8/8/2023 0 Comments Docker mitmproxy![]() ![]() A INPUT -p tcp -m tcp -dport 48484 -j REJECT -reject-with icmp-port-unreachable A INPUT -i wlan0 -p tcp -m tcp -dport 53 -j ACCEPT A INPUT -i wlan0 -p udp -m udp -dport 53 -j ACCEPT A INPUT -i wlan0 -p tcp -m tcp -dport 67 -j ACCEPT A INPUT -i wlan0 -p udp -m udp -dport 67 -j ACCEPT A INPUT -i resin-vpn -p tcp -m tcp -dport 48484 -j ACCEPT A INPUT -i tun0 -p tcp -m tcp -dport 48484 -j ACCEPT A INPUT -i docker0 -p tcp -m tcp -dport 48484 -j ACCEPT A INPUT -i lo -p tcp -m tcp -dport 48484 -j ACCEPT A INPUT -i supervisor0 -p tcp -m tcp -dport 48484 -j ACCEPT A POSTROUTING -s 172.17.0.0/16 ! -o supervisor0 -j MASQUERADE A OUTPUT ! -d 127.0.0.0/8 -m addrtype -dst-type LOCAL -j DOCKER A PREROUTING -m addrtype -dst-type LOCAL -j DOCKER Is this method going to work, or do I have the ability to do it smarter? Excuse the massive file, but here’s the new static les I apply when the application starts up: *nat I’m wondering if this method is portable, since I’m not sure the IP Tables config will be the same across different devices. Update: I’m currently pulling the running iptables rules, modifying them to add what I need for the port forwarding, and applying with a shell script run as the CMD in the IP Tables Dockerfile. Is there a way to modify IP Tables on the Host OS without breaking the Docker network? I’m trying to do the actual updating commands from a run-once Docker container defined in the Docker Compose, but I’m wondering if I’m missing a more native way to accomplish this. A FORWARD -i wlan0 -o eth0 -m state -state RELATED,ESTABLISHED -j ACCEPT A PREROUTING -i wlan0 -p tcp -m tcp -dport 80 -j REDIRECT -to-ports 8888 Here’s the IP Tables config I’m trying to match: *nat IP Tables takes all port 80 traffic on the wlan0 and forwards to port 8888, where MITMProxy picks it up and logs http traffic before passing on transparently. In Raspbian, this was accomplished with the standard HostAPD/DNSMasq/IP Tables set up, but I’m struggling to get the same in Resin. I need to insert a MITMProxy in the middle to sniff traffic (intercepting OTT device traffic as they often don’t provide tools to do so natively, making troubleshooting a real pain). wlan0 is configured as a hotspot through Network Manager per.eth0 is connected to the internet and provides access.I’m attempting to transfer over something I made locally on Raspbian, and port forwarding at the host level is a must. I’m currently developing an application for Raspberry Pi 3 on Resin to deploy to a fleet once done. TL DR - How do I forward wlan0 hotspot traffic to an internal proxy before it passes through to eth0? ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |