A cikin wannan labarin, Ina so in bayyana yuwuwar wakili na gaskiya, wanda ke ba ku damar gaba ɗaya abokan ciniki ba su lura da ku ba don tura duk ko ɓangaren zirga-zirga ta hanyar sabar wakili na waje.
Lokacin da na fara magance wannan matsala, na ci karo da gaskiyar cewa aiwatar da shi yana da babbar matsala guda ɗaya - ka'idar HTTPS. A cikin tsohuwar zamanin, babu takamaiman matsaloli tare da wakili na HTTP na gaskiya, amma tare da HTTPS proxying, masu bincike suna ba da rahoton kutse na yarjejeniya kuma anan ne farin cikin ya ƙare.
A cikin umarnin gama gari don uwar garken wakili na Squid, har ma suna bayar da su samar da takaddun shaida na kansu kuma su shigar da shi akan abokan ciniki, wanda cikakken shirme ne aƙalla mara hankali kuma yayi kama da harin MITM. Na san cewa Squid ya riga ya san yadda ake yin wani abu makamancin haka, amma wannan labarin game da ingantaccen aiki da hanyar aiki ta amfani da 3proxy daga 3APA3A mai daraja.
Na gaba, za mu yi cikakken nazari kan tsarin gina 3proxy daga tushe, tsarin sa, cikakken kuma zaɓi proxying ta amfani da NAT, rarraba tashar zuwa sabar wakili na waje da yawa, da kuma amfani da na'ura mai ba da hanya tsakanin hanyoyin sadarwa da kuma tsayayyen hanyoyi. Muna amfani da Debian 9 x64 azaman OS. Fara!
Sanya 3proxy da gudanar da wakili na al'ada
1. Sanya ifconfig (daga kunshin kayan aikin net)
apt-get install net-tools
2. Sanya Kwamandan Tsakar Gida
apt-get install mc
3. Yanzu muna da hanyoyin sadarwa guda 2:
enp0s3 - waje, yana kallon Intanet
enp0s8 - na ciki, dole ne ya duba cikin cibiyar sadarwar gida
A cikin wasu rabe-raben tushen Debian, galibi ana kiran maharan eth0 da eth1.
ifconfig -a
musayaenp0s3: tutoci = 4163 mutum 1500
inet 192.168.23.11 netmask 255.255.255.0 watsa shirye-shirye 192.168.23.255
inet6 fe80:: a00:27ff:fec2:bae4 prefixlen 64 scopeid 0x20 ether 08:00:27:c2:ba:e4 txqueuelen 1000 (Ethernet)
RX fakiti 6412 bytes 8676619 (8.2 MiB)
Kurakurai RX 0 sun sauke 0 overruns 0 firam 0
Fakitin TX 1726 bytes 289128 (282.3 KiB)
Kurakurai TX 0 sun sauke 0 overruns 0 mai ɗaukar kaya 0 karo 0
enp0s8: tutoci = 4098 mutum 1500
ether 08:00:27:79:a7:e3 txqueuelen 1000 (Ethernet)
Fakitin RX 0 bytes 0 (0.0 B)
Kurakurai RX 0 sun sauke 0 overruns 0 firam 0
Fakitin TX 0 bytes 0 (0.0B)
Kurakurai TX 0 sun sauke 0 overruns 0 mai ɗaukar kaya 0 karo 0
lo: tutoci=73 shafi 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 :: 1 prefixlen 128 scopeid 0x10 madauki txqueuelen 1 (Local Loopback)
Fakitin RX 0 bytes 0 (0.0 B)
Kurakurai RX 0 sun sauke 0 overruns 0 firam 0
Fakitin TX 0 bytes 0 (0.0B)
Kurakurai TX 0 sun sauke 0 overruns 0 mai ɗaukar kaya 0 karo 0
A halin yanzu ba a yi amfani da ƙirar enp0s8 ba, za mu kunna shi lokacin da muke son amfani da tsarin NAT ko NAT Proxy. Daga nan ne zai zama ma'ana don sanya shi a tsaye ip.
4. Bari mu fara installing 3proxy
4.1 Shigar da fakitin tushe don tattara 3proxy daga tushe
root@debian9:~# apt-get install build-essential libevent-dev libssl-dev -y
4.2. Ƙirƙiri babban fayil don zazzage tarihin tare da tushe
root@debian9:~# mkdir -p /opt/proxy
4.3. Mu je wannan babban fayil ɗin
root@debian9:~# cd /opt/proxy
4.4. Yanzu bari mu zazzage sabon fakitin wakili na 3. A lokacin wannan rubutun, sabon sigar kwanciyar hankali shine 0.8.12 (18/04/2018) Zazzage shi daga gidan yanar gizon 3proxy na hukuma.
root@debian9:/opt/proxy# wget https://github.com/z3APA3A/3proxy/archive/0.8.12.tar.gz
4.5. Cire kayan tarihin da aka sauke
root@debian9:/opt/proxy# tar zxvf 0.8.12.tar.gz
4.6. Je zuwa kundin adireshi don gina shirin
root@debian9:/opt/proxy# cd 3proxy-0.8.12
4.7. Na gaba, kuna buƙatar ƙara layi zuwa fayil ɗin taken don sabar mu gaba ɗaya ba a san shi ba (da gaske yana aiki, an bincika komai, ana ɓoye ips abokin ciniki)
root@debian9:/opt/proxy/3proxy-0.8.12# nano +29 src/proxy.h
Ƙara layi
#define ANONYMOUS 1
Latsa Ctrl+x kuma Shigar don adana canje-canje.
4.8. Mu gina shirin
root@debian9:/opt/proxy/3proxy-0.8.12# make -f Makefile.Linux
makelogyi[2]: Barin directory '/opt/proxy/3proxy-0.8.12/src/plugins/TransparentPlugin'
yi [1]: Barin directory '/opt/proxy/3proxy-0.8.12/src'
Babu kurakurai, ci gaba.
4.9. Shigar da shirin a kan tsarin
root@debian9:/opt/proxy/3proxy-0.8.12# make -f Makefile.Linux install
4.10. Je zuwa tushen directory kuma duba inda aka shigar da shirin
root@debian9:/opt/proxy/3proxy-0.8.12# cd ~/
root@debian9:~# whereis 3proxy
3proxy: /usr/local/bin/3proxy/usr/local/etc/3proxy
4.11. Bari mu ƙirƙiri babban fayil don daidaita fayilolin da rajistan ayyukan a cikin littafin adireshin gida na mai amfani
root@debian9:~# mkdir -p /home/joke/proxy/logs
4.12. Je zuwa kundin adireshi inda saitin ya kamata ya kasance
root@debian9:~# cd /home/joke/proxy/
4.13. Ƙirƙiri fayil mara komai kuma kwafi saitin wurin
root@debian9:/home/joke/proxy# cat > 3proxy.conf
3 proxy.confdaemon
pidfile /home/joke/proxy/3proxy.pid
uwar garken 8.8.8.8
Farashin 65536
mai gwadawa:CL:1234
lokuta 1 5 30 60 180 1800 16 60
log /home/joke/proxy/logs/3proxy.log D
logformat "- +_L%t.% %N.%p %E %U %C:%c %R:%r %O %I %h %T"
juya 3
auth karfi
jawo
yarda mai gwadawa
safa -p3128
Saukewa: P8080
Don ajiyewa, danna Ctrl + Z
4.14. Bari mu ƙirƙiri fayil ɗin pid don kada a sami kurakuran farawa.
root@debian9:/home/joke/proxy# cat > 3proxy.pid
Don ajiyewa, danna Ctrl + Z
4.15. Bari mu fara uwar garken wakili!
root@debian9:/home/joke/proxy# 3proxy /home/joke/proxy/3proxy.conf
4.16. Bari mu ga ko uwar garken yana saurare a tashoshin jiragen ruwa
root@debian9:~/home/joke/proxy# netstat -nlp
netstat logHaɗin Intanet mai aiki (sabis kawai)
Proto Recv-Q Aika-Q Adireshin Cikin Gida Adireshin Waje na Jiha PID/Sunan Shirin
tcp 0 0 0.0.0.0:8080 0.0.0.0:* SAURARA 504/3 wakili
tcp 0 0 0.0.0.0:22 0.0.0.0:* SAURARA 338/sshd
tcp 0 0 0.0.0.0:3128 0.0.0.0:* SAURARA 504/3 wakili
tcp6 0 0 :::22 :::* SAURARI 338/sshd
udp 0 0 0.0.0.0:68 0.0.0.0:* 352/dhclient
Kamar yadda aka rubuta a cikin saitin, wakilin yanar gizon yana sauraron tashar jiragen ruwa 8080, wakili na Socks5 - 3128.
4.17. Don kunna sabis na wakili ta atomatik bayan sake yi, kuna buƙatar ƙara shi zuwa cron.
root@debian9:/home/joke/proxy# crontab -e
Ƙara layi
@reboot /usr/local/bin/3proxy /home/joke/proxy/3proxy.conf
Muna latsa Shigar, tunda cron yakamata ya ga yanayin ƙarshen layi kuma ya adana fayil ɗin.
Ya kamata a sami saƙo game da shigar da sabon crontab.
crontab: shigar da sabon crontab
4.18. Bari mu sake yin tsarin kuma muyi ƙoƙarin haɗawa ta hanyar mai lilo zuwa wakili. Don tabbatarwa, muna amfani da mai binciken Firefox (don wakili na gidan yanar gizo) da kuma FoxyProxy add-on don safa5 tare da tantancewa.
root@debian9:/home/joke/proxy# reboot
4.19. Bayan duba aikin wakili bayan sake kunnawa, zaku iya ganin rajistan ayyukan. Wannan yana kammala saitin uwar garken wakili.
3 log ɗin wakili1542573996.018 PROXY.8080 00000 gwaji
1542574289.634 SOCK5.3128 00000 mai gwadawa 192.168.23.10:51193 54.192.13.69:443 0 0 0 CONNECT_normandy.cdn.mozilla.net:443
Ƙirƙiri da gudanar da tsari na Transparent Proxy NAT
A cikin wannan saitin, duk na'urorin da ke kan hanyar sadarwa na ciki za su yi aiki a zahiri akan Intanet ta hanyar sabar wakili mai nisa. Lallai duk haɗin tcp za a juya zuwa ɗaya ko da yawa (da gaske yana faɗaɗa nisa tashoshi, misali na tsari No. 2!) Sabar wakili. Sabis na DNS zai yi amfani da damar 3proxy (dnspr). UDP ba za ta “tafi” waje ba, tunda har yanzu ba mu yi amfani da tsarin gaba ba (an kashe ta tsohuwa a cikin kernel na Linux).
1. Lokaci ya yi da za a kunna haɗin enp0s8
root@debian9:~# nano /etc/network/interfaces
/etc/network/interfaces fayil# Wannan fayil ɗin yana bayyana hanyoyin haɗin yanar gizon da ake samu akan tsarin ku
# da yadda ake kunna su. Don ƙarin bayani, duba musaya (5).
source /etc/network/interfaces.d/*
# Alamar hanyar sadarwa ta loopback
mota shi
iface loetet loopback
# Babban hanyar sadarwa ta hanyar sadarwa
ba da izini-hotplug enp0s3
iface enp0s3 inet dhcp
# Cibiyar sadarwa ta sakandare
ba da izini-hotplug enp0s8
iface enp0s8 inet a tsaye
adireshin 192.168.201.254
255.255.255.0 shafin yanar gizo
Anan mun sanya madaidaicin enp0s8 adireshin a tsaye 192.168.201.254 da abin rufe fuska 255.255.255.0
Ajiye config Ctrl+X kuma sake yi
root@debian9:~# reboot
2. Duba musaya
root@debian9:~# ifconfig
ifconfig logenp0s3: tutoci = 4163 mutum 1500
inet 192.168.23.11 netmask 255.255.255.0 watsa shirye-shirye 192.168.23.255
inet6 fe80:: a00:27ff:fec2:bae4 prefixlen 64 scopeid 0x20 ether 08:00:27:c2:ba:e4 txqueuelen 1000 (Ethernet)
RX fakiti 61 bytes 7873 (7.6 KiB)
Kurakurai RX 0 sun sauke 0 overruns 0 firam 0
Fakitin TX 65 bytes 10917 (10.6 KiB)
Kurakurai TX 0 sun sauke 0 overruns 0 mai ɗaukar kaya 0 karo 0
enp0s8: tutoci = 4163 mutum 1500
inet 192.168.201.254 netmask 255.255.255.0 watsa shirye-shirye 192.168.201.255
inet6 fe80:: a00:27ff:fe79:a7e3 prefixlen 64 scopeid 0x20 ether 08:00:27:79:a7:e3 txqueuelen 1000 (Ethernet)
Fakitin RX 0 bytes 0 (0.0 B)
Kurakurai RX 0 sun sauke 0 overruns 0 firam 0
Fakitin TX 8 bytes 648 (648.0B)
Kurakurai TX 0 sun sauke 0 overruns 0 mai ɗaukar kaya 0 karo 0
lo: tutoci=73 shafi 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 :: 1 prefixlen 128 scopeid 0x10 madauki txqueuelen 1 (Local Loopback)
Fakitin RX 0 bytes 0 (0.0 B)
Kurakurai RX 0 sun sauke 0 overruns 0 firam 0
Fakitin TX 0 bytes 0 (0.0B)
Kurakurai TX 0 sun sauke 0 overruns 0 mai ɗaukar kaya 0 karo 0
3. Komai yayi aiki, yanzu kuna buƙatar saita 3proxy don wakili na gaskiya.
root@debian9:~# cd /home/joke/proxy/
root@debian9:/home/joke/proxy# cat > 3proxytransp.conf
Misalin Kanfigareshan Wakilai Mai Fassara #1daemon
pidfile /home/joke/proxy/3proxy.pid
uwar garken 8.8.8.8
Farashin 65536
lokuta 1 5 30 60 180 1800 16 60
log /home/joke/proxy/logs/3proxy.log D
logformat "- +_L%t.% %N.%p %E %U %C:%c %R:%r %O %I %h %T"
juya 3
jawo
auth musamman
dnspr
yarda*
iyaye 1000 socks5 IP_ADDRESS_EXTERNAL_PROXY 3128 mai gwadawa 1234
plugin /opt/proxy/3proxy-0.8.12/src/TransparentPlugin.ld.so transparent_plugin
tcppm -i0.0.0.0 888 127.0.0.1 11111
4. Yanzu gudu 3proxy tare da sabon config
root@debian9:/home/joke/proxy# /usr/local/bin/3proxy /home/joke/proxy/3proxytransp.conf
5. Ƙara zuwa crontab kuma
root@debian9:/home/joke/proxy# crontab -e
@reboot /usr/local/bin/3proxy /home/joke/proxy/3proxytransp.conf
6. Bari mu ga abin da wakilinmu ke sauraro yanzu
root@debian9:~# netstat -nlp
netstat logHaɗin Intanet mai aiki (sabis kawai)
Proto Recv-Q Aika-Q Adireshin Cikin Gida Adireshin Waje na Jiha PID/Sunan Shirin
tcp 0 0 0.0.0.0:22 0.0.0.0:* SAURARA 349/sshd
tcp 0 0 0.0.0.0:888 0.0.0.0:* SAURARA 354/3 wakili
tcp6 0 0 :::22 :::* SAURARI 349/sshd
udp 0 0 0.0.0.0:53 0.0.0.0:* 354/3 wakili
udp 0 0 0.0.0.0:68 0.0.0.0:* 367/dhclient
7. Yanzu wakili yana shirye don karɓar duk wani haɗin TCP akan tashar jiragen ruwa 888, DNS akan tashar jiragen ruwa 53, don tura su zuwa socks5 - proxy da DNS Google 8.8.8.8. Ya rage a gare mu don saita netfilter (iptables) da dokokin DHCP don ba da adireshi.
8. Shigar da kunshin iptables-na dawwama da dhcpd
root@debian9:~# apt-get install iptables-persistent isc-dhcp-server
9. Shirya fayil ɗin farawa dhcpd
root@debian9:~# nano /etc/dhcp/dhcpd.conf
dhcpd.conf# dhcpd.conf
#
# Fayil ɗin sanyi na samfurin don ISC dhcpd
#
# ma'anar zaɓi na gama-gari ga duk cibiyoyin sadarwa masu tallafi…
sunan yankin zaɓi "example.org";
wani zaɓi domain-name-servers ns1.example.org, ns2.example.org;
tsoho-haya-lokaci 600;
max-lease-lokaci 7200;
ddns-update-style babu;
# Idan wannan uwar garken DHCP shine uwar garken DHCP na hukuma na gida
# cibiyar sadarwa, umarnin mai iko ya kamata ya zama mara kyau.
iko;
# Tsari daban-daban don subnet na ciki.
subnet 192.168.201.0 netmask 255.255.255.0 {
zangon 192.168.201.10 192.168.201.250;
wani zaɓi na yanki-sunan sabobin 192.168.201.254;
zabin magudanar 192.168.201.254;
zaɓi watsa-adireshin 192.168.201.255;
tsoho-haya-lokaci 600;
max-lease-lokaci 7200;
}
11. Sake yi kuma duba sabis akan tashar jiragen ruwa 67
root@debian9:~# reboot
root@debian9:~# netstat -nlp
netstat logHaɗin Intanet mai aiki (sabis kawai)
Proto Recv-Q Aika-Q Adireshin Cikin Gida Adireshin Waje na Jiha PID/Sunan Shirin
tcp 0 0 0.0.0.0:22 0.0.0.0:* SAURARA 389/sshd
tcp 0 0 0.0.0.0:888 0.0.0.0:* SAURARA 310/3 wakili
tcp6 0 0 :::22 :::* SAURARI 389/sshd
udp 0 0 0.0.0.0:20364 0.0.0.0:* 393/dhcpd
udp 0 0 0.0.0.0:53 0.0.0.0:* 310/3 wakili
udp 0 0 0.0.0.0:67 0.0.0.0:* 393/dhcpd
udp 0 0 0.0.0.0:68 0.0.0.0:* 405/dhclient
udp6 0 0 :::31728 :::* 393/dhcpd
raw 0 0:0.0.0.0 1:* 0.0.0.0/dhcpd
12. Ya rage don tura duk buƙatun tcp zuwa tashar jiragen ruwa 888 kuma adana ƙa'idar a cikin iptables.
root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.201.0/24 -p tcp -j REDIRECT --to-ports 888
root@debian9:~# iptables-save > /etc/iptables/rules.v4
13. Don faɗaɗa bandwidth na tashar, zaku iya amfani da sabar wakili da yawa a lokaci ɗaya. Jimlar adadin ya kamata ya zama 1000. Sabbin haɗin gwiwa an kafa su tare da yuwuwar 0.2, 0.2, 0.2, 0.2, 0,1, 0,1 zuwa takamaiman sabar wakili.
Lura: idan muna da wakili na yanar gizo, to, maimakon socks5 kuna buƙatar rubuta haɗin gwiwa, idan socks4, to socks4 (socks4 BA YA KYAUTA LOGIN / PASSWORD AUTHORIZATION!)
Misalin Kanfigareshan Wakilai Mai Fassara #2daemon
pidfile /home/joke/proxy/3proxy.pid
uwar garken 8.8.8.8
Farashin 65536
maxconn 500
lokuta 1 5 30 60 180 1800 16 60
log /home/joke/proxy/logs/3proxy.log D
logformat "- +_L%t.% %N.%p %E %U %C:%c %R:%r %O %I %h %T"
juya 3
jawo
auth musamman
dnspr
yarda*
iyaye 200 socks5 IP_ADDRESS_EXTERNAL_PROXY#1 3128 mai gwadawa 1234
iyaye 200 socks5 IP_ADDRESS_EXTERNAL_PROXY#2 3128 mai gwadawa 1234
iyaye 200 socks5 IP_ADDRESS_EXTERNAL_PROXY#3 3128 mai gwadawa 1234
iyaye 200 socks5 IP_ADDRESS_EXTERNAL_PROXY#4 3128 mai gwadawa 1234
iyaye 100 socks5 IP_ADDRESS_EXTERNAL_PROXY#5 3128 mai gwadawa 1234
iyaye 100 socks5 IP_ADDRESS_EXTERNAL_PROXY#6 3128 mai gwadawa 1234
plugin /opt/proxy/3proxy-0.8.12/src/TransparentPlugin.ld.so transparent_plugin
tcppm -i0.0.0.0 888 127.0.0.1 11111
Saita da gudanar da tsarin NAT + Transparent Proxy
A cikin wannan saitin, za mu yi amfani da tsarin NAT na yau da kullun tare da zaɓi ko cikakken wakilcin adireshi ɗaya ko rukunin gidajen yanar gizo. Masu amfani da hanyar sadarwa na ciki za su yi aiki tare da wasu ayyuka / subnets ba tare da sanin cewa suna aiki ta hanyar wakili ba. Duk haɗin https suna aiki lafiya, babu takaddun takaddun da ake buƙatar ƙirƙirar/musanya.
Da farko, bari mu yanke shawarar waɗanne ƙungiyoyin subnets/sabis ɗin da muke son wakilci. Bari mu ɗauka cewa wakilai na waje suna wurin inda sabis kamar pandora.com ke gudana. Yanzu ya rage don ƙayyade ƙananan hanyoyin sadarwa / adiresoshin sa.
1. Ping
root@debian9:~# ping pandora.com
PING pandora.com (208.85.40.20) 56 (84) bytes na bayanai.
2. Muna buga Google BGP 208.85.40.20
Mu je shafin
Ana iya ganin cewa subnet ɗin da nake nema shine AS40428 Pandora Media, Inc.
Buɗe prefixes v4
Anan akwai hanyoyin sadarwa da ake buƙata!
199.116.161.0/24
199.116.162.0/24
199.116.164.0/23
199.116.164.0/24
199.116.165.0/24
208.85.40.0/24
208.85.41.0/24
208.85.42.0/23
208.85.42.0/24
208.85.43.0/24
208.85.44.0/24
208.85.46.0/23
208.85.46.0/24
208.85.47.0/24
3. Don rage adadin subnets, kuna buƙatar yin tarawa. Mu je shafin da kwafi jerin mu a can. A sakamakon haka - 6 subnets maimakon 14.
199.116.161.0/24
199.116.162.0/24
199.116.164.0/23
208.85.40.0/22
208.85.44.0/24
208.85.46.0/23
4. Tsaftace dokokin iptables
root@debian9:~# iptables -F
root@debian9:~# iptables -X
root@debian9:~# iptables -t nat -F
root@debian9:~# iptables -t nat -X
Kunna tsarin gaba da NAT
root@debian9:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@debian9:~# iptables -A FORWARD -i enp0s3 -o enp0s8 -j ACCEPT
root@debian9:~# iptables -A FORWARD -i enp0s8 -o enp0s3 -j ACCEPT
root@debian9:~# iptables -t nat -A POSTROUTING -o enp0s3 -s 192.168.201.0/24 -j MASQUERADE
Domin a kunna gaba na dindindin bayan sake kunnawa, za mu canza fayil ɗin
root@debian9:~# nano /etc/sysctl.conf
Kuma uncomment line
net.ipv4.ip_forward = 1
Ctrl + X don adana fayil
5. Kunsa pandora.com subnets a cikin wakili
root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.201.0/24 -d 199.116.161.0/24,199.116.162.0/24,199.116.164.0/23,208.85.40.0/22,208.85.44.0/24,208.85.46.0/23 -p tcp -j REDIRECT --to-ports 888
6. Ajiye dokoki
root@debian9:~# iptables-save > /etc/iptables/rules.v4
Saita da gudanar da Transparent Proxy ta hanyar daidaitawar na'ura mai ba da hanya tsakanin hanyoyin sadarwa
A cikin wannan saitin, uwar garken wakili na gaskiya na iya zama PC daban ko injin kama-da-wane a bayan na'ura mai ba da hanya tsakanin hanyoyin sadarwa na gida/kamfani. Ya isa ya yi rajistar hanyoyin da ke tsaye a kan na'ura mai ba da hanya tsakanin hanyoyin sadarwa ko na'urori, kuma duk rukunin yanar gizon za su yi amfani da wakili ba tare da buƙatar ƙarin saiti ba.
MUHIMMI! Ya zama dole ƙofar mu ta karɓi IP na tsaye daga na'ura mai ba da hanya tsakanin hanyoyin sadarwa, ko kuma a saita ta don kanta.
1. Saita adreshin ƙofa a tsaye ( adaftar enp0s3)
root@debian9:~# nano /etc/network/interfaces
/etc/network/interfaces fayil# Wannan fayil ɗin yana bayyana hanyoyin haɗin yanar gizon da ake samu akan tsarin ku
# da yadda ake kunna su. Don ƙarin bayani, duba musaya (5).
source /etc/network/interfaces.d/*
# Alamar hanyar sadarwa ta loopback
mota shi
iface loetet loopback
# Babban hanyar sadarwa ta hanyar sadarwa
ba da izini-hotplug enp0s3
iface enp0s3 inet a tsaye
adireshin 192.168.23.2
255.255.255.0 shafin yanar gizo
Ƙofar 192.168.23.254
# Cibiyar sadarwa ta sakandare
ba da izini-hotplug enp0s8
iface enp0s8 inet a tsaye
adireshin 192.168.201.254
255.255.255.0 shafin yanar gizo
2. Bada na'urori daga 192.168.23.0/24 subnet don amfani da wakili
root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.23.0/24 -d 199.116.161.0/24,199.116.162.0/24,199.116.164.0/23,208.85.40.0/22,208.85.44.0/24,208.85.46.0/23 -p tcp -j REDIRECT --to-ports 888
3. Ajiye dokoki
root@debian9:~# iptables-save > /etc/iptables/rules.v4
4. Bari mu rubuta subnets a kan na'ura mai ba da hanya tsakanin hanyoyin sadarwa
Lissafin hanyar sadarwa ta hanyar sadarwa199.116.161.0 255.255.255.0 192.168.23.2
199.116.162.0 255.255.255.0 192.168.23.2
199.116.164.0 255.255.254.0 192.168.23.2
208.85.40.0 255.255.252.0 192.168.23.2
208.85.44.0 255.255.255.0 192.168.23.2
208.85.46.0 255.255.254.0 192.168.23.2
Abubuwan da aka yi amfani da su / albarkatu
1. Gidan yanar gizon hukuma na shirin 3proxy
2. Umarni don shigar da 3proxy daga tushe
3. Reshe mai haɓaka wakili na 3 akan GitHub
source: www.habr.com