ProHoster > Π‘Π»ΠΎΠ³ > administratio > Basics de pellucentia ineundo utendo 3proxy et iptables/netfilter vel quomodo "omnia per procuratorem pone"

Basics de pellucentia ineundo utendo 3proxy et iptables/netfilter vel quomodo "omnia per procuratorem pone"

In hoc articulo possibilitates perspicui procurationis revelare vellem, quae tibi permittit ut omnem vel partem negocii per externum procuratorem servientium clientium prorsus inobservatum redigas.

Cum solvendo hanc quaestionem incepi, coram eo sum quod eius exsecutio unam quaestionem significantem habuit - protocollum HTTPS. Antiquis diebus nullae speciales quaestiones cum perlucido HTTP ineundo fuerunt, sed cum HTTPS procurando navigatores renuntiaverunt impedimentum cum protocollo et ubi felicitas finitur.

In communi instructiones pro servo Squid procuratorio, etiam testimonium suum gignendo suggerunt et in clientibus instituunt, quae nugae plenae sunt saltem, irrationales et similes impetum MITM. Scio Squid simile iam facere posse, sed hic articulus est de probanda et operando methodo utendi 3proxy ex 3APA3A observata.

Deinde singillatim inspiciemus processum aedificationis 3proxy e fonte, eius configuratione, plenam ac selectivam procuratorem utendi NAT, canalem distribuendi ad plures procuratores externos, necnon usum itineris et viarum staticarum. Utimur Debian 9 x64 ut OS. Incipe!

Installing 3proxy et currit iusto procuratorem server

1. install ifconfig (ex rete tools sarcina)
apt-get install net-tools
2. mediae ducem Install
apt-get install mc
3. Nunc habemus 2 valium;
enp0s3 - externum, Internet spectat
enp0s8 - interna, inspicere debet retiacula localia
In aliis distributionibus Debian-fundatis interfaces eth0 et eth1 nominari solent.
ifconfig -a

Interfacesenp0s3: flags=4163 mtu 1500
inet 192.168.23.11 netmask 255.255.255.0 iaci 192.168.23.255
inet6 fe80::a00:27ff:fec2:bae4 prefixlen 64 scopeid 0x20 ether 08:00:27:c2:ba:e4 txqueuelen 1000 (Ethernet)
RX facis 6412 bytes 8676619 (8.2 MiB)
RX errores 0 omissa 0 eliminandos 0 frame 0
TX facis 1726 bytes 289128 (282.3 KiB)
TX errores 0 demissis 0 overruns 0 carrier 0 collisionibus 0

enp0s8: flags=4098 mtu 1500
eter 08:00:27:79:a7:e3 txqueuelen 1000 (Ethernet)
RX facis 0 bytes 0 (0.0 B)
RX errores 0 omissa 0 eliminandos 0 frame 0
TX facis 0 bytes 0 (0.0 B)
TX errores 0 demissis 0 overruns 0 carrier 0 collisionibus 0

lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10 ansa txqueuelen 1 (Loop Loopback)
RX facis 0 bytes 0 (0.0 B)
RX errores 0 omissa 0 eliminandos 0 frame 0
TX facis 0 bytes 0 (0.0 B)
TX errores 0 demissis 0 overruns 0 carrier 0 collisionibus 0

Interfaces enp0s8 non nunc adhibetur, id dabimus cum proxy NAT vel NAT configuratione uti volumus. Inde est, quod logicum esset IP stabilitatem assignare.

4. Sit scriptor satus installing 3proxy

4.1 Installing basic packages ut ex fontibus componendis 3proxy

root@debian9:~# apt-get install build-essential libevent-dev libssl-dev -y

4.2. Faciamus folder pro archivo downloading apud fontes

root@debian9:~# mkdir -p /opt/proxy

4.3. Eamus ad hunc folder

root@debian9:~# cd /opt/proxy

4.4. Nunc scriptor download 3proxy novissimam sarcinam. In tempore scribendi recentissima versio stabilis erat 0.8.12 (18/04/2018) Download eam e tabula publica 3proxy

root@debian9:/opt/proxy# wget https://github.com/z3APA3A/3proxy/archive/0.8.12.tar.gz

4.5. Lets EXIMO in archivo downloaded

root@debian9:/opt/proxy# tar zxvf 0.8.12.tar.gz

4.6. Vade ad pacto Directory aedificare progressio

root@debian9:/opt/proxy# cd 3proxy-0.8.12

4.7. Deinceps lineam tituli tituli addere necesse est ut servitor noster omnino anonymus sit (realiter opera omnia inhibetur, client IPs occultantur)

root@debian9:/opt/proxy/3proxy-0.8.12# nano +29 src/proxy.h

Adde lineam

#define ANONYMOUS 1

Press CtrlTab + x et Intra servare mutationes.

4.8. Progressio est scriptor satus congregans

root@debian9:/opt/proxy/3proxy-0.8.12# make -f Makefile.Linux

Makelogfac[2]: Relinquens directorium '/opt/proxy/3proxy-0.8.12/src/plugins/TransparentPlugin'
fac[1]: Relinquens directorium '/opt/proxy/3proxy-0.8.12/src'

Nulli errores, pergamus.

4.9. Progressio in systema install

root@debian9:/opt/proxy/3proxy-0.8.12# make -f Makefile.Linux install

4.10. Vade ad radices directorium et vide ubi programma inauguratus est

root@debian9:/opt/proxy/3proxy-0.8.12# cd ~/
root@debian9:~# whereis 3proxy
3proxy: /usr/locus/bin/3proxy/usr/locus/etc/3proxy

4.11. Faciamus folder pro configuratione lima et trabes in user scriptor domum directorium

root@debian9:~# mkdir -p /home/joke/proxy/logs

4.12. Vade ad indicem ubi aboutconfig debet esse

root@debian9:~# cd /home/joke/proxy/

4.13. Create inanis lima et effingo aboutconfig ibi

root@debian9:/home/joke/proxy# cat > 3proxy.conf

3proxy.confdaemon
pidfile /home/joke/proxy/3proxy.pid
nserver 8.8.8.8
nscache 65536
users test: CL:1234
timeouts 1 5 30 60 180 1800 16 60
log /home/joke/proxy/logs/3proxy.log D
logformat "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
VII CIRCUMAGO
auth fortis
Suspendisse
patitur robustum
tibialia -p3128
ineundo -p8080

Servare, premere Ctrl + Z

4.14. Fasciculum pid creare faciamus ut errores in startup non sint.

root@debian9:/home/joke/proxy# cat > 3proxy.pid

Servare, premere Ctrl + Z

4.15. Mittamus procuratorem!

root@debian9:/home/joke/proxy# 3proxy /home/joke/proxy/3proxy.conf

4.16. Videamus an servo auscultat in portubus

root@debian9:~/home/joke/proxy# netstat -nlp

netstat logActive Internet hospites (tantum servers)
Proto Recv-Q Mitte-Q Locus Oratio Aliena Oratio publica PID / Program nomen
tcp 0 0 0.0.0.0:8080 0.0.0.0:* AURIS 504/3proxy
tcp 0 0 0.0.0.0:22 0.0.0.0:* AUSPICIUM 338/sshd
tcp 0 0 0.0.0.0:3128 0.0.0.0:* AURIS 504/3proxy
tcp6 0 0 :::22 :::* 338 AURIS/sshd
udp 0 0 0.0.0.0:68 0.0.0.0:* 352/dhclient

Sicut in config scriptum est, procurator noster web portum 8080 auscultat, Socks5 procuratorem portum 3128 auscultat.

4.17. Ad autostart officium procuratoris post reboot, debes illud cron addere.

root@debian9:/home/joke/proxy# crontab -e

Adde lineam

@reboot /usr/local/bin/3proxy /home/joke/proxy/3proxy.conf

Premimus Intra, quoniam cron finem lineae videre debet et tabellam servare.

Nuntius futurus sit de nova crontab institutione.

crontab: installing novum crontab

4.18. Sit scriptor systema reboot et per navigatrum procuratorem coniungere conantur. Ad reprimendam, pasco Firefox utimur (pro procuratorio telae) et FoxyProxy addendi pro socks5 cum authenticas.

root@debian9:/home/joke/proxy# reboot

4.19. Postquam inhibita operatione procuratoris post reboot, acta videre potes. Hoc perficit procuratorem servo setup.

3 ineundo log1542573996.018 PROXY.8080 00000 testor 192.168.23.10:50915 217.12.15.54:443 1193 6939 0 CONNECT_ads.yahoo.com:443_HTTP/1.1
1542574289.634 SOCK5.3128 00000 testor 192.168.23.10:51193 54.192.13.69:443 0 0 0

Proxy currens et currens Proxy Nat configuratione

In hac configuratione, omnes cogitationes in retis internae luculenter operantur in Interrete per remotum procuratorem. Absolute omnes TCP nexus ad unum vel plures redirecti erunt (realiter dilatationem canalem latitudinem, figuram exemplum No. 2!) procuratorium ministrantium. DNS ministerium adhibebit 3proxy (dnspr) facultatibus. UDP non "extra" exibit, cum nondum machinatione anteriore (debilitata in nucleo Linux debilis).

1. Aliquam enp0s8 ad enable in interface

root@debian9:~# nano /etc/network/interfaces

/etc/network/interfaces file# Haec file describitur per network interfaces available in vestri ratio
# Et quomodo eos movere. For more information, see interfaces (5).

source /etc/network/interfaces.d/*

# In loopback network interface
currus eius
iface lo inet loopback

# Prima network interface
patitur-hotplug enp0s3
iface enp0s3 inet dhcp

# Secundarium network interface
patitur-hotplug enp0s8
iface enp0s8 inet static
oratio 192.168.201.254
netmask 255.255.255.0

Hic adscripsimus enp0s8 interfaciem electronicam statice 192.168.201.254 et larvam 255.255.255.0
Servo aboutconfig CtrlTab + X et reboot

root@debian9:~# reboot

2. Reprehendo interfaces

root@debian9:~# ifconfig

ifconfig logenp0s3: flags=4163 mtu 1500
inet 192.168.23.11 netmask 255.255.255.0 iaci 192.168.23.255
inet6 fe80::a00:27ff:fec2:bae4 prefixlen 64 scopeid 0x20 ether 08:00:27:c2:ba:e4 txqueuelen 1000 (Ethernet)
RX facis 61 bytes 7873 (7.6 KiB)
RX errores 0 omissa 0 eliminandos 0 frame 0
TX facis 65 bytes 10917 (10.6 KiB)
TX errores 0 demissis 0 overruns 0 carrier 0 collisionibus 0

enp0s8: flags=4163 mtu 1500
inet 192.168.201.254 netmask 255.255.255.0 iaci 192.168.201.255
inet6 fe80::a00:27ff:fe79:a7e3 prefixlen 64 scopeid 0x20 aether 08:00:27:79:a7:e3 txqueuelen 1000 (Ethernet)
RX facis 0 bytes 0 (0.0 B)
RX errores 0 omissa 0 eliminandos 0 frame 0
TX facis 8 bytes 648 (648.0 B)
TX errores 0 demissis 0 overruns 0 carrier 0 collisionibus 0

lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10 ansa txqueuelen 1 (Loop Loopback)
RX facis 0 bytes 0 (0.0 B)
RX errores 0 omissa 0 eliminandos 0 frame 0
TX facis 0 bytes 0 (0.0 B)
TX errores 0 demissis 0 overruns 0 carrier 0 collisionibus 0

3. Omnia elaborata, nunc 3proxy configurare debes ad perlucidum ineundum.

root@debian9:~# cd /home/joke/proxy/
root@debian9:/home/joke/proxy# cat > 3proxytransp.conf

Exemplum de configuratione procuratoris perspicui No. 1daemon
pidfile /home/joke/proxy/3proxy.pid
nserver 8.8.8.8
nscache 65536
timeouts 1 5 30 60 180 1800 16 60
log /home/joke/proxy/logs/3proxy.log D
logformat "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
VII CIRCUMAGO
Suspendisse
auth iponly
dnspr
patitur *
parens 1000 socks5 IP_ADDRESS OF EXTERNAL_PROXY 3128 probator 1234
plugin / opt/proxy/3proxy-0.8.12/src/TransparentPlugin.ld.so transparent_plugin
tcppm -i0.0.0.0 888 127.0.0.1 11111

4. Nunc 3proxy demittimus cum novo config
root@debian9:/home/joke/proxy# /usr/local/bin/3proxy /home/joke/proxy/3proxytransp.conf

5. Add to crontab iterum
root@debian9:/home/joke/proxy# crontab -e
@reboot /usr/local/bin/3proxy /home/joke/proxy/3proxytransp.conf

6. Videamus quid nunc auscultat procurator noster
root@debian9:~# netstat -nlp

netstat logActive Internet hospites (tantum servers)
Proto Recv-Q Mitte-Q Locus Oratio Aliena Oratio publica PID / Program nomen
tcp 0 0 0.0.0.0:22 0.0.0.0:* AUSPICIUM 349/sshd
tcp 0 0 0.0.0.0:888 0.0.0.0:* AURIS 354/3proxy
tcp6 0 0 :::22 :::* 349 AURIS/sshd
udp 0 0 0.0.0.0:53 0.0.0.0:* 354/3proxy
udp 0 0 0.0.0.0:68 0.0.0.0:* 367/dhclient

7. Procurator nunc paratus est nexus quoslibet TCP recipere in portu 888, DNS in portum 53, ita ut tunc ad longinquum socks5 redirectum ineundo et DNS Google 8.8.8.8. Omnes faciendum nobis est configurare netfilter (iptables) et regulas DHCP pro inscriptionibus ferendis.

8. Install iptables-pertinax et dhcpd sarcina

root@debian9:~# apt-get install iptables-persistent isc-dhcp-server

9. Edit file in dhcpd startup
root@debian9:~# nano /etc/dhcp/dhcpd.conf

dhcpd.conf# dhcpd.conf
#
# Sample configuration file pro ISC dhcpd
#

# Definitiones optiones communes omnibus reticulis fulti…
option domain-name "exemplum.org";
option domain-name-servers ns1.example.org, ns2.example.org;

defectus purus, tempor DC;
max-alterius tempus 7200;

ddns-style none;

# Si DHCP server est officialis DHCP servo pro loci
# retis, auctoritas directiva incomprehensibilis esse debet.

vit;

# Paulo aliter conformatio pro subnet interno.
subnet 192.168.201.0 netmask 255.255.255.0 {
rhoncus 192.168.201.10 192.168.201.250;
option domain-name-servers 192.168.201.254;
iter itineris 192.168.201.254 optio;
optio radiophonicus, 192.168.201.255 inscriptio:
defectus purus, tempor DC;
max-alterius tempus 7200;
}

11. Reboot deprime ministerium in portum LXVII
root@debian9:~# reboot
root@debian9:~# netstat -nlp

netstat logActive Internet hospites (tantum servers)
Proto Recv-Q Mitte-Q Locus Oratio Aliena Oratio publica PID / Program nomen
tcp 0 0 0.0.0.0:22 0.0.0.0:* AUSPICIUM 389/sshd
tcp 0 0 0.0.0.0:888 0.0.0.0:* AURIS 310/3proxy
tcp6 0 0 :::22 :::* 389 AURIS/sshd
udp 0 0 0.0.0.0:20364 0.0.0.0:* 393/dhcpd
udp 0 0 0.0.0.0:53 0.0.0.0:* 310/3proxy
udp 0 0 0.0.0.0:67 0.0.0.0:* 393/dhcpd
udp 0 0 0.0.0.0:68 0.0.0.0:* 405/dhclient
udp6 0 0 :::31728 :::* 393/dhcpd
rudis 0 0 0.0.0.0:1 0.0.0.0:* 393/dhcpd

12. Omne reliquum est omnes tcp petitiones ad portum 888 redigere et regulam in iptables servare

root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.201.0/24 -p tcp -j REDIRECT --to-ports 888

root@debian9:~# iptables-save > /etc/iptables/rules.v4

13. Dilatare bandam canalem, pluribus procuratoribus simul uti potes. Summa debet esse 1000. Novae nexus probabilitate constituuntur 0.2, 0.2, 0.2, 0.2, 0,1, 0,1 ad praefinitum procuratorem.

Nota: si telam ineundo habemus, pro socks5 scribere necesse est coniungere, si socks4, tum socks4 (socks4 non sustinet LOGIN/SIGNUM AUCTORITAS!)

Exemplum de configuratione procuratoris perspicui No. 2daemon
pidfile /home/joke/proxy/3proxy.pid
nserver 8.8.8.8
nscache 65536
maxconn 500
timeouts 1 5 30 60 180 1800 16 60
log /home/joke/proxy/logs/3proxy.log D
logformat "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
VII CIRCUMAGO
Suspendisse
auth iponly
dnspr
patitur *

parens 200 socks5 IP_ADDRESS_EXTERNAL_PROXY#1 3128 probator 1234
parens 200 socks5 IP_ADDRESS_EXTERNAL_PROXY#2 3128 probator 1234
parens 200 socks5 IP_ADDRESS_EXTERNAL_PROXY#3 3128 probator 1234
parens 200 socks5 IP_ADDRESS_EXTERNAL_PROXY#4 3128 probator 1234
parens 100 socks5 IP_ADDRESS_EXTERNAL_PROXY#5 3128 probator 1234
parens 100 socks5 IP_ADDRESS_EXTERNAL_PROXY#6 3128 probator 1234

plugin / opt/proxy/3proxy-0.8.12/src/TransparentPlugin.ld.so transparent_plugin
tcppm -i0.0.0.0 888 127.0.0.1 11111

Proxy

In hac figura, solitum NAT mechanismum cum electionibus selectivis vel perspicuis procursionibus singularum vel subnetuum adhibebimus. Internum retis utentes operari cum aliquibus servitiis/subnets sine ullo intellegens se per procuratorem operari. Omnes nexus nexus bene operantur, nulla testimonia generanda/reponuntur.

Primum, quae subnet/officia procuratorio nominemus decernamus. Ponamus quod procuratores externi locantur ubi servitium pandora.com operatur. Nunc superest ut subnet/inscriptiones eius definiant.

1. Ping

root@debian9:~# ping pandora.com
PING pandora.com (208.85.40.20) 56(84) bytes of data.

2. Typus BGP 208.85.40.20 in Google

Ad locum bgp.he.net/net/208.85.40.0/24#_netinfo
Pandora Media, Inc . subnet videri potest

bgp.he.net/net/208.85.40.0/24#_netinfo

foramen v4 praefixis

bgp.he.net/AS40428#_praefixes

Hic sunt subnet inquisiti!

199.116.161.0/24
199.116.162.0/24
199.116.164.0/23
199.116.164.0/24
199.116.165.0/24
208.85.40.0/24
208.85.41.0/24
208.85.42.0/23
208.85.42.0/24
208.85.43.0/24
208.85.44.0/24
208.85.46.0/23
208.85.46.0/24
208.85.47.0/24

3. Ad numerum subnetorum reducere, aggregationem praestare debes. Ad locum ip-calculator.ru/aggregate et indicem nostrum ibi imitamini. Quam ob rem β€” 6 subnets loco XIIII.

199.116.161.0/24
199.116.162.0/24
199.116.164.0/23
208.85.40.0/22
208.85.44.0/24
208.85.46.0/23

4. Serena praecepta iptables

root@debian9:~# iptables -F
root@debian9:~# iptables -X
root@debian9:~# iptables -t nat -F
root@debian9:~# iptables -t nat -X

Da deinceps et NAT mechanism

root@debian9:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@debian9:~# iptables -A FORWARD -i enp0s3 -o enp0s8 -j ACCEPT
root@debian9:~# iptables -A FORWARD -i enp0s8 -o enp0s3 -j ACCEPT
root@debian9:~# iptables -t nat -A POSTROUTING -o enp0s3 -s 192.168.201.0/24 -j MASQUERADE

Ut deinceps in perpetuum post reboot possit, tabellam mutes

root@debian9:~# nano /etc/sysctl.conf

Et linea uncomment

net.ipv4.ip_forward = 1

CtrlTab + X servare tabella

5. Pandora.com subnets in procuratorem involvimus

root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.201.0/24 -d 199.116.161.0/24,199.116.162.0/24,199.116.164.0/23,208.85.40.0/22,208.85.44.0/24,208.85.46.0/23 -p tcp -j REDIRECT --to-ports 888

6. custodiat praecepta

root@debian9:~# iptables-save > /etc/iptables/rules.v4

Proxy erigens et currens per lineam itineris Transparent

In hac configuratione, ministrator perspicuus procurator potest esse separatus PC vel virtualis apparatus post domum/corporatum iter. Satis est static itinera in iter aut machinas mandare et totum subnetum procuratorem uti sine necessitate adiectis uncinis.

MAGNUS! Porta nostra eget ipsum a mi suscipit elit, vel ornare ipsum ipsum sit amet elit.

1. Configurare stabili porta oratio (enp0s3 adaptor)

root@debian9:~# nano /etc/network/interfaces

/etc/network/interfaces file# Haec file describitur per network interfaces available in vestri ratio
# Et quomodo eos movere. For more information, see interfaces (5).

source /etc/network/interfaces.d/*

# In loopback network interface
currus eius
iface lo inet loopback

# Prima network interface
patitur-hotplug enp0s3
iface enp0s3 inet static
oratio 192.168.23.2
netmask 255.255.255.0
porta 192.168.23.254

# Secundarium network interface
patitur-hotplug enp0s8
iface enp0s8 inet static
oratio 192.168.201.254
netmask 255.255.255.0

2. Da machinas a subnet ut proxying uti 192.168.23.0/24

root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.23.0/24 -d 199.116.161.0/24,199.116.162.0/24,199.116.164.0/23,208.85.40.0/22,208.85.44.0/24,208.85.46.0/23 -p tcp -j REDIRECT --to-ports 888

3. custodiat praecepta
root@debian9:~# iptables-save > /etc/iptables/rules.v4

4. Fiat scriptor subnets in iter itineris

Iter network album199.116.161.0 255.255.255.0 192.168.23.2
199.116.162.0 255.255.255.0 192.168.23.2
199.116.164.0 255.255.254.0 192.168.23.2
208.85.40.0 255.255.252.0 192.168.23.2
208.85.44.0 255.255.255.0 192.168.23.2
208.85.46.0 255.255.254.0 192.168.23.2

Materiae / opibus usus

1. rutrum de 3proxy programmatis 3proxy.ru

2. Instructiones ad installing 3proxy ex fonte ineundo

3. 3proxy evolutionis ramus in GitHub github.com/z3APA3A/3proxy/isues/274

Source: www.habr.com