Look, when trying it in a real network there are many things that can go wrong and it would be difficult to debug if you haven’t even tested it in the simplest scenario. You have mentioned that it didn’t work in the virtual lab, so how did you test it if you are not able to run 2 virtual machines?
Also I have noticed something, you have directed all the packets to port 10000 but I can’t see if you have started sslstrip.
So to test it in the simplest scenario flush iptables and don’t use sslstrip nor any iptables rule:
iptables –table nat –flush
iptables –table nat –delete-chain
iptables -P FORWARD ACCEPT
Enable port forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
Then run the arp spoof attack again. Are you able to sniff dta from http site like:
Let me know.