Current Setup
https://i.imgur.com/yEg2lg3.png
Currently just running a pi-hole DNS, and a lighttpd server on port 80 to access pi-hole admin web interface.
I have made a DHCP reservation on my router for my RPi (10.0.0.10).
What I want to do
https://i.imgur.com/wSryx3n.png
I want to route traffic from my Smart TV through a transparent mitmproxy.
I have the ability to configure these settings on my TV:
- IP Address
- Subnet mask
- Gateway
- DNS server
Questions / Confusion
Where does mitmproxy need to be within my network? Currently I'm trying to run it on the RPi on port 8080. I places dots (1, 2, 3) in the above image thinking of different places it could live, but I'm not sure.
Ideally only the traffic from my TV gets routed through the proxy. Particularly, I really only care about the traffic for a single domain my-domain.com and only for unencrypted HTTP protocol.
mitmproxy says I need to use a transparent proxy for clients that I can't setup proxy configurations for (which I can't for my TV). As part of the setup, it says I need to configure my network:
There are many ways to configure your network for transparent proxying. We’ll look at two common scenarios:
- Configuring the client to use a custom gateway/router/“next hop”
- Implementing custom routing on the router
So my understanding is I can either:
Set the gateway to the IP of my RPi (
10.0.0.10) and REDIRECT port 80 -> 8080 on the pi. I tried this but my TV can't connect to the internet. This kind of makes sense to me, since I feel like my TV at least needs the router right?Or my router needs to be able to dynamically do this (which I don't think my router has settings for this... is there an easy way to put your own programs onto a router?)
I'm not sure if certain network setups can help me do some of this, or if I have to basically run all of my network traffic through mitmproxy. Wouldn't this be a bad idea for network performance?
If more hardware is needed to do what I want, I am open to those ideas.
