From bb3e7ee86c63eaab72127073dc581fff9dbc9c73 Mon Sep 17 00:00:00 2001 From: Aniket Panjwani Date: Sun, 4 Feb 2018 10:42:03 -0600 Subject: [PATCH 1/2] Modify Linux transparent proxy docs to include ipv6 configuration. --- docs/transparent/linux.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/transparent/linux.rst b/docs/transparent/linux.rst index ab3fd7070..285b57378 100644 --- a/docs/transparent/linux.rst +++ b/docs/transparent/linux.rst @@ -11,6 +11,7 @@ achieve transparent mode. 2. Enable IP forwarding: >>> sysctl -w net.ipv4.ip_forward=1 + >>> sysctl -w net.ipv6.conf.all.forwarding=1 You may also want to consider enabling this permanently in ``/etc/sysctl.conf`` or newly created ``/etc/sysctl.d/mitmproxy.conf``, see `here `__. @@ -18,6 +19,7 @@ achieve transparent mode. gateway, disable ICMP redirects: >>> sysctl -w net.ipv4.conf.all.accept_redirects=0 + >>> sysctl -w net.ipv6.conf.all.accept_redirects=0 >>> sysctl -w net.ipv4.conf.all.send_redirects=0    You may also want to consider enabling this permanently in ``/etc/sysctl.conf`` or a newly created ``/etc/sysctl.d/mitmproxy.conf``, see `here `__. @@ -30,6 +32,8 @@ achieve transparent mode. iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080 + ip6tables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 + ip6tables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080    You may also want to consider enabling this permanently with the ``iptables-persistent`` package, see `here `__. From 58a54febf33d47b9aa27bd08db9483246d12ac79 Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Tue, 13 Feb 2018 20:05:58 +0100 Subject: [PATCH 2/2] docs: don't set accept_redirects. it's not really clear why we are even doing this, so let's just remove it entirely and see what happens. Discussion: https://github.com/mitmproxy/mitmproxy/pull/2841#discussion_r165928492 --- docs/transparent/linux.rst | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/transparent/linux.rst b/docs/transparent/linux.rst index 285b57378..14f6a1658 100644 --- a/docs/transparent/linux.rst +++ b/docs/transparent/linux.rst @@ -18,8 +18,6 @@ achieve transparent mode. 3. If your target machine is on the same physical network and you configured it to use a custom gateway, disable ICMP redirects: - >>> sysctl -w net.ipv4.conf.all.accept_redirects=0 - >>> sysctl -w net.ipv6.conf.all.accept_redirects=0 >>> sysctl -w net.ipv4.conf.all.send_redirects=0    You may also want to consider enabling this permanently in ``/etc/sysctl.conf`` or a newly created ``/etc/sysctl.d/mitmproxy.conf``, see `here `__.