Transparent Proxying on a single machine - iptables

alexw92 · July 23, 2016, 10:19am

Hi

I’d like to proxy trasparent on a single system ( run mitmproxy -T)
on a ubuntu while sending traffic out of the same system.

The problem is the ip tables settings. I used
sudo iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner root --dport 443 -j REDIRECT --to-port 8080
sudo iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner root --dport 80 -j REDIRECT --to-port 8080
but this requires mitmproxy to be run as root and processes to be proxied as non root. I would like to proxy
packets from both root AND non-root processes

Unfortunately
sudo iptables -t nat -A OUTPUT -p tcp -m owner ! --pid-owner pid--dport 443 -j REDIRECT --to-port 8080
sudo iptables -t nat -A OUTPUT -p tcp -m owner ! --pid-owner pid --dport 80 -j REDIRECT --to-port 8080
does not work as pid-owner is not longer part of the iptables.

I also tried
sudo iptables -t nat -A OUTPUT -p tcp ! --sport 8080 --dport 443 -j REDIRECT --to-port 8080
sudo iptables -t nat -A OUTPUT -p tcp ! --sport 8080 --dport 80 -j REDIRECT --to-port 8080
but ended into a routing loop.

Has anybody any idea how to configure iptables to achieve my goal?

mhils · July 25, 2016, 8:11pm

One way to fix this would be to create your own user for mitmproxy and run mitmproxy as that user. What do you think?

alexw92 · August 14, 2016, 8:28pm

Of course you are right, thanks
Just too obvious^^

Topic		Replies	Views
Mitmproxy in transparent mode with SNAT help	0	805	May 29, 2017
Linux trasparent proxy - Iptable rules help	1	882	November 29, 2017
Linux fully transparent mode help	0	1041	March 7, 2018
OpenVPN with mitproxy help	0	1321	December 20, 2018
A problem I got in setup transparent proxy mode for specific port help	0	988	January 4, 2018

Transparent Proxying on a single machine - iptables

Related topics