Ma kēia ʻatikala makemake wau e hōʻike i nā hiki o ka proxying transparent, e hiki ai iā ʻoe ke hoʻihoʻi i nā mea āpau a i ʻole ʻāpana o ke kaʻa ma o nā kikowaena proxy waho i ʻike ʻole ʻia e nā mea kūʻai aku.
I koʻu hoʻomaka ʻana e hoʻoponopono i kēia pilikia, ua ʻike au i ka hoʻokō ʻana i hoʻokahi pilikia koʻikoʻi - ka protocol HTTPS. I ka wā kahiko, ʻaʻohe pilikia kūikawā me ka transparent HTTP proxying, akā me ka HTTPS proxying, hōʻike nā mea hoʻokele i ka hoʻopilikia ʻana i ka protocol a ma laila e pau ai ka hauʻoli.
Ma nā ʻōlelo kuhikuhi maʻamau no ka Squid proxy server, manaʻo lākou e hana i kāu palapala ponoʻī a hoʻokomo iā ia ma luna o nā mea kūʻai aku, ʻo ia ka mea lapuwale ma ka liʻiliʻi loa, noʻonoʻo a ʻano like me kahi hoʻouka MITM. ʻIke wau ua hiki i ka Squid ke hana i kekahi mea like, akā ʻo kēia ʻatikala e pili ana i kahi ʻano hana i hōʻoia ʻia me ka hoʻohana ʻana i ka 3proxy mai ka 3APA3A mahalo ʻia.
A laila, e nānā pono mākou i ke kaʻina hana o ke kūkulu ʻana i ka 3proxy mai ke kumu, kona hoʻonohonoho ʻana, piha a me ke koho koho ʻana me ka hoʻohana ʻana i ka NAT, ka hāʻawi ʻana i ke kahawai i kekahi mau kikowaena proxy waho, a me ka hoʻohana ʻana i kahi alalai a me nā ala static. Hoʻohana mākou iā Debian 9 x64 ma ke ʻano he OS. E hoʻomaka!
Ke hoʻouka nei i ka 3proxy a me ka holo ʻana i kahi kikowaena proxy maʻamau
1. E hoʻouka i ka ifconfig (mai ka pūʻolo net-tools)
apt-get install net-tools
2. E hoʻouka i ka Midnight Commander
apt-get install mc
3. Loaʻa iā mākou i kēia manawa he 2 interface:
enp0s3 - waho, nānā i ka Pūnaewele
enp0s8 - i loko, pono e nānā i ka pūnaewele kūloko
Ma nā māhele ʻē aʻe o Debian, ua kapa ʻia nā interface eth0 a me eth1.
ifconfig -a
Interfacesenp0s3: hae=4163 mtu 1500
inet 192.168.23.11 netmask 255.255.255.0 hoʻolaha 192.168.23.255
inet6 fe80::a00:27ff:fec2:bae4 prefixlen 64 scopeid 0x20 ether 08:00:27:c2:ba:e4 txqueuelen 1000 (Ethernet)
Nā pūʻolo RX 6412 byte 8676619 (8.2 MiB)
ʻO nā hewa RX 0 ua hāʻule 0 ma luna o 0 kiʻi 0
Nā pūʻolo TX 1726 paita 289128 (282.3 KiB)
Ua hāʻule nā hewa TX 0 i 0 ma mua o 0 mea lawe 0 hui ʻana 0
enp0s8: nā hae=4098 mtu 1500
etera 08:00:27:79:a7:e3 txqueuelen 1000 (Ethernet)
Nā pūʻolo RX 0 byte 0 (0.0 B)
ʻO nā hewa RX 0 ua hāʻule 0 ma luna o 0 kiʻi 0
ʻO nā pūʻolo TX 0 byte 0 (0.0 B)
Ua hāʻule nā hewa TX 0 i 0 ma mua o 0 mea lawe 0 hui ʻana 0
aia: hae=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1 (Loopback kūloko)
Nā pūʻolo RX 0 byte 0 (0.0 B)
ʻO nā hewa RX 0 ua hāʻule 0 ma luna o 0 kiʻi 0
ʻO nā pūʻolo TX 0 byte 0 (0.0 B)
Ua hāʻule nā hewa TX 0 i 0 ma mua o 0 mea lawe 0 hui ʻana 0
ʻAʻole hoʻohana ʻia ka interface enp0s8 i kēia manawa, hiki iā mākou ke hoʻohana i ka wā makemake mākou e hoʻohana i ka hoʻonohonoho Proxy NAT a i ʻole NAT. ʻO ia ka mea kūpono ke hāʻawi iā ia i kahi IP static.
4. E hoʻomaka kākou e hoʻokomo i ka 3proxy
4.1 Hoʻokomo ʻana i nā pūʻolo kumu no ka hōʻuluʻulu ʻana i 3proxy mai nā kumu
root@debian9:~# apt-get install build-essential libevent-dev libssl-dev -y
4.2. E hana kākou i waihona no ka hoʻoiho ʻana i ka waihona me nā kumu
root@debian9:~# mkdir -p /opt/proxy
4.3. E hele kāua i kēia waihona
root@debian9:~# cd /opt/proxy
4.4. I kēia manawa e hoʻoiho i ka pūʻolo 3proxy hou loa. I ka manawa kākau, ʻo 0.8.12 (18/04/2018) ka mana hou loa.
root@debian9:/opt/proxy# wget https://github.com/z3APA3A/3proxy/archive/0.8.12.tar.gz
4.5. E wehe kākou i ka waihona i hoʻoiho ʻia
root@debian9:/opt/proxy# tar zxvf 0.8.12.tar.gz
4.6. E hele i ka papa kuhikuhi unpacked e kūkulu i ka papahana
root@debian9:/opt/proxy# cd 3proxy-0.8.12
4.7. A laila, pono mākou e hoʻohui i kahi laina i ka faila poʻomanaʻo i ʻike ʻole ʻia kā mākou kikowaena (hana maoli ia, nānā ʻia nā mea āpau, hūnā ʻia nā IP o nā mea kūʻai aku)
root@debian9:/opt/proxy/3proxy-0.8.12# nano +29 src/proxy.h
Hoʻohui i kahi laina
#define ANONYMOUS 1
E kaomi Ctrl+x a komo e mālama i nā loli.
4.8. E hoʻomaka kākou e hui pū i ka papahana
root@debian9:/opt/proxy/3proxy-0.8.12# make -f Makefile.Linux
Makeloghana [2]: Haʻalele i ka papa kuhikuhi '/opt/proxy/3proxy-0.8.12/src/plugins/TransparentPlugin'
hana [1]: Ke waiho nei i ka papa kuhikuhi '/opt/proxy/3proxy-0.8.12/src'
ʻAʻohe hewa, e hoʻomau kāua.
4.9. E hoʻouka i ka polokalamu ma ka ʻōnaehana
root@debian9:/opt/proxy/3proxy-0.8.12# make -f Makefile.Linux install
4.10. E hele i ka papa kuhikuhi kumu a nānā i kahi i hoʻokomo ʻia ai ka polokalamu
root@debian9:/opt/proxy/3proxy-0.8.12# cd ~/
root@debian9:~# whereis 3proxy
3proxy: /usr/local/bin/3proxy /usr/local/etc/3proxy
4.11. E hana kāua i waihona no nā faila hoʻonohonoho a me nā moʻolelo ma ka papa kuhikuhi home o ka mea hoʻohana
root@debian9:~# mkdir -p /home/joke/proxy/logs
4.12. E hele i ka papa kuhikuhi kahi e pono ai ka config
root@debian9:~# cd /home/joke/proxy/
4.13. E hana i kahi faila ʻole a kope i ka config ma laila
root@debian9:/home/joke/proxy# cat > 3proxy.conf
3proxy.confdaemon
pidfile /home/joke/proxy/3proxy.pid
nserver 8.8.8.8
nscache 65536
mea ho'āʻo mea hoʻohana:CL:1234
manawa pau 1 5 30 60 180 1800 16 60
log /home/joke/proxy/logs/3proxy.log D
logformat "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
hoʻohuli 3
ikaika ikaika
poni o
ʻae i ka mea hoʻāʻo
nā soka -p3128
koho -p8080
No ka mālama ʻana, e kaomi iā Ctrl + Z
4.14. E hana kākou i faila pid i ʻole nā hewa i ka wā hoʻomaka.
root@debian9:/home/joke/proxy# cat > 3proxy.pid
No ka mālama ʻana, e kaomi iā Ctrl + Z
4.15. E hoʻomaka kākou i ke kikowaena proxy!
root@debian9:/home/joke/proxy# 3proxy /home/joke/proxy/3proxy.conf
4.16. E nānā inā hoʻolohe ke kikowaena ma nā awa
root@debian9:~/home/joke/proxy# netstat -nlp
mooolelo netstatNā pilina pūnaewele ʻeleu (nā kikowaena wale nō)
Proto Recv-Q Send-Q Wahi Kūlana Wahi Wahi ʻē aʻe Mokuʻāina PID/Palapala inoa
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 504/3proxy
tcp 0 0 0.0.0.0:22 0.0.0.0:* HOOLOHE 338/sshd
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 504/3proxy
tcp6 0 0 :::22 :::* HOOLOHE 338/sshd
udp 0 0 0.0.0.0:68 0.0.0.0:* 352/dhclient
E like me ka mea i kākau ʻia ma ka config, hoʻolohe kā mākou proxy pūnaewele i ke awa 8080, hoʻolohe ka proxy Socks5 i ke awa 3128.
4.17. No ka hoʻomaka ʻana i ka lawelawe proxy ma hope o ka reboot, pono ʻoe e hoʻohui iā cron.
root@debian9:/home/joke/proxy# crontab -e
Hoʻohui i kahi laina
@reboot /usr/local/bin/3proxy /home/joke/proxy/3proxy.conf
Kaomi mākou i ke Enter, no ka mea e ʻike ʻo cron i ka hopena o ke ʻano laina, a mālama i ka faila.
Pono e loaʻa kahi memo e pili ana i ke kau ʻana i kahi crontab hou.
crontab: hoʻokomo i crontab hou
4.18. E hoʻomaka hou i ka ʻōnaehana a hoʻāʻo e hoʻopili ma o ka polokalamu kele i ka proxy. No ka nānā ʻana, hoʻohana mākou i ka polokalamu kele Firefox (no kahi proxy pūnaewele) a me ka FoxyProxy add-on no socks5 me ka hōʻoia.
root@debian9:/home/joke/proxy# reboot
4.19. Ma hope o ka nānā ʻana i ka hana o ka proxy ma hope o ka reboot, hiki iā ʻoe ke nānā i nā lāʻau. Hoʻopau kēia i ka hoʻonohonoho server proxy.
3 mooolelo koho1542573996.018 PROXY.8080 00000 mea ho'āʻo 192.168.23.10:50915 217.12.15.54:443 1193 6939 0 CONNECT_ads.yahoo.com/443_HTTP
1542574289.634 SOCK5.3128 00000 hōʻike 192.168.23.10:51193 54.192.13.69:443 0 0 0 CONNECT_normandy.cdn.mozilla.net:443
Hoʻonohonoho a holo i ka hoʻonohonoho Transparent Proxy NAT
Ma kēia hoʻonohonoho ʻana, e holo pono nā mea hana āpau ma ka pūnaewele kūloko ma ka Pūnaewele ma o kahi kikowaena proxy mamao. ʻOiaʻiʻo, e hoʻihoʻi ʻia nā pili TCP a pau i hoʻokahi a ʻoi aku paha (e hoʻonui maoli i ka laula o ke kahawai, ka laʻana hoʻonohonoho No. 2!) nā kikowaena koho. E hoʻohana ka lawelawe DNS i nā mana 3proxy (dnspr). ʻAʻole ʻo UDP e "hele" i waho, no ka mea ʻaʻole mākou e hoʻohana nei i ka mīkini i mua (i hoʻopaʻa ʻia e ka paʻamau i ka kernel Linux).
1. ʻO ka manawa kēia e hiki ai i ke kikowaena enp0s8
root@debian9:~# nano /etc/network/interfaces
/etc/network/interfaces file# Hōʻike kēia faila i nā kikowaena pūnaewele i loaʻa ma kāu ʻōnaehana
# a pehea e hoʻāla ai iā lākou. No ka ʻike hou aku, e ʻike i nā interface (5).
kumu /etc/network/interfaces.d/*
# ʻO ke kikowaena pūnaewele loopback
kaʻa ia
iface lo inet loopback
# ʻO ke kikowaena pūnaewele mua
ʻae-hotplug enp0s3
iface enp0s3 inet dhcp
# ʻO ke kikowaena pūnaewele lua
ʻae-hotplug enp0s8
iface enp0s8 inet static
helu wahi 192.168.201.254
netmask 255.255.255.0
Maanei ua hāʻawi mākou i ka interface enp0s8 i kahi helu static 192.168.201.254 a me kahi mask 255.255.255.0.
E mālama i ka config Ctrl + X a hoʻomaka hou
root@debian9:~# reboot
2. Ke nānā nei i nā pilina
root@debian9:~# ifconfig
ifconfig logenp0s3: hae=4163 mtu 1500
inet 192.168.23.11 netmask 255.255.255.0 hoʻolaha 192.168.23.255
inet6 fe80::a00:27ff:fec2:bae4 prefixlen 64 scopeid 0x20 ether 08:00:27:c2:ba:e4 txqueuelen 1000 (Ethernet)
ʻO nā pūʻolo RX 61 byte 7873 (7.6 KiB)
ʻO nā hewa RX 0 ua hāʻule 0 ma luna o 0 kiʻi 0
Nā pūʻolo TX 65 paita 10917 (10.6 KiB)
Ua hāʻule nā hewa TX 0 i 0 ma mua o 0 mea lawe 0 hui ʻana 0
enp0s8: hae=4163 mtu 1500
inet 192.168.201.254 netmask 255.255.255.0 hoʻolaha 192.168.201.255
inet6 fe80::a00:27ff:fe79:a7e3 prefixlen 64 scopeid 0x20 ether 08:00:27:79:a7:e3 txqueuelen 1000 (Ethernet)
Nā pūʻolo RX 0 byte 0 (0.0 B)
ʻO nā hewa RX 0 ua hāʻule 0 ma luna o 0 kiʻi 0
ʻO nā pūʻolo TX 8 byte 648 (648.0 B)
Ua hāʻule nā hewa TX 0 i 0 ma mua o 0 mea lawe 0 hui ʻana 0
aia: hae=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1 (Loopback kūloko)
Nā pūʻolo RX 0 byte 0 (0.0 B)
ʻO nā hewa RX 0 ua hāʻule 0 ma luna o 0 kiʻi 0
ʻO nā pūʻolo TX 0 byte 0 (0.0 B)
Ua hāʻule nā hewa TX 0 i 0 ma mua o 0 mea lawe 0 hui ʻana 0
3. Ua holo pono nā mea a pau, i kēia manawa pono ʻoe e hoʻonohonoho i ka 3proxy no ka proxying transparent.
root@debian9:~# cd /home/joke/proxy/
root@debian9:/home/joke/proxy# cat > 3proxytransp.conf
ʻO ka laʻana hoʻonohonoho o ka server proxy transparent No. 1daemon
pidfile /home/joke/proxy/3proxy.pid
nserver 8.8.8.8
nscache 65536
manawa pau 1 5 30 60 180 1800 16 60
log /home/joke/proxy/logs/3proxy.log D
logformat "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
hoʻohuli 3
poni o
auth iponly
dnspr
ʻae *
makua 1000 socks5 IP_ADDRESS OF EXTERNAL_PROXY 3128 mea ho'āʻo 1234
plugin /opt/proxy/3proxy-0.8.12/src/TransparentPlugin.ld.so transparent_plugin
tcppm -i0.0.0.0 888 127.0.0.1 11111
4. I kēia manawa hoʻomaka mākou i ka 3proxy me ka config hou
root@debian9:/home/joke/proxy# /usr/local/bin/3proxy /home/joke/proxy/3proxytransp.conf
5. Hoʻohui hou i crontab
root@debian9:/home/joke/proxy# crontab -e
@reboot /usr/local/bin/3proxy /home/joke/proxy/3proxytransp.conf
6. E ʻike kākou i ka mea a kā mākou mea koho e hoʻolohe nei i kēia manawa
root@debian9:~# netstat -nlp
mooolelo netstatNā pilina pūnaewele ʻeleu (nā kikowaena wale nō)
Proto Recv-Q Send-Q Wahi Kūlana Wahi Wahi ʻē aʻe Mokuʻāina PID/Palapala inoa
tcp 0 0 0.0.0.0:22 0.0.0.0:* HOOLOHE 349/sshd
tcp 0 0 0.0.0.0:888 0.0.0.0:* LISTEN 354/3proxy
tcp6 0 0 :::22 :::* HOOLOHE 349/sshd
udp 0 0 0.0.0.0:53 0.0.0.0:* 354/3proxy
udp 0 0 0.0.0.0:68 0.0.0.0:* 367/dhclient
7. I kēia manawa ua mākaukau ka mea koho e ʻae i nā pilina TCP ma ke awa 888, DNS ma ke awa 53, i hiki iā lākou ke hoʻohuli hou ʻia i ka proxy socks5 mamao a me DNS Google 8.8.8.8. ʻO nā mea a mākou e hana ai, ʻo ka hoʻonohonoho ʻana i ka netfilter (iptables) a me nā lula DHCP no ka hoʻopuka ʻana i nā helu wahi.
8. E hoʻouka i ka iptables-persistent a me dhcpd package
root@debian9:~# apt-get install iptables-persistent isc-dhcp-server
9. Hoʻoponopono i ka faila hoʻomaka dhcpd
root@debian9:~# nano /etc/dhcp/dhcpd.conf
dhcpd.conf#dhcpd.conf
#
# Ka waihona hoʻonohonoho hoʻohālike no ISC dhcpd
#
# wehewehe koho maʻamau i nā pūnaewele i kākoʻo ʻia…
koho domain-inoa "example.org";
koho domain-name-servers ns1.example.org, ns2.example.org;
wā hoʻolimalima paʻamau 600;
ka nui-lease-manawa 7200;
ddns-update-style ʻaʻohe;
# Inā ʻo kēia kikowaena DHCP ka kikowaena DHCP kūhelu no ka kūloko
# pūnaewele, ʻaʻole i ʻōlelo ʻia ke kuhikuhi mana.
mana;
# He hoʻonohonoho ʻokoʻa iki no kahi subnet kūloko.
subnet 192.168.201.0 netmask 255.255.255.0 {
laulā 192.168.201.10 192.168.201.250;
koho domain-name-servers 192.168.201.254;
nā alakō koho 192.168.201.254;
koho hoʻolele leo-helu 192.168.201.255;
wā hoʻolimalima paʻamau 600;
ka nui-lease-manawa 7200;
}
11. Hoʻomaka hou a nānā i ka lawelawe ma ke awa 67
root@debian9:~# reboot
root@debian9:~# netstat -nlp
mooolelo netstatNā pilina pūnaewele ʻeleu (nā kikowaena wale nō)
Proto Recv-Q Send-Q Wahi Kūlana Wahi Wahi ʻē aʻe Mokuʻāina PID/Palapala inoa
tcp 0 0 0.0.0.0:22 0.0.0.0:* HOOLOHE 389/sshd
tcp 0 0 0.0.0.0:888 0.0.0.0:* LISTEN 310/3proxy
tcp6 0 0 :::22 :::* HOOLOHE 389/sshd
udp 0 0 0.0.0.0:20364 0.0.0.0:* 393/dhcpd
udp 0 0 0.0.0.0:53 0.0.0.0:* 310/3proxy
udp 0 0 0.0.0.0:67 0.0.0.0:* 393/dhcpd
udp 0 0 0.0.0.0:68 0.0.0.0:* 405/dhclient
udp6 0 0 :::31728 :::* 393/dhcpd
maka 0 0 0.0.0.0:1 0.0.0.0:* 393/dhcpd
12. ʻO nā mea a pau i koe, e hoʻihoʻi hou i nā noi tcp a pau i ka port 888 a mālama i ke kānāwai ma iptables
root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.201.0/24 -p tcp -j REDIRECT --to-ports 888
root@debian9:~# iptables-save > /etc/iptables/rules.v4
13. No ka hoʻonui ʻana i ka bandwidth channel, hiki iā ʻoe ke hoʻohana i nā kikowaena proxy i ka manawa hoʻokahi. Pono ka huina 1000. Hoʻokumu ʻia nā pilina hou me ka hiki ke 0.2, 0.2, 0.2, 0.2, 0,1, 0,1 i nā kikowaena proxy i kuhikuhi ʻia.
Nānā: inā loaʻa iā mākou kahi koho pūnaewele, a laila ma kahi o socks5 pono mākou e kākau i ka pilina, inā socks4, a laila socks4 (SOcks4 DOES NOT SUPPORT LOGIN / PASSWORD AUTHORIZATION!)
ʻO ka laʻana hoʻonohonoho o ka server proxy transparent No. 2daemon
pidfile /home/joke/proxy/3proxy.pid
nserver 8.8.8.8
nscache 65536
maxconn 500
manawa pau 1 5 30 60 180 1800 16 60
log /home/joke/proxy/logs/3proxy.log D
logformat "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
hoʻohuli 3
poni o
auth iponly
dnspr
ʻae *
makua 200 socks5 IP_ADDRESS_EXTERNAL_PROXY#1 3128 mea ho'āʻo 1234
makua 200 socks5 IP_ADDRESS_EXTERNAL_PROXY#2 3128 mea ho'āʻo 1234
makua 200 socks5 IP_ADDRESS_EXTERNAL_PROXY#3 3128 mea ho'āʻo 1234
makua 200 socks5 IP_ADDRESS_EXTERNAL_PROXY#4 3128 mea ho'āʻo 1234
makua 100 socks5 IP_ADDRESS_EXTERNAL_PROXY#5 3128 mea ho'āʻo 1234
makua 100 socks5 IP_ADDRESS_EXTERNAL_PROXY#6 3128 mea ho'āʻo 1234
plugin /opt/proxy/3proxy-0.8.12/src/TransparentPlugin.ld.so transparent_plugin
tcppm -i0.0.0.0 888 127.0.0.1 11111
Hoʻonohonoho a holo i ka hoʻonohonoho NAT + Transparent Proxy
Ma kēia hoʻonohonoho ʻana, e hoʻohana mākou i ka mīkini NAT maʻamau me ka koho ʻana a i ʻole ka ʻike piha ʻana o nā helu helu a i ʻole nā subnets. E hana nā mea hoʻohana pūnaewele me kekahi mau lawelawe/subnets me ka ʻike ʻole e hana ana lākou ma o kahi koho. Hana maikaʻi nā pilina https āpau, ʻaʻohe palapala hōʻoia e pono e hana ʻia / hoʻololi.
ʻO ka mea mua, e hoʻoholo kākou i nā subnets/lawelawe a mākou e makemake ai e koho. E noʻonoʻo kākou aia nā proxies waho kahi e lawelawe ai kahi lawelawe e like me pandora.com. I kēia manawa ke hoʻoholo nei i kāna mau subnets/address.
1. Ping
root@debian9:~# ping pandora.com
PING pandora.com (208.85.40.20) 56(84) paita o ka ʻikepili.
2. E kikokiko i ka BGP 208.85.40.20 i loko o Google
E hele kāua i ka pūnaewele
Hiki ke ʻike ʻia ʻo ka subnet aʻu e ʻimi nei ʻo AS40428 Pandora Media, Inc
E wehe ana i nā prefix v4
Eia nā subnets pono!
199.116.161.0/24
199.116.162.0/24
199.116.164.0/23
199.116.164.0/24
199.116.165.0/24
208.85.40.0/24
208.85.41.0/24
208.85.42.0/23
208.85.42.0/24
208.85.43.0/24
208.85.44.0/24
208.85.46.0/23
208.85.46.0/24
208.85.47.0/24
3. No ka hoʻemi ʻana i ka helu o nā subnets, pono ʻoe e hana i ka hoʻohui. E hele i ka pūnaewele a kope i kā mākou papa inoa ma laila. ʻO ka hopena - 6 subnets ma kahi o 14.
199.116.161.0/24
199.116.162.0/24
199.116.164.0/23
208.85.40.0/22
208.85.44.0/24
208.85.46.0/23
4. Hoʻomaʻemaʻe i nā lula iptables
root@debian9:~# iptables -F
root@debian9:~# iptables -X
root@debian9:~# iptables -t nat -F
root@debian9:~# iptables -t nat -X
E ho'ā i ka hana mua a me NAT
root@debian9:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@debian9:~# iptables -A FORWARD -i enp0s3 -o enp0s8 -j ACCEPT
root@debian9:~# iptables -A FORWARD -i enp0s8 -o enp0s3 -j ACCEPT
root@debian9:~# iptables -t nat -A POSTROUTING -o enp0s3 -s 192.168.201.0/24 -j MASQUERADE
No ka hōʻoia ʻana e hiki mau i mua ma hope o ka reboot, e hoʻololi i ka faila
root@debian9:~# nano /etc/sysctl.conf
A wehe i ka laina
net.ipv4.ip_forward = 1
Ctrl+X e mālama i ka faila
5. Hoʻopili mākou i nā subnets pandora.com i kahi koho
root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.201.0/24 -d 199.116.161.0/24,199.116.162.0/24,199.116.164.0/23,208.85.40.0/22,208.85.44.0/24,208.85.46.0/23 -p tcp -j REDIRECT --to-ports 888
6. E malama kakou i na rula
root@debian9:~# iptables-save > /etc/iptables/rules.v4
Hoʻonohonoho a holo i ka Transparent Proxy ma o ka hoʻonohonoho hoʻonohonoho alaala
Ma kēia hoʻonohonoho ʻana, hiki i ka server proxy transparent ke lilo i PC ʻokoʻa a i ʻole he mīkini uila ma hope o kahi alalai home/hui. Ua lawa ka hoʻopaʻa inoa ʻana i nā ala static ma ke alalai a i ʻole nā mea hana a e hoʻohana ka subnet holoʻokoʻa i kahi proxy me ka ʻole o ka pono o nā hoʻonohonoho hou.
NUI! Pono e loaʻa i kā mākou ʻīpuka kahi IP kūʻokoʻa mai ke alalai, a i ʻole i hoʻonohonoho ʻia e static ponoʻī.
1. E hoʻopaʻa i kahi helu ʻīpuka paʻa (enp0s3 adapter)
root@debian9:~# nano /etc/network/interfaces
/etc/network/interfaces file# Hōʻike kēia faila i nā kikowaena pūnaewele i loaʻa ma kāu ʻōnaehana
# a pehea e hoʻāla ai iā lākou. No ka ʻike hou aku, e ʻike i nā interface (5).
kumu /etc/network/interfaces.d/*
# ʻO ke kikowaena pūnaewele loopback
kaʻa ia
iface lo inet loopback
# ʻO ke kikowaena pūnaewele mua
ʻae-hotplug enp0s3
iface enp0s3 inet static
helu wahi 192.168.23.2
netmask 255.255.255.0
ʻīpuka 192.168.23.254
# ʻO ke kikowaena pūnaewele lua
ʻae-hotplug enp0s8
iface enp0s8 inet static
helu wahi 192.168.201.254
netmask 255.255.255.0
2. E ʻae i nā polokalamu mai ka subnet 192.168.23.0/24 e hoʻohana i ke koho
root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.23.0/24 -d 199.116.161.0/24,199.116.162.0/24,199.116.164.0/23,208.85.40.0/22,208.85.44.0/24,208.85.46.0/23 -p tcp -j REDIRECT --to-ports 888
3. E malama kakou i na rula
root@debian9:~# iptables-save > /etc/iptables/rules.v4
4. E hoʻopaʻa inoa i nā subnets ma ke alalai
Papa inoa pūnaewele alaula199.116.161.0 255.255.255.0 192.168.23.2
199.116.162.0 255.255.255.0 192.168.23.2
199.116.164.0 255.255.254.0 192.168.23.2
208.85.40.0 255.255.252.0 192.168.23.2
208.85.44.0 255.255.255.0 192.168.23.2
208.85.46.0 255.255.254.0 192.168.23.2
Nā mea/waiwai i hoʻohana ʻia
1. Paena pūnaewele kūhelu o ka polokalamu 3proxy
2. Nā kuhikuhi no ka hoʻokomo ʻana iā 3proxy mai ke kumu
3. lālā hoʻomohala 3proxy ma GitHub
Source: www.habr.com