Hi Resin and friends,
TL;DR - How do I forward wlan0 hotspot traffic to an internal proxy before it passes through to eth0?
I’m currently developing an application for Raspberry Pi 3 on Resin to deploy to a fleet once done. I’m attempting to transfer over something I made locally on Raspbian, and port forwarding at the host level is a must. Here’s how it works:
- eth0 is connected to the internet and provides access
- wlan0 is configured as a hotspot through Network Manager per https://docs.resin.io/reference/resinOS/network/2.x/#creating-a-hotspot
I need to insert a MITMProxy in the middle to sniff traffic (intercepting OTT device traffic as they often don’t provide tools to do so natively, making troubleshooting a real pain). In Raspbian, this was accomplished with the standard HostAPD/DNSMasq/IP Tables set up, but I’m struggling to get the same in Resin. IP Tables takes all port 80 traffic on the wlan0 and forwards to port 8888, where MITMProxy picks it up and logs http traffic before passing on transparently. Here’s the IP Tables config I’m trying to match:
*nat :PREROUTING ACCEPT [4:580] :INPUT ACCEPT [2:458] :OUTPUT ACCEPT [2:128] :POSTROUTING ACCEPT [2:128] -A PREROUTING -i wlan0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8888 -A POSTROUTING -o eth0 -j MASQUERADE COMMIT *filter :INPUT ACCEPT [13:6552] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [12:1399] -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o wlan0 -j ACCEPT
Is there a way to modify IP Tables on the Host OS without breaking the Docker network? I’m trying to do the actual updating commands from a run-once Docker container defined in the Docker Compose, but I’m wondering if I’m missing a more native way to accomplish this.