add note about icmp redirects, fix #255

author: Maximilian Hils <git@maximilianhils.com> 2014-09-08 18:35:52 +0200
committer: Maximilian Hils <git@maximilianhils.com> 2014-09-08 18:35:52 +0200
commit: 7ea8d3ff357e278ba047a18a0dcc4bd434017c79 (patch)
tree: 740300db83b70159058b58c107127b4ac122d072 /doc-src/transparent/linux.html
parent: ebd539b49f0706918e979dc921cf454ae448eaf9 (diff)
download: mitmproxy-7ea8d3ff357e278ba047a18a0dcc4bd434017c79.tar.gz
mitmproxy-7ea8d3ff357e278ba047a18a0dcc4bd434017c79.tar.bz2
mitmproxy-7ea8d3ff357e278ba047a18a0dcc4bd434017c79.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/doc-src/transparent/linux.html b/doc-src/transparent/linux.html
index 96b7132a..7c01931d 100644
--- a/doc-src/transparent/linux.html
+++ b/doc-src/transparent/linux.html
@@ -15,6 +15,16 @@ achieve transparent mode.
 
     </li>
 
+    <li> If your target machine is on the same physical network and you configured it to use a custom gateway,
+    disable ICMP redirects:
+
+    <pre class="terminal">echo 0 | sudo tee /proc/sys/net/ipv4/conf/*/send_redirects</pre>
+
+    You may also want to consider enabling this permanently in
+    <b>/etc/sysctl.conf</b> as demonstrated <a href="http://unix.stackexchange.com/a/58081">here</a>.
+
+    </li>
+
     <li> Create an iptables ruleset that redirects the desired traffic to the
     mitmproxy port. Details will differ according to your setup, but the
     ruleset should look something like this:
author	Maximilian Hils <git@maximilianhils.com>	2014-09-08 18:35:52 +0200
committer	Maximilian Hils <git@maximilianhils.com>	2014-09-08 18:35:52 +0200
commit	7ea8d3ff357e278ba047a18a0dcc4bd434017c79 (patch)
tree	740300db83b70159058b58c107127b4ac122d072 /doc-src/transparent/linux.html
parent	ebd539b49f0706918e979dc921cf454ae448eaf9 (diff)
download	mitmproxy-7ea8d3ff357e278ba047a18a0dcc4bd434017c79.tar.gz mitmproxy-7ea8d3ff357e278ba047a18a0dcc4bd434017c79.tar.bz2 mitmproxy-7ea8d3ff357e278ba047a18a0dcc4bd434017c79.zip