Routing ports 80 443 traffic from Anbox LXC container to the proxy on Localhost

0

I want to route all packets heading for ports 80 and 443 to the privoxy running on my machine on its default port 8118.

These are the interfaces on Kali rolling host

$ ifconfig 
anbox0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.250.1  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::fcdb:53ff:fec0:b36d  prefixlen 64  scopeid 0x20<link>
        ether fe:db:53:c0:b3:6d  txqueuelen 1000  (Ethernet)
        RX packets 646  bytes 112814 (110.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 600  bytes 169509 (165.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 5922  bytes 2008201 (1.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5922  bytes 2008201 (1.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethYJLBI5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::fcdb:53ff:fec0:b36d  prefixlen 64  scopeid 0x20<link>
        ether fe:db:53:c0:b3:6d  txqueuelen 1000  (Ethernet)
        RX packets 646  bytes 121858 (119.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 594  bytes 168453 (164.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.33  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::72ab:1008:cd82:a1d7  prefixlen 64  scopeid 0x20<link>
        ether 4c:34:88:82:3c:69  txqueuelen 1000  (Ethernet)
        RX packets 22127  bytes 13917224 (13.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 21269  bytes 3952700 (3.7 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions

These are Anbox LXC container interfaces:

x86_64:/ $ ifconfig                                                                                                                                                        
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0 
          inet6 addr: ::1/128 Scope: Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0 
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 
          collisions:0 txqueuelen:1000 
          RX bytes:604 TX bytes:604 

eth0      Link encap:Ethernet  HWaddr 9e:df:8e:10:d0:a7
          inet addr:192.168.250.2  Bcast:192.168.250.255  Mask:255.255.255.0 
          inet6 addr: fe80::9cdf:8eff:fe10:d0a7/64 Scope: Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:616 errors:0 dropped:0 overruns:0 frame:0 
          TX packets:674 errors:0 dropped:0 overruns:0 carrier:0 
          collisions:0 txqueuelen:1000 
          RX bytes:170907 TX bytes:123976 

x86_64:/ $

This is what i have done:

Anbox Port forwarding

su
sysctl -w net.ipv4.ip_forward=1

iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 192.168.250.1:8118
iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination 192.168.250.1:8118
iptables -t nat -A POSTROUTING -p tcp --dport 80 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp --dport 443 -j MASQUERADE

Anbox iptables result

# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http to:192.168.250.1:8118
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http to:192.168.250.1:8118
DNAT       tcp  --  anywhere             anywhere             tcp dpt:https to:192.168.250.1:8118

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  tcp  --  anywhere             anywhere             tcp dpt:http
MASQUERADE  tcp  --  anywhere             anywhere             tcp dpt:https

Kali Linux Host

sudo sysctl -w net.ipv4.conf.all.route_localnet=1

sudo iptables \
-t nat \
-A PREROUTING \
-i anbox0 \
-s 192.168.250.2 \
-d 192.168.250.1 \
-p tcp \
-j DNAT \
--dport 8118 \
--to-destination 127.0.0.1:8118

Kali Linux host iptables result

$ sudo iptables -t nat -L
[sudo] password for devilfromir: 
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DNAT       tcp  --  192.168.250.2        lonelySoul           tcp dpt:8118 to:127.0.0.1:8118
DNAT       tcp  --  192.168.250.2        lonelySoul           tcp dpt:8118 to:127.0.0.1:8118

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  192.168.250.0/24    !192.168.250.0/24     /* managed by anbox-bridge */

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
# Warning: iptables-legacy tables present, use iptables-legacy to see them

Problem

I can see packets comming to localhost throgh anbox0 interface using tcpdump

sudo tcpdump -i anbox0 -A tcp port 8118 -vv

but can't see packets to go through privoxy running on 127.0.0.1:8118

sudo tcpdump -i lo -A tcp port 8118 -vv

pouya

Posted 2020-01-30T16:03:39.190

Reputation: 161

No answers

Asked: 2020-01-30T16:03:39.190

Viewed: 13 times

Active: 2020-01-30T16:03:39.190