help.
Based on your feedback, I stopped using the VM.
I created two alias for the server (127.0.0.2) and the relay (127.0.0.3) using loopback interface.
I also got rid of using pfctl
, and made the client point to the relay directly.
This resulted in a successful run, really appreciate your support again and again!