Maqaalkan waxaan jeclaan lahaa in aan shaaca ka qaado suurtagalnimada wakiilnimo hufan, kaas oo kuu ogolaanaya inaad dib u jiheyso dhammaan ama qayb ka mid ah taraafikada iyada oo loo marayo server-yada wakiillada dibadda oo aan gabi ahaanba la dareemin macaamiisha.
Markii aan bilaabay xallinta dhibaatadan, waxaan la kulmay xaqiiqda ah in hirgelinteedu ay leedahay hal dhibaato oo muhiim ah - borotokoolka HTTPS. Waagii hore ee wanaagsanaa, ma jirin wax dhibaato ah oo gaar ah oo ku saabsan wakiilka HTTP ee hufan, laakiin HTTPS wakiil ka ah, daalacashada waxay soo sheegaan faragelinta borotokoolka waana meesha ay farxaddu ku dhammaato.
Tilmaamaha guud ee Squid proxy server, waxay xitaa soo jeedinayaan inaad abuurto shahaadadaada oo aad ku rakibto macaamiisha, taas oo ah wax aan macno lahayn ugu yaraan, caqli-gal ah oo u eg weerar MITM. Waan ogahay in Squid uu mar hore samayn karo wax la mid ah, laakiin maqaalkani wuxuu ku saabsan yahay hab la xaqiijiyay oo shaqeynaya iyadoo la adeegsanayo 3proxy ka 3APA3A ee la ixtiraamo.
Marka xigta, waxaan si faahfaahsan u eegi doonaa habka loo dhisayo 3proxy ilaha, qaabeynta, wakiil buuxa iyo xulashada iyadoo la adeegsanayo NAT, qaybinta kanaalka dhowr server-ka wakiil dibadeed, iyo sidoo kale isticmaalka router iyo dariiqyada taagan. Waxaan u isticmaalnaa Debian 9 x64 OS ahaan. Bilow!
Ku rakibida 3proxy iyo socodsiinta server wakiil caadi ah
1. Ku rakib ifconfig (laga bilaabo xirmada net-tools)
apt-get install net-tools
2. Ku rakib Taliyaha Saqda dhexe
apt-get install mc
3. Waxaan hadda leenahay 2 interfaces:
enp0s3 - dibadda, eegaa internetka
enp0s8 - gudaha, waa in ay eegaan shabakada degaanka
Qaybinta kale ee ku salaysan Debian-ka is-dhexgalayaashu waxa badanaa lagu magacaabaa eth0 iyo eth1.
ifconfig -a
Interfacesenp0s3: calanka=4163 mtu 1500
inet 192.168.23.11 netmask 255.255.255.0 baahinta 192.168.23.255
inet6 fe80:: a00:27ff:fec2:bae4 prefixlen 64 scopeid 0x20 ether 08:00:27:c2:ba:e4 txqueuelen 1000 (Ethernet)
Xirmooyinka RX 6412 bytes 8676619 (8.2 MiB)
Khaladaadka RX 0 ayaa hoos u dhacay 0 dhaaftay 0 jir 0
Xirmooyinka TX 1726 bytes 289128 (282.3 KiB)
Khaladaadka TX 0 ayaa hoos u dhacay 0 dhaafiyay 0 sideyaal 0 shil 0
enp0s8: calanka=4098 mtu 1500
ether 08:00:27:79:a7:e3 txqueuelen 1000 (Ethernet)
Xirmooyinka RX 0 bytes 0 (0.0 B)
Khaladaadka RX 0 ayaa hoos u dhacay 0 dhaaftay 0 jir 0
Xirmooyinka TX 0 bytes 0 (0.0 B)
Khaladaadka TX 0 ayaa hoos u dhacay 0 dhaafiyay 0 sideyaal 0 shil 0
lo: calan=73 Tus 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 :: 1 horgale 128 scopeid 0x10 loop txqueuelen 1 (Local Loopback)
Xirmooyinka RX 0 bytes 0 (0.0 B)
Khaladaadka RX 0 ayaa hoos u dhacay 0 dhaaftay 0 jir 0
Xirmooyinka TX 0 bytes 0 (0.0 B)
Khaladaadka TX 0 ayaa hoos u dhacay 0 dhaafiyay 0 sideyaal 0 shil 0
Interface-ka enp0s8 ayaan hadda la isticmaalin, waxaan awood u siin doonaa marka aan rabno in aan isticmaalno Proxy NAT ama qaabeynta NAT. Waa markaas in ay macquul tahay in lagu meeleeyo IP-ga taagan.
4. Aynu bilowno rakibidda 3proxy
4.1 Ku rakibida xirmooyinka aasaasiga ah ee ururinta 3proxy ee ilaha
root@debian9:~# apt-get install build-essential libevent-dev libssl-dev -y
4.2. Aan abuurno gal lagu soo dejiyo kaydka oo leh ilo
root@debian9:~# mkdir -p /opt/proxy
4.3. Aan tagno galkan
root@debian9:~# cd /opt/proxy
4.4. Hadda aan soo dejinno xirmada 3 wakiil ee ugu dambeysay. Waqtiga qorista, nooca ugu dambeeyay ee xasilloon wuxuu ahaa 0.8.12 (18/04/2018) Ka soo dejiso degelka rasmiga ah ee 3proxy
root@debian9:/opt/proxy# wget https://github.com/z3APA3A/3proxy/archive/0.8.12.tar.gz
4.5. Aynu furno kaydka la soo dejiyay
root@debian9:/opt/proxy# tar zxvf 0.8.12.tar.gz
4.6. Tag tusaha aan la xidhin si aad u dhisto barnaamijka
root@debian9:/opt/proxy# cd 3proxy-0.8.12
4.7. Marka xigta, waxaan u baahanahay inaan ku darno xariiq faylka madaxa si aan server-kayagu u noqdo mid gebi ahaanba qarsoodi ah (runtii way shaqeysaa, wax walba waa la hubiyaa, IP-yada macmiilka waa la qariyaa)
root@debian9:/opt/proxy/3proxy-0.8.12# nano +29 src/proxy.h
Ku dar xariiq
#define ANONYMOUS 1
Riix Ctrl+x oo Geli si aad u badbaadiso isbedelada.
4.8. Aynu bilowno isu geynta barnaamijka
root@debian9:/opt/proxy/3proxy-0.8.12# make -f Makefile.Linux
Makelogsamee[2]: Katagga tusaha '/opt/proxy/3proxy-0.8.12/src/plugins/TransparentPlugin'
samee[1]: Katagga hagaha '/opt/proxy/3proxy-0.8.12/src'
Ma jiraan khaladaad, aan sii wadno.
4.9. Ku rakib barnaamijka nidaamka
root@debian9:/opt/proxy/3proxy-0.8.12# make -f Makefile.Linux install
4.10. Tag tusaha xididka oo hubi meesha barnaamijka lagu rakibay
root@debian9:/opt/proxy/3proxy-0.8.12# cd ~/
root@debian9:~# whereis 3proxy
3proxy: /usr/local/bin/3proxy/usr/local/etc/3proxy
4.11. Aynu abuurno gal galalka habaynta iyo diiwaanka tusaha guriga ee isticmaalaha
root@debian9:~# mkdir -p /home/joke/proxy/logs
4.12. Tag tusaha halka habayntu tahay
root@debian9:~# cd /home/joke/proxy/
4.13. Samee fayl madhan oo koobi ka samee meesha
root@debian9:/home/joke/proxy# cat > 3proxy.conf
3proxy.confdaemon
pidfile /home/joke/proxy/3proxy.pid
serverka 8.8.8.8
nscache 65536
Isticmaalayaasha tijaabiyaha:CL:1234
waqtiyada kama dambaysta ah 1 5 30 60 180 1800 16 60
log /home/joke/proxy/logs/3proxy.log D
logformat "- +_L%t.% %N.%p %E %U %C:%c %R:%r %O %I %h %T"
wareeji 3
auth xoog badan
daadasho
oggolow tijaabiye
sharabaadada -p3128
wakiil -p8080
Si aad u kaydiso, taabo Ctrl + Z
4.14. Aan abuurno faylka pid si aysan u dhicin khaladaad inta lagu jiro bilowga.
root@debian9:/home/joke/proxy# cat > 3proxy.pid
Si aad u kaydiso, taabo Ctrl + Z
4.15. Aan bilowno server-ka wakiilnimada!
root@debian9:/home/joke/proxy# 3proxy /home/joke/proxy/3proxy.conf
4.16. Aan aragno in seerfarku uu dhegaysanayo dekedaha
root@debian9:~/home/joke/proxy# netstat -nlp
netstat logIsku xirka internetka ee firfircoon (server kaliya)
Proto Recv-Q Dir-Q Ciwaanka Maxaliga ah Ciwaanka Ajnabiga PID/Magaca barnaamijka
tcp 0 0 0.0.0.0:8080 0.0.0.0:* DHAGEYSO 504/3 wakiil
tcp 0 0 0.0.0.0:22 0.0.0.0:* DHAGEYSO 338/sshd
tcp 0 0 0.0.0.0:3128 0.0.0.0:* DHAGEYSO 504/3 wakiil
tcp6 0 0 :::22 :::* DHAGEYSO 338/sshd
udp 0 0 0.0.0.0:68 0.0.0.0:* 352/dhclient
Sida ku qoran qaab-dhismeedka, wakiiladeena shabakadu waxay dhageysataa dekeda 8080, Socks5 proxy waxay dhageysataa dekeda 3128.
4.17. Si loo bilaabo adeegga wakiilnimada ka dib dib-u-kicinta, waxaad u baahan tahay inaad ku darto cron.
root@debian9:/home/joke/proxy# crontab -e
Ku dar xariiq
@reboot /usr/local/bin/3proxy /home/joke/proxy/3proxy.conf
Waxaan riixeynaa Gelida, maadaama cron waa inuu arko dhamaadka jilaatada, oo keydso faylka.
Waa inay jirtaa fariin ku saabsan rakibida crontab cusub.
crontab: rakibida crontab cusub
4.18. Aan dib u bilowno nidaamka oo aan isku dayno in aan ku xidhno browserka iyo wakiilka. Si loo hubiyo, waxaan isticmaalnaa biraawsarkaaga Firefox (wakiilka webka) iyo FoxyProxy add-on ee sharabaadada5 oo leh aqoonsi.
root@debian9:/home/joke/proxy# reboot
4.19. Kadib markaad hubiso shaqada wakiilka ka dib dib-u-kicinta, waxaad arki kartaa diiwaannada. Tani waxay dhamaystiraysaa habaynta server-ka wakiilnimada.
3 log wakiil1542573996.018 PROXY.8080 00000 tijaabiye 192.168.23.10:50915 217.12.15.54:443 1193 6939 0 CONNECT_Ads.yahoo.com:443.H
1542574289.634 SOCK5.3128 00000 tijaabiye 192.168.23.10:51193 54.192.13.69:443 0 0 0 CONNECT_normandy.cdn.mozilla.net:443
Dejinta iyo socodsiinta qaabaynta Proxy Transparent Proxy NAT
Qaabayntan, dhammaan aaladaha ku jira shabakadda gudaha waxay si hufan ugu shaqayn doonaan intarneedka iyada oo loo marayo server-ka wakiil fog. Dhab ahaantii dhammaan xidhiidhada TCP waxaa loo wareejin doonaa hal ama in ka badan (runtii waxay kordhisaa ballaca kanaalka, tusaale ahaan qaabeynta No. 2!) Server-yada wakiillada. Adeegga DNS wuxuu isticmaali doonaa 3proxy (dnspr) awoodaha. UDP dibadda uma bixi doonto, maadaama aynaan wali isticmaalin habka hore loo mariyo (naafo ahaan ahaanta Linux kernel).
1. Waa markii la awood interface enp0s8 ah
root@debian9:~# nano /etc/network/interfaces
/etc/network/interfaces file# Faylkaani wuxuu qeexayaa isku xirka shabakadaha laga heli karo nidaamkaaga
# iyo sida loo dhaqaajiyo. Macluumaad intaas ka badan, eeg interfaces(5).
source /etc/network/interfaces.d/*
# Isku xirka shabakadda loopback
baabuur
iface lo inet loopback
# Isku xirka shabakada aasaasiga ah
ogolaan-hotplug enp0s3
iface enp0s3 inet dhcp
# Isku xirka shabakadda sare
ogolaan-hotplug enp0s8
iface enp0s8 inet static
cinwaanka 192.168.201.254
netmask 255.255.255.0
Halkan waxaan u qoondaynay interface-ka enp0s8 ciwaanka taagan 192.168.201.254 iyo maaskaro 255.255.255.0
Badbaadi isku xidhka Ctrl+X oo dib u bilow
root@debian9:~# reboot
2. Hubinta interfaces-yada
root@debian9:~# ifconfig
ifconfig logenp0s3: calanka=4163 mtu 1500
inet 192.168.23.11 netmask 255.255.255.0 baahinta 192.168.23.255
inet6 fe80:: a00:27ff:fec2:bae4 prefixlen 64 scopeid 0x20 ether 08:00:27:c2:ba:e4 txqueuelen 1000 (Ethernet)
Xirmooyinka RX 61 bytes 7873 (7.6 KiB)
Khaladaadka RX 0 ayaa hoos u dhacay 0 dhaaftay 0 jir 0
Xirmooyinka TX 65 bytes 10917 (10.6 KiB)
Khaladaadka TX 0 ayaa hoos u dhacay 0 dhaafiyay 0 sideyaal 0 shil 0
enp0s8: calanka=4163 mtu 1500
inet 192.168.201.254 netmask 255.255.255.0 baahinta 192.168.201.255
inet6 fe80:: a00:27ff:fe79:a7e3 horgale 64 scopeid 0x20 ether 08:00:27:79:a7:e3 txqueuelen 1000 (Ethernet)
Xirmooyinka RX 0 bytes 0 (0.0 B)
Khaladaadka RX 0 ayaa hoos u dhacay 0 dhaaftay 0 jir 0
Xirmooyinka TX 8 bytes 648 (648.0 B)
Khaladaadka TX 0 ayaa hoos u dhacay 0 dhaafiyay 0 sideyaal 0 shil 0
lo: calan=73 Tus 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 :: 1 horgale 128 scopeid 0x10 loop txqueuelen 1 (Local Loopback)
Xirmooyinka RX 0 bytes 0 (0.0 B)
Khaladaadka RX 0 ayaa hoos u dhacay 0 dhaaftay 0 jir 0
Xirmooyinka TX 0 bytes 0 (0.0 B)
Khaladaadka TX 0 ayaa hoos u dhacay 0 dhaafiyay 0 sideyaal 0 shil 0
3. Wax walba waa ay shaqeeyeen, hadda waxaad u baahan tahay inaad u habeyso 3proxy for proxying hufan.
root@debian9:~# cd /home/joke/proxy/
root@debian9:/home/joke/proxy# cat > 3proxytransp.conf
Tusaalaha qaabeynta ee server-ka wakiil ee hufan No. 1daemon
pidfile /home/joke/proxy/3proxy.pid
serverka 8.8.8.8
nscache 65536
waqtiyada kama dambaysta ah 1 5 30 60 180 1800 16 60
log /home/joke/proxy/logs/3proxy.log D
logformat "- +_L%t.% %N.%p %E %U %C:%c %R:%r %O %I %h %T"
wareeji 3
daadasho
auth iponly
DNS
oggolow *
waalidka 1000 sharabaadada5 IP_ADDRESS OF EXTERNAL_PROXY 3128 tijaabiyaha 1234
plugin /opt/proxy/3proxy-0.8.12/src/TransparentPlugin.ld.so transparent_plugin
tcppm -i0.0.0.0 888 127.0.0.1 11111
4. Hadda waxaan bilaabeynaa 3proxy oo leh qaabka cusub
root@debian9:/home/joke/proxy# /usr/local/bin/3proxy /home/joke/proxy/3proxytransp.conf
5. Mar labaad ku dar crontab
root@debian9:/home/joke/proxy# crontab -e
@reboot /usr/local/bin/3proxy /home/joke/proxy/3proxytransp.conf
6. Aynu aragno waxa uu hadda dhegaysanayo wakiilkayaga
root@debian9:~# netstat -nlp
netstat logIsku xirka internetka ee firfircoon (server kaliya)
Proto Recv-Q Dir-Q Ciwaanka Maxaliga ah Ciwaanka Ajnabiga PID/Magaca barnaamijka
tcp 0 0 0.0.0.0:22 0.0.0.0:* DHAGEYSO 349/sshd
tcp 0 0 0.0.0.0:888 0.0.0.0:* DHAGEYSO 354/3 wakiil
tcp6 0 0 :::22 :::* DHAGEYSO 349/sshd
udp 0 0 0.0.0.0:53 0.0.0.0:* 354/3 wakiil
udp 0 0 0.0.0.0:68 0.0.0.0:* 367/dhclient
7. Hadda wakiilku wuxuu diyaar u yahay inuu aqbalo xiriir kasta oo TCP ah oo ku yaal dekedda 888, DNS ee dekedda 53, si markaa loogu wareejiyo socks5 proxy fog iyo DNS Google 8.8.8.8. Waxa kaliya ee ay tahay inaan sameyno waa inaan dejino netfilter (iptables) iyo xeerarka DHCP ee soo saarista ciwaannada.
8. Ku rakib xirmada iptables-joogta ah iyo dhcpd
root@debian9:~# apt-get install iptables-persistent isc-dhcp-server
9. Tafatir faylka bilowga dhcpd
root@debian9:~# nano /etc/dhcp/dhcpd.conf
dhcpd.conf# dhcpd.conf
#
# Tusaalaha faylka qaabeynta ee ISC dhcpd
#
Qeexitaannada # ikhtiyaarka ah ee ka dhexeeya dhammaan shabakadaha la taageeroβ¦
ikhtiyaarka domain-name "example.org";
ikhtiyaarka domain-name-servers ns1.example.org, ns2.example.org;
waqtiga-deynta-kirada-600;
wakhtiga ugu badan ee kirada 7200;
ddns-update-style midna;
# Haddii serfarka DHCP uu yahay serverka rasmiga ah ee DHCP ee deegaanka
# network, dardaaranka awood leh waa inuu noqdaa mid aan faa'iido lahayn.
awood leh;
# Habayn xoogaa ka duwan oo loogu talagalay subnet-ka gudaha ah.
subnet 192.168.201.0 netmask 255.255.255.0 {
baaxad 192.168.201.10 192.168.201.250;
ikhtiyaarka domain-name-servers 192.168.201.254;
xulashada router 192.168.201.254;
ikhtiyaarka baahinta-cinwaanka 192.168.201.255;
waqtiga-deynta-kirada-600;
wakhtiga ugu badan ee kirada 7200;
}
11. Dib u bilow oo hubi adeega dekedda 67
root@debian9:~# reboot
root@debian9:~# netstat -nlp
netstat logIsku xirka internetka ee firfircoon (server kaliya)
Proto Recv-Q Dir-Q Ciwaanka Maxaliga ah Ciwaanka Ajnabiga PID/Magaca barnaamijka
tcp 0 0 0.0.0.0:22 0.0.0.0:* DHAGEYSO 389/sshd
tcp 0 0 0.0.0.0:888 0.0.0.0:* DHAGEYSO 310/3 wakiil
tcp6 0 0 :::22 :::* DHAGEYSO 389/sshd
udp 0 0 0.0.0.0:20364 0.0.0.0:* 393/dhcpd
udp 0 0 0.0.0.0:53 0.0.0.0:* 310/3 wakiil
udp 0 0 0.0.0.0:67 0.0.0.0:* 393/dhcpd
udp 0 0 0.0.0.0:68 0.0.0.0:* 405/dhclient
udp6 0 0 :::31728 :::* 393/dhcpd
ceeriin 0 0 0.0.0.0:1 0.0.0.0:* 393/dhcpd
12. Waxa hadhay oo dhan waa in dhammaan codsiyada tcp lagu wareejiyo dekedda 888 oo la badbaadiyo xeerka iptables.
root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.201.0/24 -p tcp -j REDIRECT --to-ports 888
root@debian9:~# iptables-save > /etc/iptables/rules.v4
13. Si aad u balaadhiso xawaaraha kanaalka, waxa aad isticmaali kartaa dhawr server oo wakiil ah hal mar. Wadarta guud waa in ay ahaataa 1000. Xidhiidho cusub ayaa la sameeyay oo leh itimaalka 0.2, 0.2, 0.2, 0.2, 0,1, 0,1 ee adeegayaasha wakiilada ee la cayimay.
Fiiro gaar ah: haddii aan haysano wakiil shabakad, markaa bedelkii sharabaadada5 waxaan u baahanahay inaan ku qorno isku xirka, haddii socks4, ka dibna sharabaad4 (socks4 MA Taageerto Oggolaanshaha Galitaanka/PassWORD!)
Tusaalaha qaabeynta ee server-ka wakiil ee hufan No. 2daemon
pidfile /home/joke/proxy/3proxy.pid
serverka 8.8.8.8
nscache 65536
maxconn 500
waqtiyada kama dambaysta ah 1 5 30 60 180 1800 16 60
log /home/joke/proxy/logs/3proxy.log D
logformat "- +_L%t.% %N.%p %E %U %C:%c %R:%r %O %I %h %T"
wareeji 3
daadasho
auth iponly
DNS
oggolow *
waalidka 200 sharabaad5 IP_ADDRESS_EXTERNAL_PROXY#1 3128 tijaabiyaha 1234
waalidka 200 sharabaad5 IP_ADDRESS_EXTERNAL_PROXY#2 3128 tijaabiyaha 1234
waalidka 200 sharabaad5 IP_ADDRESS_EXTERNAL_PROXY#3 3128 tijaabiyaha 1234
waalidka 200 sharabaad5 IP_ADDRESS_EXTERNAL_PROXY#4 3128 tijaabiyaha 1234
waalidka 100 sharabaad5 IP_ADDRESS_EXTERNAL_PROXY#5 3128 tijaabiyaha 1234
waalidka 100 sharabaad5 IP_ADDRESS_EXTERNAL_PROXY#6 3128 tijaabiyaha 1234
plugin /opt/proxy/3proxy-0.8.12/src/TransparentPlugin.ld.so transparent_plugin
tcppm -i0.0.0.0 888 127.0.0.1 11111
Dejinta iyo socodsiinta NAT + qaabeynta Proxy Transparent
Qaabeyntan, waxaan u adeegsan doonaa habka caadiga ah ee NAT oo leh xulasho ama wakiilnimo buuxda oo cinwaanno gaar ah ama shabakad hoose. Isticmaalayaasha shabakadaha guduhu waxay la shaqayn doonaan adeegyada qaarkood/subnets-yada iyaga oo aan xitaa ogaanin inay ku shaqaynayaan wakiil. Dhammaan isku xirka https si fiican ayey u shaqeeyaan, wax shahaado ah looma baahna in la soo saaro/beddelo.
Marka hore aan go'aansanno shabakadaha hoose/adeegyada aan rabno in aan wakiil ka noqonno. Aan ka soo qaadno in wakiillada dibadda ay ku yaalliin halka uu ka shaqeeyo adeegga pandora.com. Hadda way u hadhsan tahay in la go'aamiyo shabakadaha hoose/cinwaankeeda.
1. Ping
root@debian9:~# ping pandora.com
PING pandora.com (208.85.40.20) 56(84) bytes xogta.
2. Ku qor BGP 208.85.40.20 Google
Aan tagno goobta
Waxaa la arki karaa in subnet-ka aan raadinayo uu yahay AS40428 Pandora Media, Inc
Furitaanka v4 horgalayaasha
Waa kuwan shabakadaha loo baahan yahay!
199.116.161.0/24
199.116.162.0/24
199.116.164.0/23
199.116.164.0/24
199.116.165.0/24
208.85.40.0/24
208.85.41.0/24
208.85.42.0/23
208.85.42.0/24
208.85.43.0/24
208.85.44.0/24
208.85.46.0/23
208.85.46.0/24
208.85.47.0/24
3. Si loo yareeyo tirada subnet-yada, waxaad u baahan tahay inaad sameyso isku-dar. Tag goobta oo liiskayaga ku koobbi halkaas. Natiijo ahaan - 6 subnets halkii 14.
199.116.161.0/24
199.116.162.0/24
199.116.164.0/23
208.85.40.0/22
208.85.44.0/24
208.85.46.0/23
4. Cad xeerarka iptables
root@debian9:~# iptables -F
root@debian9:~# iptables -X
root@debian9:~# iptables -t nat -F
root@debian9:~# iptables -t nat -X
Daar habka hore iyo NAT
root@debian9:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@debian9:~# iptables -A FORWARD -i enp0s3 -o enp0s8 -j ACCEPT
root@debian9:~# iptables -A FORWARD -i enp0s8 -o enp0s3 -j ACCEPT
root@debian9:~# iptables -t nat -A POSTROUTING -o enp0s3 -s 192.168.201.0/24 -j MASQUERADE
Si loo hubiyo in horusocodka si rasmi ah loo furo ka dib dib-u-kicinta, aan bedelno faylka
root@debian9:~# nano /etc/sysctl.conf
Oo aan faallo ka bixin khadka
net.ipv4.ip_forward = 1
Ctrl+X si loo kaydiyo faylka
5. Waxaan ku duubnaa pandora.com subnets-ka wakiil
root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.201.0/24 -d 199.116.161.0/24,199.116.162.0/24,199.116.164.0/23,208.85.40.0/22,208.85.44.0/24,208.85.46.0/23 -p tcp -j REDIRECT --to-ports 888
6. Aynu ilaalino xeerarka
root@debian9:~# iptables-save > /etc/iptables/rules.v4
Dejinta iyo socodsiinta Proxy Transparent iyada oo loo marayo qaabeynta router
Qaabayntan, server-ka daah-furnaanta leh wuxuu noqon karaa PC gaar ah ama mishiin macmal ah oo ka dambeeya router guri/shirkad. Way ku filan tahay in la diiwaan geliyo dariiqyada taagan ee router ama aaladaha iyo dhammaan subnet-ka ayaa isticmaali doona wakiil iyada oo aan loo baahnayn wax goobo dheeraad ah.
MUHIIM! Waa lagama maarmaan in albaabkeenu uu ka helo IP-ga joogtada ah ee router-ka, ama loo habeeyey inuu iskiis u taagan yahay.
1. Habee ciwaanka albaabka taagan (enp0s3 adabtarada)
root@debian9:~# nano /etc/network/interfaces
/etc/network/interfaces file# Faylkaani wuxuu qeexayaa isku xirka shabakadaha laga heli karo nidaamkaaga
# iyo sida loo dhaqaajiyo. Macluumaad intaas ka badan, eeg interfaces(5).
source /etc/network/interfaces.d/*
# Isku xirka shabakadda loopback
baabuur
iface lo inet loopback
# Isku xirka shabakada aasaasiga ah
ogolaan-hotplug enp0s3
iface enp0s3 inet static
cinwaanka 192.168.23.2
netmask 255.255.255.0
albaabka 192.168.23.254
# Isku xirka shabakadda sare
ogolaan-hotplug enp0s8
iface enp0s8 inet static
cinwaanka 192.168.201.254
netmask 255.255.255.0
2. Oggolow aaladaha 192.168.23.0/24 subnet inay isticmaalaan wakiil
root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.23.0/24 -d 199.116.161.0/24,199.116.162.0/24,199.116.164.0/23,208.85.40.0/22,208.85.44.0/24,208.85.46.0/23 -p tcp -j REDIRECT --to-ports 888
3. Aynu ilaalino xeerarka
root@debian9:~# iptables-save > /etc/iptables/rules.v4
4. Aynu ka diiwaan gashanno subnets-ka router-ka
Liiska shabakada router199.116.161.0 255.255.255.0 192.168.23.2
199.116.162.0 255.255.255.0 192.168.23.2
199.116.164.0 255.255.254.0 192.168.23.2
208.85.40.0 255.255.252.0 192.168.23.2
208.85.44.0 255.255.255.0 192.168.23.2
208.85.46.0 255.255.254.0 192.168.23.2
Agabka/allaha la isticmaalo
1. Websiteka rasmiga ah ee barnaamijka 3proxy
2. Tilmaamaha ku rakibida 3proxy ee isha
3. 3 laanta horumarinta wakiil ee GitHub
Source: www.habr.com