But the client can't connect to anything on port 80, it times out (I've double checked that 192.168.2.11 does not have the firewall enabled)
Basically what I want is to MitM myself to figure out all the traffic that's generated by my phone, .12 is the phone and .11 is my desktop running mitmproxy, they are both connected through 192.168.2.1 the OpenWRT router.
Try enabling masquerading in the lan zone or (better) create a SNAT rule like this
uci add firewall nat
uci set firewall.@nat[-1].name='SNAT_rule'
uci set firewall.@nat[-1].src='lan'
uci set firewall.@nat[-1].target='SNAT'
uci set firewall.@nat[-1].dest_ip='192.168.2.11'
uci set firewall.@nat[-1].snat_ip='192.168.2.1'
uci set firewall.@nat[-1].src_ip='192.168.2.12'
uci set firewall.@nat[-1].proto='all'
I removed the redirect rule and added the one you suggested, without luck, my phone connects to httpforever.com without problem, and my desktop 192.168.2.11 does not receive any requests.
I tried to modify it like this to reduce the "debug area" but still doesn't work:
These 2 IPs are in the same subnet, no traffic passes the OpenWrt firewall/routing plane for them to establish connection. So making rules there won't work.
Placing the 2 devices in different networks - you could make such a rule that could work.
It worked! HTTP traffic is intercepted properly, and the HTTPs is apparently too, I just need to figure out the SSL certs, but that's a whole different thing, thank you!