I lenei tusiga ou te manaʻo e faʻaalia le avanoa o le sui manino, lea e mafai ai ona e toe faʻafeiloaʻi uma poʻo se vaega o fefaʻatauaʻiga e ala i sapalai sui i fafo e matua le iloa e tagata faʻatau.
Ina ua amata ona ou foia lenei faafitauli, sa ou feagai ma le mea moni o lona faatinoga e tasi le faafitauli taua - o le HTTPS protocol. I aso ua leva, e leai ni faʻafitauli faʻapitoa i le manino HTTP proxying, ae faʻatasi ai ma le HTTPS proxying, tagata suʻesuʻe lipoti faʻalavelave i le protocol ma o iina e muta ai le fiafia.
I faʻatonuga masani mo le Squid proxy server, latou te fautuaina foʻi le fatuina o lau lava tusi faamaonia ma faʻapipiʻi i luga o tagata faʻatau, o se mea faʻavalevalea atoatoa i le mea sili, le mafaufau ma foliga mai o se osofaʻiga MITM. Ou te iloa e mafai e Squid ona faia se mea faapena, ae o lenei tusiga e uiga i se auala faʻamaonia ma galue e faʻaaoga ai le 3proxy mai le 3APA3A faʻaaloalogia.
Ma le isi, o le a tatou vaʻavaʻai auiliili i le faagasologa o le fausiaina o le 3proxy mai le puna, lona faʻatulagaina, sui atoatoa ma le filifilia e faʻaaoga ai le NAT, tufatufaina atu o alalaupapa i le tele o sapalai sui fafo, faʻapea foʻi ma le faʻaogaina o se alalaupapa ma auala faʻapitoa. Matou te faʻaaogaina Debian 9 x64 o le OS. Amata!
Fa'apipi'i le 3proxy ma fa'agaoioia se 'au'aunaga sui masani
1. Fa'apipi'i ifconfig (mai le upega-meafaigaluega afifi)
apt-get install net-tools
2. Fa'apipi'i le Ta'ita'i o le Tulua o Po ma Ao
apt-get install mc
3. E 2 a matou feso'ota'iga nei:
enp0s3 - fafo, va'ai ile Initaneti
enp0s8 - totonu, e tatau ona vaʻai i totonu o fesoʻotaʻiga i le lotoifale
I luga o isi faʻasalalauga faʻavae Debian o fesoʻotaʻiga e masani ona taʻua eth0 ma eth1.
ifconfig -a
Faʻaaligaenp0s3: fu'a=4163 mtu 1500
inet 192.168.23.11 netmask 255.255.255.0 fa'asalalauga 192.168.23.255
inet6 fe80::a00:27ff:fec2:bae4 prefixlen 64 scopeid 0x20 eter 08:00:27:c2:ba:e4 txqueuelen 1000 (Ethernet)
RX pepa 6412 paita 8676619 (8.2 MiB)
RX mea sese 0 pa'u'u 0 sili atu 0 fa'avaa 0
TX pepa 1726 paita 289128 (282.3 KiB)
TX mea sese 0 pa'u 0 sili atu 0 ave 0 fetoaiga 0
enp0s8: fu'a=4098 mtu 1500
eteru 08:00:27:79:a7:e3 txqueuelen 1000 (Ethernet)
RX pepa 0 paita 0 (0.0 B)
RX mea sese 0 pa'u'u 0 sili atu 0 fa'avaa 0
TX pepa 0 paita 0 (0.0 B)
TX mea sese 0 pa'u 0 sili atu 0 ave 0 fetoaiga 0
va'ai: fu'a=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1 (Loopback Loopback)
RX pepa 0 paita 0 (0.0 B)
RX mea sese 0 pa'u'u 0 sili atu 0 fa'avaa 0
TX pepa 0 paita 0 (0.0 B)
TX mea sese 0 pa'u 0 sili atu 0 ave 0 fetoaiga 0
O le enp0s8 interface e leʻo faʻaaogaina i le taimi nei, matou te mafaia pe a matou mananaʻo e faʻaoga le Proxy NAT poʻo le NAT configuration. O le taimi lena o le a talafeagai le tuʻuina atu o se IP faʻamautu.
4. Tatou amata fa'apipi'i le 3proxy
4.1 Fa'apipi'iina o afifi fa'avae mo le tu'ufa'atasia o le 3proxy mai puna'oa
root@debian9:~# apt-get install build-essential libevent-dev libssl-dev -y
4.2. Se'i tatou faia se faila mo le la'uina o le fa'amaumauga ma puna
root@debian9:~# mkdir -p /opt/proxy
4.3. Tatou o i le faila lea
root@debian9:~# cd /opt/proxy
4.4. Se'i o tatou la'u maia le afifi 3proxy fou. I le taimi o le tusitusi, o le faʻamaumauga sili ona lata mai o le 0.8.12 (18/04/2018) Faʻapipiʻi mai le upega tafaʻilagi aloaia 3proxy.
root@debian9:/opt/proxy# wget https://github.com/z3APA3A/3proxy/archive/0.8.12.tar.gz
4.5. Se'i o tatou tatala le fa'amaumauga na sii mai
root@debian9:/opt/proxy# tar zxvf 0.8.12.tar.gz
4.6. Alu i le lisi e le'i fa'apipi'iina e fau ai le polokalame
root@debian9:/opt/proxy# cd 3proxy-0.8.12
4.7. Ma le isi, e manaʻomia le faʻaopoopoina o se laina i le faila faila ina ia le iloa atoatoa le matou 'auʻaunaga (e matua aoga lava, siaki mea uma, o loʻo natia IPs)
root@debian9:/opt/proxy/3proxy-0.8.12# nano +29 src/proxy.h
Fa'aopoopo se laina
#define ANONYMOUS 1
Oomi Ctrl+x ma Ulufale e teu ai suiga.
4.8. Sei o tatou amata tuufaatasia le polokalama
root@debian9:/opt/proxy/3proxy-0.8.12# make -f Makefile.Linux
Makelogfai[2]: Tu'ua le lisi '/opt/proxy/3proxy-0.8.12/src/plugins/TransparentPlugin'
fai [1]: Tu'u ese le lisi '/opt/proxy/3proxy-0.8.12/src'
Leai se mea sese, sei faaauau.
4.9. Faʻapipiʻi le polokalame i luga o le polokalama
root@debian9:/opt/proxy/3proxy-0.8.12# make -f Makefile.Linux install
4.10. Alu i le root directory ma siaki le mea na faʻapipiʻi ai le polokalama
root@debian9:/opt/proxy/3proxy-0.8.12# cd ~/
root@debian9:~# whereis 3proxy
3proxy: /usr/local/bin/3proxy/usr/local/etc/3proxy
4.11. Sei o tatou faia se faila mo faila faatulagaina ma ogalaau i le lisi o fale o le tagata faaaoga
root@debian9:~# mkdir -p /home/joke/proxy/logs
4.12. Alu i le lisi e tatau ona i ai le config
root@debian9:~# cd /home/joke/proxy/
4.13. Fausia se faila gaogao ma kopi le config iina
root@debian9:/home/joke/proxy# cat > 3proxy.conf
3proxy.confdaemon
pidfile /home/joke/proxy/3proxy.pid
nserver 8.8.8.8
nscache 65536
tagata su'e su'ega:CL:1234
fa'agata 1 5 30 60 180 1800 16 60
log /home/joke/proxy/logs/3proxy.log D
logformat "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
feauauaʻi 3
malosi fa'amaoni
faaonaponei
fa'atagaina le su'ega
totini -p3128
sui -p8080
Ina ia teu, oomi Ctrl + Z
4.14. Se'i fai se faila pid ina ia leai ni mea sese i le amataga.
root@debian9:/home/joke/proxy# cat > 3proxy.pid
Ina ia teu, oomi Ctrl + Z
4.15. Se'i o tatou fa'alauiloa le server sui!
root@debian9:/home/joke/proxy# 3proxy /home/joke/proxy/3proxy.conf
4.16. Se'i va'ai pe fa'alogo le server i ports
root@debian9:~/home/joke/proxy# netstat -nlp
netstat logSo'oga Initaneti (na'o 'au'aunaga)
Proto Recv-Q Send-Q Tulaga Fa'apitonu'u Tuatusi Atu Fafo Tulaga PID/Igoa ole Polokalama
tcp 0 0 0.0.0.0:8080 0.0.0.0:* FAALOGO 504/3proxy
tcp 0 0 0.0.0.0:22 0.0.0.0:* FAALOGO 338/sshd
tcp 0 0 0.0.0.0:3128 0.0.0.0:* FAALOGO 504/3proxy
tcp6 0 0 :::22 :::* FAALOGO 338/sshd
udp 0 0 0.0.0.0:68 0.0.0.0:* 352/dhclient
E pei ona tusia i totonu o le config, e faʻalogo le matou 'upega tafaʻilagi i le taulaga 8080, Socks5 sui faʻalogo i le taulaga 3128.
4.17. Ina ia autostart le au'aunaga sui pe a uma le toe fa'afouina, e tatau ona e fa'aopoopo i le cron.
root@debian9:/home/joke/proxy# crontab -e
Fa'aopoopo se laina
@reboot /usr/local/bin/3proxy /home/joke/proxy/3proxy.conf
Matou te oomi le Ulufale, talu ai e tatau ona vaʻai cron le pito o le laina, ma faʻasaoina le faila.
E tatau ona i ai se feʻau e uiga i le faʻapipiʻiina o se crontab fou.
crontab: fa'apipi'i crontab fou
4.18. Sei o tatou toe faʻafouina le faiga ma taumafai e faʻafesoʻotaʻi e ala i le browser i le sui. Ina ia siaki, matou te faʻaogaina le Firefox browser (mo se 'upega tafaʻilagi sui) ma le FoxyProxy faʻaopoopo mo socks5 faʻatasi ma le faʻamaoni.
root@debian9:/home/joke/proxy# reboot
4.19. A maeʻa ona siaki le gaioiga a le sui pe a uma le toe faʻafouina, e mafai ona e vaʻai i ogalaau. Ole mea lea e fa'amae'a ai le fa'atulagaina ole server sui.
3 ogalaau sui1542573996.018 PROXY.8080 00000 su'ega 192.168.23.10:50915 217.12.15.54:443 1193 6939 0 CONNECT_ads.yahoo.com/443_HTTP
1542574289.634 SOCK5.3128 00000 su'ega 192.168.23.10:51193 54.192.13.69:443 0 0 0 CONNECT_normandy.cdn.mozilla.net:443
Fa'atulaga ma fa'agaoioi le Transparent Proxy NAT configuration
I lenei faʻatulagaga, o masini uma i luga o fesoʻotaʻiga i totonu o le a faʻaogaina manino i luga o le Initaneti e ala i se server sui sui mamao. E matua'i uma lava feso'ota'iga TCP o le a toe fa'afeiloa'i i le tasi pe sili atu (fa'alautele le lautele o le alalaupapa, fa'ata'ita'iga fa'atulagaina Nu. 2!) sui 'au'aunaga. Ole auaunaga DNS ole a fa'aogaina le 3proxy (dnspr) gafatia. UDP o le a le "alu" i fafo, talu ai tatou te leʻi faʻaaogaina le masini i luma (faʻaletonu ona o le faaletonu ile fatu Linux).
1. Ua oʻo i le taimi e mafai ai le faʻaogaina o le enp0s8
root@debian9:~# nano /etc/network/interfaces
/etc/network/interfaces faila# O lenei faila o loʻo faʻamatalaina fesoʻotaʻiga fesoʻotaʻiga o loʻo avanoa i lau masini
# ma le auala e faʻagaoioia ai. Mo nisi fa'amatalaga, va'ai feso'ota'iga(5).
puna /etc/network/interfaces.d/*
# Le fesoʻotaʻiga fesoʻotaʻiga loopback
taavale lo
iface lo inet loopback
# Le fesoʻotaʻiga fesoʻotaʻiga muamua
faataga-hotplug enp0s3
iface enp0s3 inet dhcp
# Le fesoʻotaʻiga fesoʻotaʻiga lona lua
faataga-hotplug enp0s8
iface enp0s8 inet static
tuatusi 192.168.201.254
netmask 255.255.255.0
O iinei na matou tuʻuina atu ai le enp0s8 faʻafesoʻotaʻi se tuatusi static 192.168.201.254 ma se mask 255.255.255.0
Faasaoina le config Ctrl+X ma toe faʻafou
root@debian9:~# reboot
2. Siakiina feso'ota'iga
root@debian9:~# ifconfig
ifconfig ogalaauenp0s3: fu'a=4163 mtu 1500
inet 192.168.23.11 netmask 255.255.255.0 fa'asalalauga 192.168.23.255
inet6 fe80::a00:27ff:fec2:bae4 prefixlen 64 scopeid 0x20 eter 08:00:27:c2:ba:e4 txqueuelen 1000 (Ethernet)
RX pepa 61 paita 7873 (7.6 KiB)
RX mea sese 0 pa'u'u 0 sili atu 0 fa'avaa 0
TX pepa 65 paita 10917 (10.6 KiB)
TX mea sese 0 pa'u 0 sili atu 0 ave 0 fetoaiga 0
enp0s8: fu'a=4163 mtu 1500
inet 192.168.201.254 netmask 255.255.255.0 fa'asalalauga 192.168.201.255
inet6 fe80::a00:27ff:fe79:a7e3 prefixlen 64 scopeid 0x20 eter 08:00:27:79:a7:e3 txqueuelen 1000 (Ethernet)
RX pepa 0 paita 0 (0.0 B)
RX mea sese 0 pa'u'u 0 sili atu 0 fa'avaa 0
TX pepa 8 paita 648 (648.0 B)
TX mea sese 0 pa'u 0 sili atu 0 ave 0 fetoaiga 0
va'ai: fu'a=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1 (Loopback Loopback)
RX pepa 0 paita 0 (0.0 B)
RX mea sese 0 pa'u'u 0 sili atu 0 fa'avaa 0
TX pepa 0 paita 0 (0.0 B)
TX mea sese 0 pa'u 0 sili atu 0 ave 0 fetoaiga 0
3. Na lelei mea uma, o lea e tatau ona e faʻatulagaina le 3proxy mo le sui manino.
root@debian9:~# cd /home/joke/proxy/
root@debian9:/home/joke/proxy# cat > 3proxytransp.conf
Fa'ata'ita'iga fa'atonuga o le sa'o sui sui Numera 1daemon
pidfile /home/joke/proxy/3proxy.pid
nserver 8.8.8.8
nscache 65536
fa'agata 1 5 30 60 180 1800 16 60
log /home/joke/proxy/logs/3proxy.log D
logformat "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
feauauaʻi 3
faaonaponei
auth iponly
dnspr
faataga *
matua 1000 totini5 IP_ADDRESS OF EXTERNAL_PROXY 3128 su'ega 1234
plugin /opt/proxy/3proxy-0.8.12/src/TransparentPlugin.ld.so transparent_plugin
tcppm -i0.0.0.0 888 127.0.0.1 11111
4. O lea ua matou fa'alauiloa le 3proxy ma le config fou
root@debian9:/home/joke/proxy# /usr/local/bin/3proxy /home/joke/proxy/3proxytransp.conf
5. Toe fa'aopoopo ile crontab
root@debian9:/home/joke/proxy# crontab -e
@reboot /usr/local/bin/3proxy /home/joke/proxy/3proxytransp.conf
6. Seʻi o tatou vaai po o le ā o loo faalogologo i ai lo tatou sui
root@debian9:~# netstat -nlp
netstat logSo'oga Initaneti (na'o 'au'aunaga)
Proto Recv-Q Send-Q Tulaga Fa'apitonu'u Tuatusi Atu Fafo Tulaga PID/Igoa ole Polokalama
tcp 0 0 0.0.0.0:22 0.0.0.0:* FAALOGO 349/sshd
tcp 0 0 0.0.0.0:888 0.0.0.0:* FAALOGO 354/3proxy
tcp6 0 0 :::22 :::* FAALOGO 349/sshd
udp 0 0 0.0.0.0:53 0.0.0.0:* 354/3proxy
udp 0 0 0.0.0.0:68 0.0.0.0:* 367/dhclient
7. O lea ua sauni le sui e talia so'o se feso'ota'iga TCP i luga o le taulaga 888, DNS i luga o le taulaga 53, ina ia mafai ai ona toe fa'afeiloa'i i le socks5 sui mamao ma DNS Google 8.8.8.8. Pau lava le mea e tatau ona matou faia o le faʻatulagaina o le netfilter (iptables) ma tulafono DHCP mo le tuʻuina atu o tuatusi.
8. Faʻapipiʻi le iptables-persistent ma le dhcpd package
root@debian9:~# apt-get install iptables-persistent isc-dhcp-server
9. Fa'asa'o le faila amata o le dhcpd
root@debian9:~# nano /etc/dhcp/dhcpd.conf
dhcpd.conf# dhcpd.conf
#
# Faʻataʻitaʻiga faila faila mo le ISC dhcpd
#
# filifiliga fa'auiga masani i feso'ota'iga lagolago uma...
filifiliga domain-igoa "example.org";
filifiliga domain-igoa-servers ns1.example.org, ns2.example.org;
faaletonu-lisi-taimi 600;
maualuga-lisi-taimi 7200;
ddns-update-style leai se mea;
# Afai o lenei DHCP server o le DHCP server aloaia mo le lotoifale
# feso'ota'iga, o le fa'atonuga fa'atonu e tatau ona le fa'ailoa.
pule;
# O se faʻatulagaga eseʻese mo se upega tafaʻilagi i totonu.
la'ititi 192.168.201.0 netmask 255.255.255.0 {
tele 192.168.201.10 192.168.201.250;
filifiliga domain-igoa-servers 192.168.201.254;
filifiliga auala 192.168.201.254;
filifiliga faasalalauga-tuatusi 192.168.201.255;
faaletonu-lisi-taimi 600;
maualuga-lisi-taimi 7200;
}
11. Toe faʻafou ma siaki le tautua ile taulaga 67
root@debian9:~# reboot
root@debian9:~# netstat -nlp
netstat logSo'oga Initaneti (na'o 'au'aunaga)
Proto Recv-Q Send-Q Tulaga Fa'apitonu'u Tuatusi Atu Fafo Tulaga PID/Igoa ole Polokalama
tcp 0 0 0.0.0.0:22 0.0.0.0:* FAALOGO 389/sshd
tcp 0 0 0.0.0.0:888 0.0.0.0:* FAALOGO 310/3proxy
tcp6 0 0 :::22 :::* FAALOGO 389/sshd
udp 0 0 0.0.0.0:20364 0.0.0.0:* 393/dhcpd
udp 0 0 0.0.0.0:53 0.0.0.0:* 310/3proxy
udp 0 0 0.0.0.0:67 0.0.0.0:* 393/dhcpd
udp 0 0 0.0.0.0:68 0.0.0.0:* 405/dhclient
udp6 0 0 :::31728 :::* 393/dhcpd
mata 0 0 0.0.0.0:1 0.0.0.0:* 393/dhcpd
12. Pau lava le mea o loʻo totoe o le toe faʻafeiloaʻi uma o talosaga tcp i le port 888 ma faʻasaoina le tulafono i iptables
root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.201.0/24 -p tcp -j REDIRECT --to-ports 888
root@debian9:~# iptables-save > /etc/iptables/rules.v4
13. Ina ia faʻalautele le bandwidth channel, e mafai ona e faʻaogaina le tele o sui sui i le taimi e tasi. Ole aofaʻiga e tatau ona 1000. O fesoʻotaʻiga fou e faʻavaeina ma se avanoa e 0.2, 0.2, 0.2, 0.2, 0,1, 0,1 i le auʻaunaga sui faʻapitoa.
Manatua: afai e iai la matou sui i luga o le upega tafaʻilagi, ae le o socks5 e manaʻomia ona matou tusi fesoʻotaʻi, pe a socks4, ona socks4 (socks4 E LE LAGOLAGO LOGIN / PASSWORD PULE!)
Fa'ata'ita'iga fa'atonuga o le sa'o sui sui Numera 2daemon
pidfile /home/joke/proxy/3proxy.pid
nserver 8.8.8.8
nscache 65536
maxconn 500
fa'agata 1 5 30 60 180 1800 16 60
log /home/joke/proxy/logs/3proxy.log D
logformat "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
feauauaʻi 3
faaonaponei
auth iponly
dnspr
faataga *
matua 200 totini5 IP_ADDRESS_EXTERNAL_PROXY#1 3128 su'e 1234
matua 200 totini5 IP_ADDRESS_EXTERNAL_PROXY#2 3128 su'e 1234
matua 200 totini5 IP_ADDRESS_EXTERNAL_PROXY#3 3128 su'e 1234
matua 200 totini5 IP_ADDRESS_EXTERNAL_PROXY#4 3128 su'e 1234
matua 100 totini5 IP_ADDRESS_EXTERNAL_PROXY#5 3128 su'e 1234
matua 100 totini5 IP_ADDRESS_EXTERNAL_PROXY#6 3128 su'e 1234
plugin /opt/proxy/3proxy-0.8.12/src/TransparentPlugin.ld.so transparent_plugin
tcppm -i0.0.0.0 888 127.0.0.1 11111
Faʻatulagaina ma faʻaogaina le NAT + Transparent Proxy configuration
I lenei fa'atulagaga, o le a matou fa'aogaina le fa'aogaina masani a le NAT fa'atasi ai ma le suitulaga fa'apitoa po'o manino atoatoa o tuatusi ta'itasi po'o subnets. O tagata fa'aoga feso'ota'iga i totonu o le a galulue ma nisi auaunaga / subnets e aunoa ma le iloaina o lo'o latou galulue e ala i se sui. O feso'ota'iga https uma e lelei, e leai ni tusi pasi e mana'omia ona fa'atupu/sui.
Muamua, se'i o tatou filifili po'o fea subnets/au'aunaga tatou te manana'o e sui. Se'i tatou fa'apea o lo'o iai sui mai fafo i le mea o lo'o fa'agaioi ai se auaunaga pei o le pandora.com. O lea e tumau pea le fuafuaina o ana subnets / tuatusi.
1. Ping
root@debian9:~# ping pandora.com
PING pandora.com (208.85.40.20) 56(84) paita o faʻamaumauga.
2. Fa'aigoa BGP 208.85.40.20 ile Google
Tatou o i le saite
E mafai ona iloa o le subnet o loʻo ou sailia o le AS40428 Pandora Media, Inc
Tatala v4 prefix
O subnets nei e mana'omia!
199.116.161.0/24
199.116.162.0/24
199.116.164.0/23
199.116.164.0/24
199.116.165.0/24
208.85.40.0/24
208.85.41.0/24
208.85.42.0/23
208.85.42.0/24
208.85.43.0/24
208.85.44.0/24
208.85.46.0/23
208.85.46.0/24
208.85.47.0/24
3. Ina ia faʻaitiitia le numera o subnets, e tatau ona e faia faʻatasi. Alu i le saite ma kopi la matou lisi iina. O se taunuuga - 6 subnets nai lo le 14.
199.116.161.0/24
199.116.162.0/24
199.116.164.0/23
208.85.40.0/22
208.85.44.0/24
208.85.46.0/23
4. Fa'amanino tulafono iptables
root@debian9:~# iptables -F
root@debian9:~# iptables -X
root@debian9:~# iptables -t nat -F
root@debian9:~# iptables -t nat -X
Fa'aaga le fa'agaioia o luma ma le NAT
root@debian9:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@debian9:~# iptables -A FORWARD -i enp0s3 -o enp0s8 -j ACCEPT
root@debian9:~# iptables -A FORWARD -i enp0s8 -o enp0s3 -j ACCEPT
root@debian9:~# iptables -t nat -A POSTROUTING -o enp0s3 -s 192.168.201.0/24 -j MASQUERADE
Ina ia mautinoa o loʻo faʻaauau pea le agai i luma pe a uma le toe faʻafouina, seʻi o tatou sui le faila
root@debian9:~# nano /etc/sysctl.conf
Ma aveese fa'amatalaga le laina
net.ipv4.ip_forward = 1
Ctrl+X e teu ai le faila
5. Matou te afifi pandora.com subnets i se sui
root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.201.0/24 -d 199.116.161.0/24,199.116.162.0/24,199.116.164.0/23,208.85.40.0/22,208.85.44.0/24,208.85.46.0/23 -p tcp -j REDIRECT --to-ports 888
6. Tatou tausia tulafono
root@debian9:~# iptables-save > /etc/iptables/rules.v4
Fa'atulaga ma fa'agaoioi le Transparent Proxy e ala i le fa'atulagaina o le router
I lenei fa'atulagaga, e mafai ona avea le 'au'aunaga sui manino ma se PC ese'ese po'o se masini komepiuta i tua atu o se 'auala fale/fa'alapotopotoga. Ua lava le resitalaina o auala faʻapitoa i luga o le router poʻo masini ma o le subnet atoa o le a faʻaogaina se sui e aunoa ma le manaʻomia mo soʻo se faʻaopoopoga faʻaopoopo.
TAUA! E tatau ona maua e le matou faitotoa se IP faʻapitoa mai le router, pe faʻapipiʻiina e faʻamautu lava.
1. Fa'atulaga se tuatusi faitoto'a tumau (enp0s3 adapter)
root@debian9:~# nano /etc/network/interfaces
/etc/network/interfaces faila# O lenei faila o loʻo faʻamatalaina fesoʻotaʻiga fesoʻotaʻiga o loʻo avanoa i lau masini
# ma le auala e faʻagaoioia ai. Mo nisi fa'amatalaga, va'ai feso'ota'iga(5).
puna /etc/network/interfaces.d/*
# Le fesoʻotaʻiga fesoʻotaʻiga loopback
taavale lo
iface lo inet loopback
# Le fesoʻotaʻiga fesoʻotaʻiga muamua
faataga-hotplug enp0s3
iface enp0s3 inet static
tuatusi 192.168.23.2
netmask 255.255.255.0
faitotoʻa 192.168.23.254
# Le fesoʻotaʻiga fesoʻotaʻiga lona lua
faataga-hotplug enp0s8
iface enp0s8 inet static
tuatusi 192.168.201.254
netmask 255.255.255.0
2. Fa'ataga masini mai le 192.168.23.0/24 subnet e fa'aoga sui
root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.23.0/24 -d 199.116.161.0/24,199.116.162.0/24,199.116.164.0/23,208.85.40.0/22,208.85.44.0/24,208.85.46.0/23 -p tcp -j REDIRECT --to-ports 888
3. Tatou tausia tulafono
root@debian9:~# iptables-save > /etc/iptables/rules.v4
4. Tatou resitala subnets i luga o le router
Lisi feso'ota'iga alaala199.116.161.0 255.255.255.0 192.168.23.2
199.116.162.0 255.255.255.0 192.168.23.2
199.116.164.0 255.255.254.0 192.168.23.2
208.85.40.0 255.255.252.0 192.168.23.2
208.85.44.0 255.255.255.0 192.168.23.2
208.85.46.0 255.255.254.0 192.168.23.2
Meafaitino/punaoa fa'aaogaina
1. Upega tafa'ilagi aloa'ia o le polokalame 3proxy
2. Fa'atonuga mo le fa'apipi'iina o le 3proxy mai le puna
3. 3proxy atinae lala i GitHub
puna: www.habr.com