A problem I got in setup transparent proxy mode for specific port


#1

I’d like to capture a HTTP service call from Host A -> Host B to test the client on A. Both OS are Linux.
I would like to use transparent proxy mode because I cannot modify client and cannot redirect all traffic from HostA to hostB as other service also running on HostA. I’d like only redirect the connection of the client from host A to host B.
The client in Host A call a service on Host B on a certain port 10001 by HTTP.

I tried setup HostC with mitmproxy (HostA and HostC are in the same subnet)
HostA (ip_A) -> HostC(ip_C) with mitmproxy-> HostB(ip_B) , I set the ip table to build transparent mode.

Following is what I setup for on HostA

sudo iptables -t mangle -I OUTPUT -p tcp --dport 10001 -j MARK --set-mark 1
sudo ip route add default via ip_C table 100
sudo ip rule add fwmark 0x1 table 100

On HostC

sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A PREROUTING -o eth0 -p tcp --dport 10001 -j REDIRECT --to-port 8080
mitmproxy -T --host

This doesn’t work. client on HostA connection timeout.
If I try traceroute on HostA

traceroute ip_B -p 10000 -T

It shows ip_B is unreachable on TCP from HostA

What’s the recommended way to do this?

Btw. I also tried setup mitmproxy on HostA, but when I try to redirect traffic of port 10001
on HostA

sudo iptables -t nat -A OUTPUT -p tcp --dport 10001 -j REDIRECT --to-port 8080
mitmproxy -T --host

The service call could be capture by mitmproxy on HostA but cannot get response.

Thanks a lot for your help.