I am utilizing the observe script to create iptables guidelines to ahead outgoing site visitors to a ahead proxy referred to as mitmproxy working on my machine. The principles are presupposed to redirect a packet if it isn’t marked, then mark the packet so it isn’t redirected a second time after the proxy forwards. Sadly the packet will get redirected once more after mitmproxy forwards it, making a community loop. The mitmproxy docs suggest making a separate person to run mitmproxy from however I am searching for a greater approach. I’ve additionally tried solely redirecting if the TTL hasn’t been decreased which additionally did not work (mitmproxy does not decrement the TTL?). Is there a solution to mark packets which have already been redirected to mitmproxy so I can stop a community loop?
#! /bin/bash
# https://stackoverflow.com/questions/10727443/how-to-use-iptables-in-linux-to-forward-http-and-https-traffic-to-a-transparent
echo "____BEFORE ANY CHANGES:"
sudo iptables -t mangle --line-numbers -n -A PREROUTING
sudo iptables -t nat --line-numbers -n -L OUTPUT
echo "____CHANGING"
# redirect if not set
iptables -t nat -A OUTPUT -p tcp -m mark ! --mark 1 --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A OUTPUT -p tcp -m mark ! --mark 1 --dport 443 -j REDIRECT --to-port 8080
# set mark
iptables -t mangle -A POSTROUTING -p tcp -j CONNMARK --set-mark 1
# https://docs.mitmproxy.org/secure/howto-transparent/
echo "____CHANGED"
# sudo iptables -t mangle --line-numbers -n -A PREROUTING
sudo iptables -t nat --line-numbers -n -L OUTPUT
sudo iptables -t mangle --line-numbers -n -L POSTROUTING
echo "enter to proceed"
learn var1
echo "____BEFORE REVERTING"
sudo iptables -t nat --line-numbers -n -L OUTPUT
sudo iptables -t mangle --line-numbers -n -L POSTROUTING
# sudo ip6tables -t nat --line-numbers -n -L OUTPUT
echo "____REVERTING"
iptables -t nat -D OUTPUT -p tcp -m mark ! --mark 1 --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -D OUTPUT -p tcp -m mark ! --mark 1 --dport 443 -j REDIRECT --to-port 8080
iptables -t mangle -D POSTROUTING -p tcp -j CONNMARK --set-mark 1
echo "____AFTER REVERTING"
sudo iptables -t nat --line-numbers -n -L OUTPUT
sudo iptables -t mangle --line-numbers -n -L POSTROUTING