I want to direct internet traffic to a container from my host and/or from an external server.
I thought host would be easier but still didn’t have success yet.
I notice I can ping the container from the host.
I thought to setup an ssh socks tunnel to the container but it seems to work for a minute then stop working for some reason- I can load pages in firefox and in tcpdump on the container it shows activity but then suddently it won’t work and keeps saying page cannot be loaded and I don’t know how to make it work again, even restarting the tunnel command doesn’t work, but a reboot seemed to earlier so I don’t know what causes that. I also wasn’t sure how to direct it to port 8080 yet as the IP of host as source for IPtables redirect didn’t seem to work- I’ll keep experimenting there.
Is there an easier way to direct internet traffic from the host (not all but just say a browser or specific progam - ie i don’t want to set the gateway to do it) to the container? Like maybe doing it via the bridge. I am not sure what is going on in terms of the network since its all shared resources and all.
You mention directing traffic from the host to a container.
The host can directly access the container using the IP address of the container.
Perhaps you want to elaborate more on what you would like to do.
You can set up a proxy (like mitmproxy) in a container, and then configure your Web browser (on the host) to use that proxy (IP address being the IP address of the container). In this way, the full Web browsing will go through the container.
I want to do just the same as we discussed in the other thread where I was using 2 containers, one as the interceptor running mitmproxy and the other as the client which is doing the http/s requests. Where both were containers, I instead want the client to be the host passing just the chosen script I run on the host (ie only that traffic from the host and not sending ALL traffic via the gateway as was the case in the other 2 container setup) through the interceptor container running mitmproxy, since the host is where all the files are stored which I want to run.
You need to set up the proxy settings for the specific app to use as proxy the interceptor container.
If your client software is Firefox, then create a new profile for Firefox for such access.
Start Firefox with firefox -no-remote -P and create a new profile. The -no-remote helps you create a new Firefox instance that is independent from any existing running Firefox windows. The -P shows the profile selection window.
Go into the settings at Network Proxy (in Connection Settings) and set Manual proxy configuration. Then, in HTTP Proxy put the IP address of the interceptor container, and use port 8080 (default for mitmproxy). Click on Use this proxy server for all protocols. Finally, click OK.
Now, any access from this Firefox window will go through the proxy.
If you want to use some other network utility (like curl or wget), then you can set the appropriate environment variable, like in export http_proxy=http://10.203.20.191:8080/
Ah so the running container will already work as a proxy without extra setup needed? Didn’t know that. WIll try now.
Also if this is the case is it still only accesible by me and not visible to port scanners etc on the outside internet?
Ah also I realise I need to access client1 still for it to work I think because it has to run transparently via the gateway.
So in this case I want to send my host to the client container which then accesses mitmproxy through the gateway transparently.
This makes things somewhat more complex does it not? since the client container only currently has an internal network connecting it to the interceptor or can the host still contact it on this internal network? Will try now.
Hmm no ping for the internal network only one. So I am guessing I need antoher interface for that? or route it through the interceptor server.
EDIT:
Got it going by adding second interface device to client and routing that to the internal network which then passes it on to interceptor.
One more thing; I would still like to access the container from the internet on my remote server but currently the command just hangs if I try and ssh to the container from the remote server.
How to make the container visible and accessible from wider internet? are the allocated ip addresses to containers only visible on the private network? if so is there a workaround? I simple want to create an ssh tunnel into the container to direct the traffic from the server to the container setup.