12 C
New York
Wednesday, March 26, 2025
HomeComputer Networking
Computer Networking

ipv4 – How can I stop a redirect loop with iptables when working a neighborhood ahead proxy?

By codesanitize
0
13
ipv4 – How can I stop a redirect loop with iptables when working a neighborhood ahead proxy?


I am utilizing the observe script to create iptables guidelines to ahead outgoing site visitors to a ahead proxy referred to as mitmproxy working on my machine. The principles are presupposed to redirect a packet if it isn’t marked, then mark the packet so it isn’t redirected a second time after the proxy forwards. Sadly the packet will get redirected once more after mitmproxy forwards it, making a community loop. The mitmproxy docs suggest making a separate person to run mitmproxy from however I am searching for a greater approach. I’ve additionally tried solely redirecting if the TTL hasn’t been decreased which additionally did not work (mitmproxy does not decrement the TTL?). Is there a solution to mark packets which have already been redirected to mitmproxy so I can stop a community loop?

#! /bin/bash
# https://stackoverflow.com/questions/10727443/how-to-use-iptables-in-linux-to-forward-http-and-https-traffic-to-a-transparent

echo "____BEFORE ANY CHANGES:"
sudo iptables -t mangle --line-numbers -n -A PREROUTING 
sudo iptables -t nat --line-numbers -n  -L OUTPUT

echo "____CHANGING"
# redirect if not set
iptables -t nat -A OUTPUT -p tcp -m mark ! --mark 1 --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A OUTPUT -p tcp -m mark ! --mark 1 --dport 443  -j REDIRECT --to-port 8080
# set mark
iptables -t mangle -A POSTROUTING -p tcp -j CONNMARK --set-mark 1
# https://docs.mitmproxy.org/secure/howto-transparent/

echo "____CHANGED"
# sudo iptables -t mangle --line-numbers -n -A PREROUTING 
sudo iptables -t nat --line-numbers -n  -L OUTPUT
sudo iptables -t mangle --line-numbers -n  -L POSTROUTING

echo "enter to proceed"
learn var1

echo "____BEFORE REVERTING"
sudo iptables -t nat --line-numbers -n  -L OUTPUT
sudo iptables -t mangle --line-numbers -n  -L POSTROUTING
# sudo ip6tables -t nat --line-numbers -n  -L OUTPUT

echo "____REVERTING"
iptables -t nat -D OUTPUT -p tcp -m mark ! --mark 1 --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -D OUTPUT -p tcp -m mark ! --mark 1 --dport 443 -j REDIRECT --to-port 8080
iptables -t mangle -D POSTROUTING -p tcp -j CONNMARK --set-mark 1

echo "____AFTER REVERTING"
sudo iptables -t nat --line-numbers -n  -L OUTPUT
sudo iptables -t mangle --line-numbers -n  -L POSTROUTING

Previous articleMost Supposedly ‘Open’ AI Methods Are Really Closed—and That’s a Drawback
Next articleWhat are the moral points associated to pig organ transplants in people?
codesanitizehttps://codesanitize.com

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

Load more

ABOUT US

Welcome to CodeSanitize, your number one source for all things coding and technology. We’re dedicated to providing you the very best of software development tutorials, tips, and resources, with a focus on clarity, practical examples, and up-to-date content.

© Copyright 2024 - codesanitize.com. All rights reserved