linux

Transparent proxy on OpenWRT using iptables or what am I doing (not) right?

Hello.
Faced with a problem. To debug a mobile application that does not support a proxy, it is necessary to proxy traffic on a PC in order to analyze it through Fiddler.
To solve this problem, the choice fell on a router with OpenWRT firmware (Linux) on board. It was expected that it would be enough to write one line in the terminal and that's it, but it took all night to find a solution.
What, how and why?

The machine through which we start traffic has an IP 192.168.7.196.
The options that I tried (I don’t remember all the variations, only those that I saved):

#Skip proxy for the fiddler machine
iptables -t nat -A PREROUTING -i br-lan -s 192.168.7.196 -j ACCEPT
#Transparent Proxy for pert 80 and 443
iptables -t nat -A PREROUTING -i br-lan -s ! 192.168.7.196 -p tcp --dport 80 -j DNAT --to 192.168.7.196:3128
iptables -t nat -A PREROUTING -i br-lan -s ! 192.168.7.196 -p tcp --dport 8080 -j DNAT --to 192.168.7.196:3128
iptables -t nat -A PREROUTING -i br-lan -s ! 192.168.7.196 -p tcp --dport 443 -j DNAT --to 192.168.7.196:3128
iptables -t nat -A PREROUTING -i br-lan -s 192.168.7.169 -p tcp --dport 80 -j DNAT --to 192.168.7.196:3128
iptables -t nat -A PREROUTING -i br-lan -s 192.168.7.169 -p tcp -j DNAT –to 192.168.7.196:3128
iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 80 -j DNAT --to 192.168.7.196:3128
iptables -t nat -A PREROUTING -i br-lan -s 192.168.7.169 -p tcp --dport 8080 -j DNAT --to 192.168.7.196:3128
iptables -t nat -A PREROUTING -i br-lan -j DNAT --to-destination 192.168.7.196:3128
iptables -t nat -A PREROUTING -i br-lan -s 192.168.7.169 -p tcp --dport 80 -j DNAT --to 192.168.7.196:3128
iptables -t nat -A PREROUTING -i br-lan -s 192.168.7.169 -p tcp --dport 8080 -j DNAT --to 192.168.7.196:3128
iptables -t nat -A PREROUTING -i br-lan -s 192.168.7.196 -p tcp --dport 80 -j DNAT --to 192.168.7.196:3128
iptables -t nat -I PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.7.196:3128
-A zone_wan_prerouting -p tcp -m tcp --dport 80 -m comment --comment test -j DNAT --to-destination 192.168.7.196:3128

Через встроенный фаервол:
config 'redirect'                   
        option 'name' 'mobile_app21'
        option 'src' 'lan'        
        option 'proto' 'tcpudp'   
        option 'src_ip' '192.168.7.169'
        option 'src_dport' '80'
        option 'dest_ip' '192.168.7.196'
        option 'dest_port' '3128'
        
config 'redirect'                   
        option 'name' 'mobile_app22'
        option 'src' 'lan'        
        option 'proto' 'tcpudp'   
        option 'src_ip' '192.168.7.169'
        option 'src_dport' '8080'
        option 'dest_ip' '192.168.7.196'
        option 'dest_port' '3128'
        
config 'redirect'                   
        option 'name' 'mobile_app23'
        option 'dest' 'lan'        
        option 'proto' 'tcp'   
        option 'src_dip' '192.168.7.196'
        option 'dest_ip' '192.168.7.196'
        option 'dest_port' '3128'
        option 'target' 'SNAT'

As could be understood from the question, none of the rules led to the desired result.
Oh yes. Of course, I rebooted the device and / or restarted the daemon, dug Google and forums, checked the patch for dust, put the router clockwise along the equator and rewound the wire with blue electrical tape.
I call on experienced gurus and bearded sysadmins to this thread.