Iptables rules for mitmproxy


I’m looking for the correct iptables rules for the following scenario:

Router R running ddwrt (so I can set iptables rules, but can’t install mitmproxy / wireshark)

Device A which is sending traffic I want to analyze to the internet. Device B running Ubuntu on which I have mitmproxy and wireshark. Many other devices on the network connected to R which I don’t want to disrupt.

How do I set up the rules so that traffic from A (and only traffic from A) is routed to device B? I don’t have any control over the device A besides setting to which wifi AP it connects.


Hi, did you take a look at http://docs.mitmproxy.org/en/stable/modes.html?
Most of the time, just setting a custom gateway is the easiest way (if you need transparent mode - regular mode would be even easier). If you want to do redirection on the router, take a look at https://github.com/mitmproxy/mitmproxy/blob/master/docs/custom-routing.txt.


Thanks, now I have read those I I’m doing the following which still doesn’t work:

On device B I start mitmproxy like this: sudo mitmproxy -T --host -a -p 80

On my router R I added a static routing rule that tells A to use B as a gateway.
I verified this worked by running route on A:

> route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         rpi3.local         UG    0      0        0 wlan0     *        U     9      0        0 wlan0

I also verified this by tracerouting a site (the router is a second hop):

traceroute ynet.co.il
traceroute to ynet.co.il (, 30 hops max, 60 byte packets

 1  * * *
 2  Netgear (  1.808 ms  2.094 ms  1.964 ms

However when I run wget I don’t see mitmproxy intercepting it:
wget http://www.ynet.co.il/home/0,7340,L-8,00.html

What am I missing?


Are you redirecting traffic on B to mitmproxy? See steps 3/4 at http://docs.mitmproxy.org/en/stable/transparent/linux.html.


Now I followed the instructions at https://github.com/mitmproxy/mitmproxy/blob/master/docs/custom-routing.txt preceicely and it worked.

On ddwrt iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp -m multiport --dports 80,443 gave me segmentation fault for some reason, but running it twice which each port separately worked.

Thank you!



I’m kind of lost with the iptables rules for my configuration. Here is my set-up:

Set-top-box > Computer running Ubuntu with mitmproxy > Internet

My computer has 2 ethernet NIC (eth0 and eth1). eth0 is connected to the set-top-box and eth1 is connected to an Internet box. I created a network bridge (called br0) between them. How can I redirect the http traffic from my set-top-box to the listening port of mitmproxy?