ãã®èšäºã§ã¯ãã¯ã©ã€ã¢ã³ãã«ãŸã£ããæ°ä»ãããã«ãã©ãã£ãã¯ã®ãã¹ãŠãŸãã¯äžéšãå€éšãããã· ãµãŒããŒçµç±ã§ãªãã€ã¬ã¯ãã§ããééãããã·ã®å¯èœæ§ã«ã€ããŠæããã«ããããšæããŸãã
ãã®åé¡ã解決ãå§ãããšãããã®å®è£ ã«ã¯ HTTPS ãããã³ã«ãšãã XNUMX ã€ã®é倧ãªåé¡ããããšããäºå®ã«çŽé¢ããŸããã å€ãè¯ãæ代ã«ã¯ãééç㪠HTTP ãããã·ã«ã¯ç¹å¥ãªåé¡ã¯ãããŸããã§ããããHTTPS ãããã·ã®å Žåããã©ãŠã¶ã¯ãããã³ã«ãžã®å¹²æžãå ±åããããã§å¹žãã¯çµãããŸãã
Squid ãããã· ãµãŒããŒã®äžè¬çãªæé ã§ã¯ãç¬èªã®èšŒææžãçæããŠã¯ã©ã€ã¢ã³ãã«ã€ã³ã¹ããŒã«ããããšããææ¡ãããŠããŸãããããã¯å°ãªããšãå®å šã«ãã³ã»ã³ã¹ã§éåççã§ãããMITM æ»æã®ããã«èŠããŸãã Squid ããã§ã«åæ§ã®ããšãå®è¡ã§ããããšã¯ç¥ã£ãŠããŸããããã®èšäºã¯ãè©å€ã®é«ã 3APA3A ã® 3proxy ã䜿çšããå®èšŒæžã¿ã®å®çšçãªæ¹æ³ã«ã€ããŠã®ãã®ã§ãã
次ã«ããœãŒã¹ãã 3proxy ãæ§ç¯ããããã»ã¹ããã®æ§æãNAT ã䜿çšããå®å
šãªéžæçãããã·ãè€æ°ã®å€éšãããã· ãµãŒããŒãžã®ãã£ãã«åæ£ãã«ãŒã¿ãŒãšéçã«ãŒãã®äœ¿çšã«ã€ããŠè©³ããèŠãŠãããŸãã OSãšããŠDebian 9 x64ã䜿çšããŠããŸãã å§ããïŒ
3proxy ã®ã€ã³ã¹ããŒã«ãšéåžžã®ãããã· ãµãŒããŒã®å®è¡
1. ifconfig ãã€ã³ã¹ããŒã«ããŸã (net-tools ããã±ãŒãžãã)
apt-get install net-tools
2.Midnight Commanderãã€ã³ã¹ããŒã«ãã
apt-get install mc
3. ãã㧠2 ã€ã®ã€ã³ã¿ãŒãã§ãŒã¹ãã§ããŸããã
enp0s3 - å€éšãã€ã³ã¿ãŒããããåç
§
enp0s8 - å
éšãããŒã«ã«ãããã¯ãŒã¯ã調ã¹ãå¿
èŠããããŸã
ä»ã® Debian ããŒã¹ã®ãã£ã¹ããªãã¥ãŒã·ã§ã³ã§ã¯ãã€ã³ã¿ãŒãã§ã€ã¹ã®ååã¯éåžž eth0 ããã³ eth1 ã§ãã
ifconfig -a
ã€ã³ã¿ãŒãã§ãŒã¹enp0s3: ãã©ã°=4163 MTU 1500
inet 192.168.23.11 ããããã¹ã¯ 255.255.255.0 ãããŒããã£ã¹ã 192.168.23.255
inet6 fe80::a00:27ff:fec2:bae4 prefixlen 64scopeid 0x20 ether 08:00:27:c2:ba:e4 txqueuelen 1000 (ã€ãŒãµããã)
RX ãã±ãã 6412 ãã€ã 8676619 (8.2 MiB)
RX ãšã©ãŒ 0 ãããã 0 ãªãŒããŒã©ã³ 0 ãã¬ãŒã 0
TX ãã±ãã 1726 ãã€ã 289128 (282.3 KiB)
TX ãšã©ãŒ 0 ãããã 0 ãªãŒããŒã©ã³ 0 ãã£ãªã¢ 0 ã³ãªãžã§ã³ 0
enp0s8: ãã©ã°=4098 MTU 1500
ãšãŒãã« 08:00:27:79:a7:e3 txqueuelen 1000 (ã€ãŒãµããã)
RX ãã±ãã 0 ãã€ã 0 (0.0 B)
RX ãšã©ãŒ 0 ãããã 0 ãªãŒããŒã©ã³ 0 ãã¬ãŒã 0
TX ãã±ãã 0 ãã€ã 0 (0.0 B)
TX ãšã©ãŒ 0 ãããã 0 ãªãŒããŒã©ã³ 0 ãã£ãªã¢ 0 ã³ãªãžã§ã³ 0
lo: ãã©ã°=73 mtu 65536
inet 127.0.0.1 ããããã¹ã¯ 255.0.0.0
inet6 ::1 prefixlen 128 ã¹ã³ãŒã ID 0x10 ã«ãŒã txqueuelen 1 (ããŒã«ã« ã«ãŒãããã¯)
RX ãã±ãã 0 ãã€ã 0 (0.0 B)
RX ãšã©ãŒ 0 ãããã 0 ãªãŒããŒã©ã³ 0 ãã¬ãŒã 0
TX ãã±ãã 0 ãã€ã 0 (0.0 B)
TX ãšã©ãŒ 0 ãããã 0 ãªãŒããŒã©ã³ 0 ãã£ãªã¢ 0 ã³ãªãžã§ã³ 0
enp0s8 ã€ã³ã¿ãŒãã§ã€ã¹ã¯çŸåšäœ¿çšãããŠããŸããããããã· NAT ãŸã㯠NAT æ§æã䜿çšããå Žåã¯æå¹ã«ããŸãã ãã®å Žåãéç IP ãå²ãåœãŠãã®ãè«ççã«ãªããŸãã
4. 3proxy ã®ã€ã³ã¹ããŒã«ãéå§ããŸããã
4.1 ãœãŒã¹ãã 3proxy ãã³ã³ãã€ã«ããããã®åºæ¬ããã±ãŒãžãã€ã³ã¹ããŒã«ãã
root@debian9:~# apt-get install build-essential libevent-dev libssl-dev -y
4.2. ãœãŒã¹ãå«ãã¢ãŒã«ã€ããããŠã³ããŒãããããã®ãã©ã«ããŒãäœæããŸããã
root@debian9:~# mkdir -p /opt/proxy
4.3. ãã®ãã©ã«ãã«è¡ããŸããã
root@debian9:~# cd /opt/proxy
4.4. ããã§ã¯ãææ°ã® 3proxy ããã±ãŒãžãããŠã³ããŒãããŸãããã å·çæç¹ã§ã®ææ°ã®å®å®ããŒãžã§ã³ã¯ 0.8.12 (18/04/2018) 3proxy ã®å ¬åŒ Web ãµã€ãããããŠã³ããŒãããŸãã
root@debian9:/opt/proxy# wget https://github.com/z3APA3A/3proxy/archive/0.8.12.tar.gz
4.5. ããŠã³ããŒãããã¢ãŒã«ã€ãã解åããŠã¿ãŸããã
root@debian9:/opt/proxy# tar zxvf 0.8.12.tar.gz
4.6. 解åããããã£ã¬ã¯ããªã«ç§»åããŠããã°ã©ã ããã«ãããŸã
root@debian9:/opt/proxy# cd 3proxy-0.8.12
4.7. 次ã«ããµãŒããŒãå®å šã«å¿åã«ãªãããã«ããã㌠ãã¡ã€ã«ã«è¡ãè¿œå ããå¿ èŠããããŸã (å®éã«æ©èœãããã¹ãŠããã§ãã¯ãããã¯ã©ã€ã¢ã³ã IP ã¯é衚瀺ã«ãªããŸã)ã
root@debian9:/opt/proxy/3proxy-0.8.12# nano +29 src/proxy.h
è¡ãè¿œå
#define ANONYMOUS 1
Ctrl+x ãš Enter ãæŒããŠå€æŽãä¿åããŸãã
4.8. ããã°ã©ã ãçµã¿ç«ãŠãŠã¿ãŸããã
root@debian9:/opt/proxy/3proxy-0.8.12# make -f Makefile.Linux
ã¡ã€ã¯ãã°make[2]: ãã£ã¬ã¯ããªã/opt/proxy/3proxy-0.8.12/src/plugins/TransparentPluginããçµäºããŸã
make[1]: ãã£ã¬ã¯ããªã/opt/proxy/3proxy-0.8.12/srcããçµäºããŸã
ãšã©ãŒã¯ãããŸãããç¶è¡ããŸãããã
4.9. ã·ã¹ãã ã«ããã°ã©ã ãã€ã³ã¹ããŒã«ãã
root@debian9:/opt/proxy/3proxy-0.8.12# make -f Makefile.Linux install
4.10. ã«ãŒã ãã£ã¬ã¯ããªã«ç§»åããããã°ã©ã ãã€ã³ã¹ããŒã«ãããå Žæã確èªããŸãã
root@debian9:/opt/proxy/3proxy-0.8.12# cd ~/
root@debian9:~# whereis 3proxy
3proxy: /usr/local/bin/3proxy /usr/local/etc/3proxy
4.11ã ãŠãŒã¶ãŒã®ããŒã ãã£ã¬ã¯ããªã«èšå®ãã¡ã€ã«ãšãã°çšã®ãã©ã«ããŒãäœæããŸããã
root@debian9:~# mkdir -p /home/joke/proxy/logs
4.12. èšå®ã眮ããã£ã¬ã¯ããªã«ç§»åããŸãã
root@debian9:~# cd /home/joke/proxy/
4.13ã 空ã®ãã¡ã€ã«ãäœæããããã«èšå®ãã³ããŒããŸã
root@debian9:/home/joke/proxy# cat > 3proxy.conf
3proxy.confããŒã¢ã³
pidfile /home/joke/proxy/3proxy.pid
nãµãŒããŒ8.8.8.8
nscache 65536
ãŠãŒã¶ãŒãã¹ã¿ãŒ:CL:1234
ã¿ã€ã ã¢ãŠã 1 5 30 60 180 1800 16 60
ãã°/home/joke/proxy/logs/3proxy.log D
ãã°åœ¢åŒ "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
å転3
匷ãèªèšŒ
ãã©ãã·ã¥
ãã¹ã¿ãŒãèš±å¯ãã
éŽäž -p3128
ãããã· -p8080
ä¿åããã«ã¯ãCtrl + ZãæŒããŸã
4.14ã èµ·åæã«ãšã©ãŒãåºãªãããã«pidãã¡ã€ã«ãäœæããŸãããã
root@debian9:/home/joke/proxy# cat > 3proxy.pid
ä¿åããã«ã¯ãCtrl + ZãæŒããŸã
4.15ã ãããã·ãµãŒããŒãèµ·åããŸãããïŒ
root@debian9:/home/joke/proxy# 3proxy /home/joke/proxy/3proxy.conf
4.16ã ãµãŒããŒãããŒãããªãã¹ã³ããŠãããã©ããã確èªããŠã¿ãŸããã
root@debian9:~/home/joke/proxy# netstat -nlp
ãããçµ±èšãã°ã¢ã¯ãã£ããªã€ã³ã¿ãŒãããæ¥ç¶ (ãµãŒããŒã®ã¿)
Proto Recv-Q Send-Q ããŒã«ã« ã¢ãã¬ã¹ å€éšã¢ãã¬ã¹ ç¶æ
PID/ããã°ã©ã å
tcp 0 0 0.0.0.0:8080 0.0.0.0:* 504/3ãããã·ããªãã¹ã³
tcp 0 0 0.0.0.0:22 0.0.0.0:* ãªãã¹ã³ 338/sshd
tcp 0 0 0.0.0.0:3128 0.0.0.0:* 504/3ãããã·ããªãã¹ã³
tcp6 0 0 :::22 :::* ãªãã¹ã³ 338/sshd
udp 0 0 0.0.0.0:68 0.0.0.0:* 352/dhclient
èšå®ã«æžãããŠããããã«ãWeb ãããã·ã¯ããŒã 8080 ããªãã¹ã³ããSocks5 ãããã·ã¯ããŒã 3128 ããªãã¹ã³ããŸãã
4.17ã åèµ·ååŸã«ãããã· ãµãŒãã¹ãèªåéå§ããã«ã¯ãããã cron ã«è¿œå ããå¿ èŠããããŸãã
root@debian9:/home/joke/proxy# crontab -e
è¡ãè¿œå
@reboot /usr/local/bin/3proxy /home/joke/proxy/3proxy.conf
cron ã¯è¡æ«æåã確èªããå¿ èŠããããããEnter ããŒãæŒããŠãã¡ã€ã«ãä¿åããŸãã
æ°ãã crontab ã®ã€ã³ã¹ããŒã«ã«é¢ããã¡ãã»ãŒãžã衚瀺ãããã¯ãã§ãã
crontab: æ°ãã crontab ã®ã€ã³ã¹ããŒã«
4.18ã ã·ã¹ãã ãåèµ·åãããã©ãŠã¶çµç±ã§ãããã·ã«æ¥ç¶ããŠã¿ãŸãããã 確èªããã«ã¯ãFirefox ãã©ãŠã¶ãŒ (Web ãããã·çš) ãšãèªèšŒä»ãã® Socks5 çšã® FoxyProxy ã¢ããªã³ã䜿çšããŸãã
root@debian9:/home/joke/proxy# reboot
4.19ã åèµ·ååŸã«ãããã·ã®åäœã確èªããåŸããã°ã衚瀺ã§ããŸãã ããã§ãããã·ãµãŒããŒã®èšå®ã¯å®äºã§ãã
3 ãããã·ãã°1542573996.018 PROXY.8080 00000 ãã¹ã¿ãŒ 192.168.23.10:50915 217.12.15.54:443 1193 6939 0 CONNECT_ads.yahoo.com:443_HTTP/1.1
1542574289.634 SOCK5.3128 00000 ãã¹ã¿ãŒ 192.168.23.10:51193 54.192.13.69:443 0 0 0 CONNECT_normandy.cdn.mozilla.net:443
ééçãããã· NAT æ§æã®ã»ããã¢ãããšå®è¡
ãã®æ§æã§ã¯ãå éšãããã¯ãŒã¯äžã®ãã¹ãŠã®ããã€ã¹ãããªã¢ãŒã ãããã· ãµãŒããŒãéããŠã€ã³ã¿ãŒãããäžã§ééçã«åäœããŸãã 絶察ã«ãã¹ãŠã® TCP æ¥ç¶ã¯ 2 ã€ä»¥äžã®ãããã· ãµãŒã㌠(å®éã«ãã£ãã«å¹ ãæ¡åŒµãããŸããæ§æäŸ 3 çª!) ã«ãªãã€ã¬ã¯ããããŸãã DNS ãµãŒãã¹ã¯ XNUMXproxy (dnspr) æ©èœã䜿çšããŸãã ãŸã 転éã¡ã«ããºã (Linux ã«ãŒãã«ã§ã¯ããã©ã«ãã§ç¡å¹ã«ãªã£ãŠããŸã) ã䜿çšããŠããªããããUDP ã¯å€éšã«ã移åãããŸããã
1. enp0s8 ã€ã³ã¿ãŒãã§ã€ã¹ãæå¹ã«ããŸã
root@debian9:~# nano /etc/network/interfaces
/etc/network/interfaces ãã¡ã€ã«ïŒãã®ãã¡ã€ã«ã«ã¯ãã·ã¹ãã äžã§å©çšå¯èœãªãããã¯ãŒã¯ã€ã³ã¿ãŒãã§ã€ã¹ã説æããŸã
ïŒãããŠã©ã®ããã«ããããã¢ã¯ãã£ãã«ããã 詳现ã«ã€ããŠã¯ãïŒ5ïŒã€ã³ã¿ãŒãã§ã€ã¹ãåç
§ããŠãã ããã
ãœãŒã¹ /etc/network/interfaces.d/*
ïŒã«ãŒãããã¯ãããã¯ãŒã¯ã€ã³ã¿ãŒãã§ãŒã¹
ãªãŒããã
ifaceãLOã®inetã«ãŒãããã¯
# ãã©ã€ã㪠ãããã¯ãŒã¯ ã€ã³ã¿ãŒãã§ã€ã¹
èš±å¯ããããã©ã° enp0s3
iface enp0s3 inet dhcp
# ã»ã«ã³ããªãããã¯ãŒã¯ã€ã³ã¿ãŒãã§ãŒã¹
èš±å¯ããããã©ã° enp0s8
iface enp0s8 inet éç
ã¢ãã¬ã¹192.168.201.254
ããã255.255.255.0
ããã§ã¯ãenp0s8 ã€ã³ã¿ãŒãã§ã€ã¹ã«éçã¢ãã¬ã¹ 192.168.201.254 ãšãã¹ã¯ 255.255.255.0 ãå²ãåœãŠãŸããã
èšå®ãä¿å Ctrl+X ããŠåèµ·åããŸã
root@debian9:~# reboot
2. ã€ã³ã¿ãŒãã§ãŒã¹ã®ç¢ºèª
root@debian9:~# ifconfig
ifconfig ãã°enp0s3: ãã©ã°=4163 MTU 1500
inet 192.168.23.11 ããããã¹ã¯ 255.255.255.0 ãããŒããã£ã¹ã 192.168.23.255
inet6 fe80::a00:27ff:fec2:bae4 prefixlen 64scopeid 0x20 ether 08:00:27:c2:ba:e4 txqueuelen 1000 (ã€ãŒãµããã)
RX ãã±ãã 61 ãã€ã 7873 (7.6 KiB)
RX ãšã©ãŒ 0 ãããã 0 ãªãŒããŒã©ã³ 0 ãã¬ãŒã 0
TX ãã±ãã 65 ãã€ã 10917 (10.6 KiB)
TX ãšã©ãŒ 0 ãããã 0 ãªãŒããŒã©ã³ 0 ãã£ãªã¢ 0 ã³ãªãžã§ã³ 0
enp0s8: ãã©ã°=4163 MTU 1500
inet 192.168.201.254 ããããã¹ã¯ 255.255.255.0 ãããŒããã£ã¹ã 192.168.201.255
inet6 fe80::a00:27ff:fe79:a7e3 prefixlen 64scopeid 0x20 ether 08:00:27:79:a7:e3 txqueuelen 1000 (ã€ãŒãµããã)
RX ãã±ãã 0 ãã€ã 0 (0.0 B)
RX ãšã©ãŒ 0 ãããã 0 ãªãŒããŒã©ã³ 0 ãã¬ãŒã 0
TX ãã±ãã 8 ãã€ã 648 (648.0 B)
TX ãšã©ãŒ 0 ãããã 0 ãªãŒããŒã©ã³ 0 ãã£ãªã¢ 0 ã³ãªãžã§ã³ 0
lo: ãã©ã°=73 mtu 65536
inet 127.0.0.1 ããããã¹ã¯ 255.0.0.0
inet6 ::1 prefixlen 128 ã¹ã³ãŒã ID 0x10 ã«ãŒã txqueuelen 1 (ããŒã«ã« ã«ãŒãããã¯)
RX ãã±ãã 0 ãã€ã 0 (0.0 B)
RX ãšã©ãŒ 0 ãããã 0 ãªãŒããŒã©ã³ 0 ãã¬ãŒã 0
TX ãã±ãã 0 ãã€ã 0 (0.0 B)
TX ãšã©ãŒ 0 ãããã 0 ãªãŒããŒã©ã³ 0 ãã£ãªã¢ 0 ã³ãªãžã§ã³ 0
3. ãã¹ãŠãããŸããããŸããã次ã«ãééãããã·çšã« 3proxy ãèšå®ããå¿ èŠããããŸãã
root@debian9:~# cd /home/joke/proxy/
root@debian9:/home/joke/proxy# cat > 3proxytransp.conf
ééãããã·ãµãŒãNo.1ã®æ§æäŸããŒã¢ã³
pidfile /home/joke/proxy/3proxy.pid
nãµãŒããŒ8.8.8.8
nscache 65536
ã¿ã€ã ã¢ãŠã 1 5 30 60 180 1800 16 60
ãã°/home/joke/proxy/logs/3proxy.log D
ãã°åœ¢åŒ "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
å転3
ãã©ãã·ã¥
ç¬å çã«èªèšŒãã
dnspr
èš±å¯ãã *
芪 1000 ãœãã¯ã¹ 5 EXTERNAL_PROXY ã® IP ã¢ãã¬ã¹ 3128 ãã¹ã¿ãŒ 1234
ãã©ã°ã€ã³ /opt/proxy/3proxy-0.8.12/src/TransparentPlugin.ld.soparent_plugin
tcppm -i0.0.0.0 888 127.0.0.1 11111
4. æ°ããèšå®ã§ 3proxy ãèµ·åããŸãã
root@debian9:/home/joke/proxy# /usr/local/bin/3proxy /home/joke/proxy/3proxytransp.conf
5. å床crontabã«è¿œå
root@debian9:/home/joke/proxy# crontab -e
@reboot /usr/local/bin/3proxy /home/joke/proxy/3proxytransp.conf
6. ãããã·ãä»äœãèããŠãããèŠãŠã¿ãŸããã
root@debian9:~# netstat -nlp
ãããçµ±èšãã°ã¢ã¯ãã£ããªã€ã³ã¿ãŒãããæ¥ç¶ (ãµãŒããŒã®ã¿)
Proto Recv-Q Send-Q ããŒã«ã« ã¢ãã¬ã¹ å€éšã¢ãã¬ã¹ ç¶æ
PID/ããã°ã©ã å
tcp 0 0 0.0.0.0:22 0.0.0.0:* ãªãã¹ã³ 349/sshd
tcp 0 0 0.0.0.0:888 0.0.0.0:* 354/3ãããã·ããªãã¹ã³
tcp6 0 0 :::22 :::* ãªãã¹ã³ 349/sshd
udp 0 0 0.0.0.0:53 0.0.0.0:* 354/3ãããã·
udp 0 0 0.0.0.0:68 0.0.0.0:* 367/dhclient
7. ããã§ããããã·ã¯ããŒã 888 㧠TCP æ¥ç¶ãããŒã 53 㧠DNS ãåãå ¥ããæºåãæŽãããªã¢ãŒãã® Socks5 ãããã·ãš DNS Google 8.8.8.8 ã«ãªãã€ã¬ã¯ãã§ããããã«ãªããŸãã å¿ èŠãªã®ã¯ãã¢ãã¬ã¹ãçºè¡ããããã® netfilter (iptables) ãš DHCP ã«ãŒã«ãæ§æããããšã ãã§ãã
8. iptables-persistent ããã³ dhcpd ããã±ãŒãžãã€ã³ã¹ããŒã«ããŸã
root@debian9:~# apt-get install iptables-persistent isc-dhcp-server
9. dhcpd èµ·åãã¡ã€ã«ãç·šéããŸãã
root@debian9:~# nano /etc/dhcp/dhcpd.conf
dhcpd.confïŒdhcpd.conf
#
# ISC dhcpd ã®ãµã³ãã«èšå®ãã¡ã€ã«
#
# ãµããŒããããŠãããã¹ãŠã®ãããã¯ãŒã¯ã«å
±éã®ãªãã·ã§ã³å®çŸ©âŠ
ãªãã·ã§ã³ ãã¡ã€ã³å "example.org";
ãªãã·ã§ã³domain-name-serversns1.example.orgãns2.example.org;
ããã©ã«ã-ãªãŒã¹æé600;
æ倧ãªãŒã¹æé7200;
ddns-update-style ãªãã
ïŒãã®DHCPãµãŒããŒãããŒã«ã«ã®å
¬åŒDHCPãµãŒããŒã§ããå Žå
# network ã§ã¯ãæš©éã®ãããã£ã¬ã¯ãã£ãã®ã³ã¡ã³ãã解é€ããå¿
èŠããããŸãã
æš©åšãã;
# å
éšãµããããã®æ§æã¯è¥å¹²ç°ãªããŸãã
ãµãããã192.168.201.0ããããã¹ã¯255.255.255.0 {
ç¯å²192.168.201.10;
ãªãã·ã§ã³domain-name-servers192.168.201.254;
ãªãã·ã§ã³ã«ãŒã¿ãŒ192.168.201.254;
ãªãã·ã§ã³broadcast-address192.168.201.255;
ããã©ã«ã-ãªãŒã¹æé600;
æ倧ãªãŒã¹æé7200;
}
11. åèµ·åããŠããŒã 67 ã®ãµãŒãã¹ã確èªããŸãã
root@debian9:~# reboot
root@debian9:~# netstat -nlp
ãããçµ±èšãã°ã¢ã¯ãã£ããªã€ã³ã¿ãŒãããæ¥ç¶ (ãµãŒããŒã®ã¿)
Proto Recv-Q Send-Q ããŒã«ã« ã¢ãã¬ã¹ å€éšã¢ãã¬ã¹ ç¶æ
PID/ããã°ã©ã å
tcp 0 0 0.0.0.0:22 0.0.0.0:* ãªãã¹ã³ 389/sshd
tcp 0 0 0.0.0.0:888 0.0.0.0:* 310/3ãããã·ããªãã¹ã³
tcp6 0 0 :::22 :::* ãªãã¹ã³ 389/sshd
udp 0 0 0.0.0.0:20364 0.0.0.0:* 393/dhcpd
udp 0 0 0.0.0.0:53 0.0.0.0:* 310/3ãããã·
udp 0 0 0.0.0.0:67 0.0.0.0:* 393/dhcpd
udp 0 0 0.0.0.0:68 0.0.0.0:* 405/dhclient
udp6 0 0 :::31728 :::* 393/dhcpd
ç 0 0 0.0.0.0:1 0.0.0.0:* 393/dhcpd
12. æ®ã£ãŠããã®ã¯ããã¹ãŠã® TCP ãªã¯ãšã¹ããããŒã 888 ã«ãªãã€ã¬ã¯ãããã«ãŒã«ã iptables ã«ä¿åããããšã ãã§ãã
root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.201.0/24 -p tcp -j REDIRECT --to-ports 888
root@debian9:~# iptables-save > /etc/iptables/rules.v4
13. ãã£ãã«åž¯åå¹ ãæ¡åŒµããããã«ãè€æ°ã®ãããã· ãµãŒããŒãåæã«äœ¿çšã§ããŸãã åèšã¯ 1000 ã§ããå¿ èŠããããŸããæå®ããããããã· ãµãŒããŒãžã®æ°ããæ¥ç¶ã¯ã0.2ã0.2ã0.2ã0.2ã0,1ã0,1 ã®ç¢ºçã§ç¢ºç«ãããŸãã
泚: Web ãããã·ãããå Žåã¯ãsocks5 ã®ä»£ããã« connectãsocks4 ã®å Žå㯠sock4 ãšèšè¿°ããå¿ èŠããããŸã (socks4 ã¯ãã°ã€ã³/ãã¹ã¯ãŒãèªèšŒããµããŒãããŠããŸãã!)
ééãããã·ãµãŒãNo.2ã®æ§æäŸããŒã¢ã³
pidfile /home/joke/proxy/3proxy.pid
nãµãŒããŒ8.8.8.8
nscache 65536
ããã¯ã¹ã³ã³ 500
ã¿ã€ã ã¢ãŠã 1 5 30 60 180 1800 16 60
ãã°/home/joke/proxy/logs/3proxy.log D
ãã°åœ¢åŒ "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
å転3
ãã©ãã·ã¥
ç¬å çã«èªèšŒãã
dnspr
èš±å¯ãã *
芪 200 éŽäž 5 IP_ADDRESS_EXTERNAL_PROXY#1 3128 ãã¹ã¿ãŒ 1234
芪 200 éŽäž 5 IP_ADDRESS_EXTERNAL_PROXY#2 3128 ãã¹ã¿ãŒ 1234
芪 200 éŽäž 5 IP_ADDRESS_EXTERNAL_PROXY#3 3128 ãã¹ã¿ãŒ 1234
芪 200 éŽäž 5 IP_ADDRESS_EXTERNAL_PROXY#4 3128 ãã¹ã¿ãŒ 1234
芪 100 éŽäž 5 IP_ADDRESS_EXTERNAL_PROXY#5 3128 ãã¹ã¿ãŒ 1234
芪 100 éŽäž 5 IP_ADDRESS_EXTERNAL_PROXY#6 3128 ãã¹ã¿ãŒ 1234
ãã©ã°ã€ã³ /opt/proxy/3proxy-0.8.12/src/TransparentPlugin.ld.soparent_plugin
tcppm -i0.0.0.0 888 127.0.0.1 11111
NAT + ééçãããã·æ§æã®ã»ããã¢ãããšå®è¡
ãã®æ§æã§ã¯ãåã ã®ã¢ãã¬ã¹ãŸãã¯ãµããããã®éžæçãŸãã¯å®å šãªééçãããã·ãåããéåžžã® NAT ã¡ã«ããºã ã䜿çšããŸãã å éšãããã¯ãŒã¯ ãŠãŒã¶ãŒã¯ããããã·ãä»ããŠäœæ¥ããŠããããšã«æ°ä»ããã«ãç¹å®ã®ãµãŒãã¹/ãµããããã䜿çšããŸãã ãã¹ãŠã® https æ¥ç¶ã¯æ£åžžã«æ©èœãã蚌ææžãçæ/眮æããå¿ èŠã¯ãããŸããã
ãŸãããããã·ãããµãããã/ãµãŒãã¹ã決å®ããŸãããã pandora.com ã®ãããªãµãŒãã¹ãåäœããå Žæã«å€éšãããã·ãé 眮ãããŠãããšä»®å®ããŸãã ããã§ããµãããã/ã¢ãã¬ã¹ã決å®ããå¿ èŠããããŸãã
1.ãã³ã°
root@debian9:~# ping pandora.com
PING pandora.com (208.85.40.20) 56(84) ãã€ãã®ããŒã¿ã
2. Google ã«ãBGP 208.85.40.20ããšå ¥åããŸãã
çŸå Žã«è¡ã£ãŠã¿ãŸããã
æ¢ããŠãããµãããã㯠AS40428 Pandora Media, Inc ã§ããããšãããããŸãã
v4 ãã¬ãã£ãã¯ã¹ãéã
å¿ èŠãªãµããããã¯æ¬¡ã®ãšããã§ãã
199.116.161.0/24
199.116.162.0/24
199.116.164.0/23
199.116.164.0/24
199.116.165.0/24
208.85.40.0/24
208.85.41.0/24
208.85.42.0/23
208.85.42.0/24
208.85.43.0/24
208.85.44.0/24
208.85.46.0/23
208.85.46.0/24
208.85.47.0/24
3. ãµããããã®æ°ãæžããã«ã¯ãéçŽãå®è¡ããå¿
èŠããããŸãã ãµã€ãã«è¡ã
199.116.161.0/24
199.116.162.0/24
199.116.164.0/23
208.85.40.0/22
208.85.44.0/24
208.85.46.0/23
4. iptables ã«ãŒã«ãã¯ãªã¢ãã
root@debian9:~# iptables -F
root@debian9:~# iptables -X
root@debian9:~# iptables -t nat -F
root@debian9:~# iptables -t nat -X
転éããã³ NAT ã¡ã«ããºã ãæå¹ã«ãã
root@debian9:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@debian9:~# iptables -A FORWARD -i enp0s3 -o enp0s8 -j ACCEPT
root@debian9:~# iptables -A FORWARD -i enp0s8 -o enp0s3 -j ACCEPT
root@debian9:~# iptables -t nat -A POSTROUTING -o enp0s3 -s 192.168.201.0/24 -j MASQUERADE
åèµ·ååŸã«è»¢éãæ°žç¶çã«æå¹ã«ãªãããã«ããã«ã¯ããã¡ã€ã«ãå€æŽããŸããã
root@debian9:~# nano /etc/sysctl.conf
ãããŠè¡ã®ã³ã¡ã³ããå€ããŸã
net.ipv4.ip_forward = 1
Ctrl+X ã§ãã¡ã€ã«ãä¿åããŸã
5. pandora.com ãµããããããããã·ã§ã©ããããŸã
root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.201.0/24 -d 199.116.161.0/24,199.116.162.0/24,199.116.164.0/23,208.85.40.0/22,208.85.44.0/24,208.85.46.0/23 -p tcp -j REDIRECT --to-ports 888
6. ã«ãŒã«ãå®ããŸããã
root@debian9:~# iptables-save > /etc/iptables/rules.v4
ã«ãŒã¿ãŒæ§æã«ããééãããã·ã®ã»ããã¢ãããšå®è¡
ãã®æ§æã§ã¯ãééãããã· ãµãŒããŒã¯ã家åº/äŒæ¥ã«ãŒã¿ãŒã®èåŸã«ããå¥åã® PC ãŸãã¯ä»®æ³ãã·ã³ã«ããããšãã§ããŸãã ã«ãŒã¿ãŒãŸãã¯ããã€ã¹ã«éçã«ãŒããç»é²ããã ãã§ååã§ããè¿œå ã®èšå®ã¯å¿ èŠãªãããµããããå šäœã§ãããã·ã䜿çšãããŸãã
éèŠïŒ ã²ãŒããŠã§ã€ãã«ãŒã¿ãŒããéç IP ãåä¿¡ããããã²ãŒããŠã§ã€èªäœãéçã«ãªãããã«æ§æãããŠããå¿ èŠããããŸãã
1. éçã²ãŒããŠã§ã€ã¢ãã¬ã¹ (enp0s3 ã¢ããã¿ãŒ) ãæ§æããŸãã
root@debian9:~# nano /etc/network/interfaces
/etc/network/interfaces ãã¡ã€ã«ïŒãã®ãã¡ã€ã«ã«ã¯ãã·ã¹ãã äžã§å©çšå¯èœãªãããã¯ãŒã¯ã€ã³ã¿ãŒãã§ã€ã¹ã説æããŸã
ïŒãããŠã©ã®ããã«ããããã¢ã¯ãã£ãã«ããã 詳现ã«ã€ããŠã¯ãïŒ5ïŒã€ã³ã¿ãŒãã§ã€ã¹ãåç
§ããŠãã ããã
ãœãŒã¹ /etc/network/interfaces.d/*
ïŒã«ãŒãããã¯ãããã¯ãŒã¯ã€ã³ã¿ãŒãã§ãŒã¹
ãªãŒããã
ifaceãLOã®inetã«ãŒãããã¯
# ãã©ã€ã㪠ãããã¯ãŒã¯ ã€ã³ã¿ãŒãã§ã€ã¹
èš±å¯ããããã©ã° enp0s3
iface enp0s3 inet éç
ã¢ãã¬ã¹192.168.23.2
ããã255.255.255.0
192.168.23.254ã²ãŒããŠã§ã€
# ã»ã«ã³ããªãããã¯ãŒã¯ã€ã³ã¿ãŒãã§ãŒã¹
èš±å¯ããããã©ã° enp0s8
iface enp0s8 inet éç
ã¢ãã¬ã¹192.168.201.254
ããã255.255.255.0
2. 192.168.23.0/24 ãµããããã®ããã€ã¹ã«ãããã·ã®äœ¿çšãèš±å¯ããŸãã
root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.23.0/24 -d 199.116.161.0/24,199.116.162.0/24,199.116.164.0/23,208.85.40.0/22,208.85.44.0/24,208.85.46.0/23 -p tcp -j REDIRECT --to-ports 888
3. ã«ãŒã«ãå®ããŸããã
root@debian9:~# iptables-save > /etc/iptables/rules.v4
4.ã«ãŒã¿ãŒã«ãµãããããç»é²ããŸããã
ã«ãŒã¿ãŒãããã¯ãŒã¯ãªã¹ã199.116.161.0 255.255.255.0 192.168.23.2
199.116.162.0 255.255.255.0 192.168.23.2
199.116.164.0 255.255.254.0 192.168.23.2
208.85.40.0 255.255.252.0 192.168.23.2
208.85.44.0 255.255.255.0 192.168.23.2
208.85.46.0 255.255.254.0 192.168.23.2
䜿çšãããææ/è³æº
1. 3proxy ããã°ã©ã ã®å
¬åŒ Web ãµã€ã
2. ãœãŒã¹ãã 3proxy ãã€ã³ã¹ããŒã«ããæé
3. GitHub äžã® 3proxy éçºãã©ã³ã
åºæïŒ habr.com