Docker Compose stack turns a two-NIC Linux host into an isolated WiFi AP with DHCP, DNS logging, NAT, and optional mitmproxy for inspecting IoT devices.
Key Takeaways
Requires a WiFi NIC with AP mode support; Realtek USB adapters frequently lack it and need out-of-tree drivers.
Optional mitm Compose profile enables mitmproxy in transparent mode redirecting LAN tcp/80 and tcp/443; pinned-cert IoT apps will not decrypt.
Per-query DNS logging lets you see every domain a device like a smart fridge resolves, without full packet capture.
Setup is three curl commands plus editing .env to set WAN_IFACE and WIFI_IFACE; teardown is a single Compose run command.
net-init runs privileged for /proc/sys/net/ipv4/ip_forward; NetworkManager or wpa_supplicant must release the WiFi NIC before hostapd starts.
