Merge pull request #2841 from aniketpanjwani/fix_linux_transparent_proxy_docs

Modify Linux transparent proxy docs to include ipv6 configuration.
This commit is contained in:
Maximilian Hils 2018-02-13 20:21:40 +01:00 committed by GitHub
commit baf4b5dc03
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -11,13 +11,13 @@ achieve transparent mode.
2. Enable IP forwarding: 2. Enable IP forwarding:
>>> sysctl -w net.ipv4.ip_forward=1 >>> sysctl -w net.ipv4.ip_forward=1
>>> sysctl -w net.ipv6.conf.all.forwarding=1
You may also want to consider enabling this permanently in ``/etc/sysctl.conf`` or newly created ``/etc/sysctl.d/mitmproxy.conf``, see `here <https://superuser.com/a/625852>`__. You may also want to consider enabling this permanently in ``/etc/sysctl.conf`` or newly created ``/etc/sysctl.d/mitmproxy.conf``, see `here <https://superuser.com/a/625852>`__.
3. If your target machine is on the same physical network and you configured it to use a custom 3. If your target machine is on the same physical network and you configured it to use a custom
gateway, disable ICMP redirects: gateway, disable ICMP redirects:
>>> sysctl -w net.ipv4.conf.all.accept_redirects=0
>>> sysctl -w net.ipv4.conf.all.send_redirects=0 >>> sysctl -w net.ipv4.conf.all.send_redirects=0
   You may also want to consider enabling this permanently in ``/etc/sysctl.conf`` or a newly created ``/etc/sysctl.d/mitmproxy.conf``, see `here <https://superuser.com/a/625852>`__.    You may also want to consider enabling this permanently in ``/etc/sysctl.conf`` or a newly created ``/etc/sysctl.d/mitmproxy.conf``, see `here <https://superuser.com/a/625852>`__.
@ -30,6 +30,8 @@ achieve transparent mode.
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080
ip6tables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
ip6tables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080
   You may also want to consider enabling this permanently with the ``iptables-persistent`` package, see `here <http://www.microhowto.info/howto/make_the_configuration_of_iptables_persistent_on_debian.html>`__.    You may also want to consider enabling this permanently with the ``iptables-persistent`` package, see `here <http://www.microhowto.info/howto/make_the_configuration_of_iptables_persistent_on_debian.html>`__.