Attempt at forwarding all traffic through an HTTP proxy

DNS doesn't work so there was an attempt at just forcing
 stats.i2p to localhost, with no success.

A tcpdump is created on the host machine at /tmp/contained/tcp.dmp
 to try and figure out what is being sent where, but
 it doesn't seem like any HTTP traffice is being sent at all.

`iptables` is logged to /var/log/ so maybe that'll give a hint
 as to where the stuff is going.
Maybe the rules are just bad too 🤷‍♂
This commit is contained in:
2019-07-20 21:25:00 +02:00
parent 11dcd76749
commit 4a0d4d24b6
6 changed files with 91 additions and 0 deletions

3
.gitmodules vendored Normal file
View File

@@ -0,0 +1,3 @@
[submodule "pr0cks"]
path = pr0cks
url = https://github.com/LoveIsGrief/pr0cks.git

25
Dockerfile Normal file
View File

@@ -0,0 +1,25 @@
FROM alpine
RUN apk add --no-cache \
bash \
curl \
dumb-init \
iptables \
git \
python3 \
ulogd \
tcpdump \
wget
RUN pip3 install dnslib
COPY pr0cks /opt/pr0cks
COPY exec.sh /opt/
# https://it-offshore.co.uk/linux/alpine-linux/55-alpine-linux-lxc-guest-iptables-logging
RUN sed -i -e "s/#stack=log1/stack=log1/g" /etc/ulogd.conf
ENTRYPOINT ["dumb-init"]
CMD ["/bin/bash" , "/opt/exec.sh"]
#CMD ["/bin/bash" , "-c", "while true; do sleep 30 ; done" ]
# CMD ["curl", "https://stats.i2p" ]

37
docker-compose.yml Normal file
View File

@@ -0,0 +1,37 @@
version: "3.7"
services:
i2pd:
image: meeh/i2pd
hostname: i2pd
networks:
i2p_net:
ipv4_address: 172.16.200.10
aliases:
- i2pd
contained:
build: .
hostname: contained
# Required for [iptables]
cap_add:
- NET_ADMIN
- NET_RAW
depends_on:
- i2pd
volumes:
- /tmp/contained:/mount
extra_hosts:
- "stats.i2p:127.0.0.1"
networks:
i2p_net:
ipv4_address: 172.16.200.20
aliases:
- contained
networks:
i2p_net:
driver: bridge
ipam:
config:
- subnet: "172.16.200.0/24"
# iptables: https://stackoverflow.com/questions/41706983/installing-iptables-in-docker-container-based-on-alpinelinux

17
exec.sh Normal file
View File

@@ -0,0 +1,17 @@
#!/bin/bash
set -euo pipefail
IFS=$'\n\t'
# https://websistent.com/linux-iptables-log-everything/
iptables -I OUTPUT 1 -j NFLOG
iptables -t nat -I OUTPUT 1 -j NFLOG
iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 10080
iptables -t nat -A OUTPUT -o eth0 -p udp -m udp --dport 53 -j REDIRECT --to-port 1053
ulogd -d
tcpdump -w /mount/tcp.dmp &
/opt/pr0cks/pr0cks.py --proxy http:176.16.200.10:4444

1
pr0cks Submodule

Submodule pr0cks added at 715a0c91eb

8
ulogd.conf Normal file
View File

@@ -0,0 +1,8 @@
stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
# note log1 & emu1 in this stack configuration
[log1]
group=0
# & change the logging location
[emu1]
file="/var/log/ulogd_contained.log"
sync=1