1 files changed, 45 insertions, 0 deletions

diff --git a/mitmproxy/docs/transparent/linux.rst b/mitmproxy/docs/transparent/linux.rst
new file mode 100644
index 00000000..ce79128c
--- /dev/null
+++ b/mitmproxy/docs/transparent/linux.rst
@@ -0,0 +1,45 @@
+.. _linux:
+
+Linux
+=====
+
+On Linux, mitmproxy integrates with the iptables redirection mechanism to
+achieve transparent mode.
+
+ 1. :ref:`Install the mitmproxy certificate on the test device <certinstall>`
+
+ 2. Enable IP forwarding:
+
+    >>> sysctl -w net.ipv4.ip_forward=1
+
+    You may also want to consider enabling this permanently in ``/etc/sysctl.conf``.
+
+ 3. If your target machine is on the same physical network and you configured it to use a custom
+    gateway, disable ICMP redirects:
+
+    >>> echo 0 | sudo tee /proc/sys/net/ipv4/conf/*/send_redirects
+
+    You may also want to consider enabling this permanently in ``/etc/sysctl.conf``
+    as demonstrated `here <https://unix.stackexchange.com/a/58081>`_.
+
+ 4. Create an iptables ruleset that redirects the desired traffic to the
+    mitmproxy port. Details will differ according to your setup, but the
+    ruleset should look something like this:
+
+    .. code-block:: none
+
+        iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
+        iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080
+
+ 5. Fire up mitmproxy. You probably want a command like this:
+
+    >>> mitmproxy -T --host
+
+    The :option:`-T` flag turns on transparent mode, and the :option:`--host`
+    argument tells mitmproxy to use the value of the Host header for URL display.
+
+ 6. Finally, configure your test device to use the host on which mitmproxy is
+    running as the default gateway.
+
+
+For a detailed walkthrough, have a look at the :ref:`transparent-dhcp` tutorial.