transparent proxy running on localhost

Written in


It is surprisingly hard to setup a transparent proxy running on localhost using iptables!

Lets suppose you have a linux box with 2 interfaces, one connected to local network and one to the internet.

You run the proxy (for instance great mitmproxy) like this:

mitmproxy -b -p 3128

Then setup redirection using iptables for all passing traffic on port 80:

iptables -t nat -F
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to
iptables -t nat -A POSTROUTING -j MASQUERADE -o eth1
sysctl -w net.ipv4.conf.all.route_localnet=1
echo 1 > /proc/sys/net/ipv4/ip_forward

And it doesn’t work! Why?

Because of security. As you can find out for instance here.

sysctl -w net.ipv4.conf.all.route_localnet=1

You can replace all to some specific ethernet interface (like eth0).