Ninu nkan yii Emi yoo fẹ lati ṣafihan awọn iṣeeṣe ti aṣoju sihin, eyiti o fun ọ laaye lati ṣe atunṣe gbogbo tabi apakan ti ijabọ nipasẹ awọn olupin aṣoju ita Egba ko ṣe akiyesi nipasẹ awọn alabara.
Nigbati mo bẹrẹ si yanju iṣoro yii, Mo dojuko pẹlu otitọ pe imuse rẹ ni iṣoro pataki kan - ilana HTTPS. Ni awọn ọjọ atijọ ti o dara, ko si awọn iṣoro pataki pẹlu aṣoju HTTP sihin, ṣugbọn pẹlu aṣoju HTTPS, awọn aṣawakiri ṣe ijabọ kikọlu pẹlu ilana naa ati pe ni ibi ti ayọ dopin.
Ninu awọn ilana ti o wọpọ fun olupin aṣoju Squid, wọn paapaa daba pe o ṣẹda ijẹrisi tirẹ ati fifi sori ẹrọ lori awọn alabara, eyiti o jẹ ọrọ isọkusọ ni o kere pupọ, aibikita ati pe o dabi ikọlu MITM kan. Mo mọ pe Squid le tẹlẹ ṣe nkan ti o jọra, ṣugbọn nkan yii jẹ nipa ọna ti a fihan ati ṣiṣẹ nipa lilo 3proxy lati ọwọ 3APA3A.
Nigbamii ti, a yoo wo ni apejuwe awọn ilana ti kikọ 3proxy lati orisun, iṣeto ni kikun ati yiyan aṣoju lilo NAT, pinpin ikanni si ọpọlọpọ awọn olupin aṣoju ita, ati lilo olulana ati awọn ipa-ọna aimi. A lo Debian 9 x64 bi OS. Berè!
Fifi 3proxy sori ẹrọ ati ṣiṣiṣẹ olupin aṣoju deede
1. Fi ifconfig sori ẹrọ (lati package awọn irinṣẹ net)
apt-get install net-tools
2. Fi sori ẹrọ Midnight Alakoso
apt-get install mc
3. A ni bayi 2 atọkun:
enp0s3 - ita, wulẹ ni awọn Internet
enp0s8 - ti abẹnu, gbọdọ wo sinu awọn agbegbe nẹtiwọki
Lori awọn pinpin orisun-Debian miiran awọn atọkun nigbagbogbo ni a pe ni eth0 ati eth1.
ifconfig -a
atọkunenp0s3: awọn asia=4163 osu 1500
inet 192.168.23.11 netmask 255.255.255.0 igbohunsafefe 192.168.23.255
inet6 fe80 :: a00:27ff: fec2: bae4 prefixlen 64 scopeid 0x20 ether 08:00:27:c2: ba: e4 txqueuelen 1000 (Ethernet)
Awọn apo-iwe RX 6412 baiti 8676619 (8.2 MiB)
Awọn aṣiṣe RX 0 silẹ 0 overruns 0 fireemu 0
Awọn apo-iwe TX 1726 baiti 289128 (282.3 KiB)
Awọn aṣiṣe TX 0 silẹ 0 overruns 0 ti ngbe 0 collisions 0
enp0s8: awọn asia = 4098 osu 1500
ether 08:00:27:79:a7:e3 txqueuelen 1000 (Eternet)
Awọn apo-iwe RX 0 baiti 0 (0.0 B)
Awọn aṣiṣe RX 0 silẹ 0 overruns 0 fireemu 0
Awọn apo-iwe TX 0 baiti 0 (0.0 B)
Awọn aṣiṣe TX 0 silẹ 0 overruns 0 ti ngbe 0 collisions 0
wò: awọn asia=73 oju 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 :: 1 prefixlen 128 scopeid 0x10 loop txqueuelen 1 (Local Loopback)
Awọn apo-iwe RX 0 baiti 0 (0.0 B)
Awọn aṣiṣe RX 0 silẹ 0 overruns 0 fireemu 0
Awọn apo-iwe TX 0 baiti 0 (0.0 B)
Awọn aṣiṣe TX 0 silẹ 0 overruns 0 ti ngbe 0 collisions 0
Ni wiwo enp0s8 ko lo lọwọlọwọ, a yoo jẹ ki o ṣiṣẹ nigba ti a fẹ lo Aṣoju NAT tabi iṣeto NAT. O jẹ lẹhinna pe yoo jẹ ọgbọn lati fi IP aimi fun u.
4. Jẹ ká bẹrẹ fifi 3proxy
4.1 Fifi sori awọn idii ipilẹ fun iṣakojọpọ 3proxy lati awọn orisun
root@debian9:~# apt-get install build-essential libevent-dev libssl-dev -y
4.2. Jẹ ki a ṣẹda folda kan fun igbasilẹ igbasilẹ pẹlu awọn orisun
root@debian9:~# mkdir -p /opt/proxy
4.3. Jẹ ki a lọ si folda yii
root@debian9:~# cd /opt/proxy
4.4. Bayi jẹ ki a ṣe igbasilẹ package 3proxy tuntun tuntun. Ni akoko kikọ, ẹya iduroṣinṣin tuntun jẹ 0.8.12 (18/04/2018) Ṣe igbasilẹ lati oju opo wẹẹbu 3proxy osise
root@debian9:/opt/proxy# wget https://github.com/z3APA3A/3proxy/archive/0.8.12.tar.gz
4.5. Jẹ ki a ṣafipamọ iwe ipamọ ti a gbasile
root@debian9:/opt/proxy# tar zxvf 0.8.12.tar.gz
4.6. Lọ si itọsọna ti a ko ṣajọpọ lati kọ eto naa
root@debian9:/opt/proxy# cd 3proxy-0.8.12
4.7. Nigbamii ti, a nilo lati ṣafikun laini kan si faili akọsori ki olupin wa jẹ ailorukọ patapata (o ṣiṣẹ gaan, ohun gbogbo ti ṣayẹwo, awọn IP alabara ti farapamọ)
root@debian9:/opt/proxy/3proxy-0.8.12# nano +29 src/proxy.h
Fi ila kan kun
#define ANONYMOUS 1
Tẹ Ctrl + x ati Tẹ sii lati fi awọn ayipada pamọ.
4.8. Jẹ ká bẹrẹ a Nto awọn eto
root@debian9:/opt/proxy/3proxy-0.8.12# make -f Makefile.Linux
Makelogṣe [2]: Nlọ liana silẹ '/opt/proxy/3proxy-0.8.12/src/plugins/TransparentPlugin'
ṣe [1]: Nlọ liana '/opt/proxy/3proxy-0.8.12/src'
Ko si awọn aṣiṣe, jẹ ki a tẹsiwaju.
4.9. Fi sori ẹrọ ni eto lori awọn eto
root@debian9:/opt/proxy/3proxy-0.8.12# make -f Makefile.Linux install
4.10. Lọ si itọsọna root ki o ṣayẹwo ibiti a ti fi eto naa sori ẹrọ
root@debian9:/opt/proxy/3proxy-0.8.12# cd ~/
root@debian9:~# whereis 3proxy
3aṣoju: /usr/agbegbe/bin/3proxy /usr/local/etc/3proxy
4.11. Jẹ ki a ṣẹda folda kan fun awọn faili iṣeto ni ati awọn akọọlẹ inu ilana ile olumulo
root@debian9:~# mkdir -p /home/joke/proxy/logs
4.12. Lọ si liana nibiti atunto yẹ ki o wa
root@debian9:~# cd /home/joke/proxy/
4.13. Ṣẹda ṣofo faili ki o daakọ atunto nibẹ
root@debian9:/home/joke/proxy# cat > 3proxy.conf
3proxy.confdaemon
pidfile /ile/joke/proxy/3proxy.pid
olupin 8.8.8.8
nscache 65536
aṣàmúlò: CL:1234
awọn akoko ipari 1 5 30 60 180 1800 16 60
log /home/joke/proxy/logs/3proxy.log D
logformat "- +_L%t.% %N.%p %E %U %C:%c %R:%r %O %I %h %T"
yiyi 3 pada
auth lagbara
danu
laaye ndan
ibọsẹ -p3128
aṣoju -p8080
Lati fipamọ, tẹ Ctrl + Z
4.14. Jẹ ki a ṣẹda faili pid ki ko si awọn aṣiṣe lakoko ibẹrẹ.
root@debian9:/home/joke/proxy# cat > 3proxy.pid
Lati fipamọ, tẹ Ctrl + Z
4.15. Jẹ ki a ṣe ifilọlẹ olupin aṣoju!
root@debian9:/home/joke/proxy# 3proxy /home/joke/proxy/3proxy.conf
4.16. Jẹ ki a wo boya olupin naa ngbọ lori awọn ibudo
root@debian9:~/home/joke/proxy# netstat -nlp
netstat logAwọn isopọ Ayelujara ti nṣiṣe lọwọ (awọn olupin nikan)
Proto Recv-Q Firanṣẹ-Q Adirẹsi Agbegbe Adirẹsi Ajeji Ipinle PID/Orukọ Eto
tcp 0 0 0.0.0.0:8080 0.0.0.0:* Gbọ 504/3 aṣoju
tcp 0 0 0.0.0.0:22 0.0.0.0:* Gbọ 338/sshd
tcp 0 0 0.0.0.0:3128 0.0.0.0:* Gbọ 504/3 aṣoju
tcp6 0 0 :::22 ::::* GBODO 338/sshd
udp 0 0 0.0.0.0:68 0.0.0.0:* 352/dhclient
Gẹgẹbi a ti kọ ọ sinu atunto, aṣoju wẹẹbu wa tẹtisi ibudo 8080, aṣoju Socks5 tẹtisi ibudo 3128.
4.17. Lati bẹrẹ iṣẹ aṣoju bẹrẹ laifọwọyi lẹhin atunbere, o nilo lati ṣafikun si cron.
root@debian9:/home/joke/proxy# crontab -e
Fi ila kan kun
@reboot /usr/local/bin/3proxy /home/joke/proxy/3proxy.conf
A tẹ Tẹ, niwon cron yẹ ki o wo opin ohun kikọ laini, ati fi faili pamọ.
Ifiranṣẹ yẹ ki o wa nipa fifi crontab tuntun sori ẹrọ.
crontab: fifi titun crontab
4.18. Jẹ ki a tun atunbere eto naa ki o gbiyanju lati sopọ nipasẹ ẹrọ aṣawakiri si aṣoju. Lati ṣayẹwo, a lo ẹrọ aṣawakiri Firefox (fun aṣoju wẹẹbu) ati afikun FoxyProxy fun awọn ibọsẹ5 pẹlu ijẹrisi.
root@debian9:/home/joke/proxy# reboot
4.19. Lẹhin ti ṣayẹwo iṣẹ ti aṣoju lẹhin atunbere, o le wo awọn akọọlẹ naa. Eyi pari iṣeto olupin aṣoju.
3 aṣoju log1542573996.018 PROXY.8080 00000 onidanwo 192.168.23.10:50915 217.12.15.54:443 1193 6939 0 CONNECT_Ads.yahoo.com:443.
1542574289.634 SOCK5.3128 00000 onidanwo 192.168.23.10:51193 54.192.13.69:443 0 0 0 CONNECT_normandy.cdn.mozilla.net:443
Ṣiṣeto ati ṣiṣe iṣeto ni Aṣoju Aṣoju NAT
Ninu iṣeto yii, gbogbo awọn ẹrọ lori nẹtiwọọki inu yoo ṣiṣẹ ni gbangba lori Intanẹẹti nipasẹ olupin aṣoju latọna jijin. Egba gbogbo awọn asopọ TCP yoo wa ni darí si ọkan tabi diẹ ẹ sii (gan faagun iwọn ikanni, apẹẹrẹ iṣeto ni No.. 2!) Awọn olupin aṣoju. Iṣẹ DNS yoo lo awọn agbara 3proxy (dnspr). UDP kii yoo “lọ” si ita, nitori a ko tii lo ẹrọ siwaju (alaabo nipasẹ aiyipada ni ekuro Linux).
1. O ni akoko lati jeki enp0s8 ni wiwo
root@debian9:~# nano /etc/network/interfaces
/etc/network/faili atọkun# Faili yii ṣe apejuwe awọn atọkun nẹtiwọọki ti o wa lori eto rẹ
# ati bii o ṣe le mu wọn ṣiṣẹ. Fun alaye diẹ ẹ sii, wo awọn atọkun (5).
orisun /etc/network/interfaces.d/*
# Ni wiwo nẹtiwọọki loopback
auto lo
iface lo inet loopback
# Ni wiwo nẹtiwọọki akọkọ
gba-hotplug enp0s3
iface enp0s3 inet dhcp
# Ni wiwo nẹtiwọki Atẹle
gba-hotplug enp0s8
iface enp0s8 inet aimi
adirẹsi 192.168.201.254
netmask 255.255.255.0
Nibi ti a yàn enp0s8 ni wiwo a aimi adirẹsi 192.168.201.254 ati ki o kan boju 255.255.255.0
Fipamọ Konturolu + X ati atunbere
root@debian9:~# reboot
2. Ṣiṣayẹwo awọn atọkun
root@debian9:~# ifconfig
ifconfig logenp0s3: awọn asia=4163 osu 1500
inet 192.168.23.11 netmask 255.255.255.0 igbohunsafefe 192.168.23.255
inet6 fe80 :: a00:27ff: fec2: bae4 prefixlen 64 scopeid 0x20 ether 08:00:27:c2: ba: e4 txqueuelen 1000 (Ethernet)
Awọn apo-iwe RX 61 baiti 7873 (7.6 KiB)
Awọn aṣiṣe RX 0 silẹ 0 overruns 0 fireemu 0
Awọn apo-iwe TX 65 baiti 10917 (10.6 KiB)
Awọn aṣiṣe TX 0 silẹ 0 overruns 0 ti ngbe 0 collisions 0
enp0s8: awọn asia=4163 osu 1500
inet 192.168.201.254 netmask 255.255.255.0 igbohunsafefe 192.168.201.255
inet6 fe80 :: a00: 27ff: fe79: a7e3 prefixlen 64 scopeid 0x20 ether 08: 00: 27: 79: a7: e3 txqueuelen 1000 (Ethernet)
Awọn apo-iwe RX 0 baiti 0 (0.0 B)
Awọn aṣiṣe RX 0 silẹ 0 overruns 0 fireemu 0
Awọn apo-iwe TX 8 baiti 648 (648.0 B)
Awọn aṣiṣe TX 0 silẹ 0 overruns 0 ti ngbe 0 collisions 0
wò: awọn asia=73 oju 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 :: 1 prefixlen 128 scopeid 0x10 loop txqueuelen 1 (Local Loopback)
Awọn apo-iwe RX 0 baiti 0 (0.0 B)
Awọn aṣiṣe RX 0 silẹ 0 overruns 0 fireemu 0
Awọn apo-iwe TX 0 baiti 0 (0.0 B)
Awọn aṣiṣe TX 0 silẹ 0 overruns 0 ti ngbe 0 collisions 0
3. Ohun gbogbo ṣiṣẹ jade, bayi o nilo lati tunto 3proxy fun sihin proxying.
root@debian9:~# cd /home/joke/proxy/
root@debian9:/home/joke/proxy# cat > 3proxytransp.conf
Iṣeto apẹẹrẹ ti olupin aṣoju aṣoju No. 1daemon
pidfile /ile/joke/proxy/3proxy.pid
olupin 8.8.8.8
nscache 65536
awọn akoko ipari 1 5 30 60 180 1800 16 60
log /home/joke/proxy/logs/3proxy.log D
logformat "- +_L%t.% %N.%p %E %U %C:%c %R:%r %O %I %h %T"
yiyi 3 pada
danu
auth iponly
dnspr
gba laaye*
obi 1000 socks5 IP_ADDRESS OF EXTERNAL_PROXY 3128 tester 1234
itanna /opt/proxy/3proxy-0.8.12/src/TransparentPlugin.ld.so transparent_plugin
tcppm -i0.0.0.0 888 127.0.0.1 11111
4. Bayi a ṣe ifilọlẹ 3proxy pẹlu atunto tuntun
root@debian9:/home/joke/proxy# /usr/local/bin/3proxy /home/joke/proxy/3proxytransp.conf
5. Fikun-un si crontab lẹẹkansi
root@debian9:/home/joke/proxy# crontab -e
@reboot /usr/local/bin/3proxy /home/joke/proxy/3proxytransp.conf
6. Jẹ ki a wo ohun ti aṣoju wa ngbọ ni bayi
root@debian9:~# netstat -nlp
netstat logAwọn isopọ Ayelujara ti nṣiṣe lọwọ (awọn olupin nikan)
Proto Recv-Q Firanṣẹ-Q Adirẹsi Agbegbe Adirẹsi Ajeji Ipinle PID/Orukọ Eto
tcp 0 0 0.0.0.0:22 0.0.0.0:* Gbọ 349/sshd
tcp 0 0 0.0.0.0:888 0.0.0.0:* Gbọ 354/3 aṣoju
tcp6 0 0 :::22 ::::* GBODO 349/sshd
udp 0 0 0.0.0.0:53 0.0.0.0:* 354/3aṣoju
udp 0 0 0.0.0.0:68 0.0.0.0:* 367/dhclient
7. Bayi aṣoju ti šetan lati gba eyikeyi awọn asopọ TCP lori ibudo 888, DNS lori ibudo 53, ki wọn le ṣe darí wọn si aṣoju socks5 latọna jijin ati DNS Google 8.8.8.8. Gbogbo ohun ti a ni lati ṣe ni tunto netfilter (iptables) ati awọn ofin DHCP fun ipinfunni awọn adirẹsi.
8. Fi sori ẹrọ iptables-jubẹẹlo ati dhcpd package
root@debian9:~# apt-get install iptables-persistent isc-dhcp-server
9. Ṣatunkọ faili ibẹrẹ dcpd
root@debian9:~# nano /etc/dhcp/dhcpd.conf
dhcpd.conf# dhcpd.conf
#
# Faili iṣeto ni apẹẹrẹ fun ISC dhcpd
#
Awọn asọye aṣayan # wọpọ si gbogbo awọn nẹtiwọọki atilẹyin…
aṣayan-ašẹ-orukọ "example.org";
aṣayan domain-name-servers ns1.example.org, ns2.example.org;
akoko aiyipada-yiyalo 600;
max-ya-akoko 7200;
ddns-imudojuiwọn-ara ko si;
# Ti olupin DHCP yii ba jẹ olupin DHCP osise fun agbegbe
# nẹtiwọọki, itọsọna aṣẹ yẹ ki o jẹ aibikita.
aṣẹ;
# Iṣeto ti o yatọ diẹ fun subnet inu inu.
subnet 192.168.201.0 netmask 255.255.255.0 {
sakani 192.168.201.10 192.168.201.250;
aṣayan-ašẹ-orukọ-olupin 192.168.201.254;
aṣayan awọn olulana 192.168.201.254;
aṣayan igbohunsafefe-adirẹsi 192.168.201.255;
akoko aiyipada-yiyalo 600;
max-ya-akoko 7200;
}
11. Tun atunbere ati ṣayẹwo iṣẹ lori ibudo 67
root@debian9:~# reboot
root@debian9:~# netstat -nlp
netstat logAwọn isopọ Ayelujara ti nṣiṣe lọwọ (awọn olupin nikan)
Proto Recv-Q Firanṣẹ-Q Adirẹsi Agbegbe Adirẹsi Ajeji Ipinle PID/Orukọ Eto
tcp 0 0 0.0.0.0:22 0.0.0.0:* Gbọ 389/sshd
tcp 0 0 0.0.0.0:888 0.0.0.0:* Gbọ 310/3 aṣoju
tcp6 0 0 :::22 ::::* GBODO 389/sshd
udp 0 0 0.0.0.0:20364 0.0.0.0:* 393/dhcpd
udp 0 0 0.0.0.0:53 0.0.0.0:* 310/3aṣoju
udp 0 0 0.0.0.0:67 0.0.0.0:* 393/dhcpd
udp 0 0 0.0.0.0:68 0.0.0.0:* 405/dhclient
udp6 0 0 :: 31728 ::* 393/dhcpd
aise 0 0 0.0.0.0:1 0.0.0.0:* 393/dhcpd
12. Gbogbo ohun ti o ku ni lati tun gbogbo awọn ibeere tcp lọ si ibudo 888 ati fi ofin pamọ sinu awọn iptables.
root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.201.0/24 -p tcp -j REDIRECT --to-ports 888
root@debian9:~# iptables-save > /etc/iptables/rules.v4
13. Lati faagun bandiwidi ikanni, o le lo ọpọlọpọ awọn olupin aṣoju ni ẹẹkan. Lapapọ gbọdọ jẹ 1000. Awọn asopọ titun ti wa ni idasilẹ pẹlu iṣeeṣe ti 0.2, 0.2, 0.2, 0.2, 0,1, 0,1 si awọn olupin aṣoju ti a ti sọ tẹlẹ.
Akiyesi: ti a ba ni aṣoju wẹẹbu kan, lẹhinna dipo awọn ibọsẹ5 a nilo lati kọ asopọ, ti awọn ibọsẹ4, lẹhinna awọn ibọsẹ4 (socks4 KO ṣe atilẹyin iwọle / aṣẹ iwọle!)
Iṣeto apẹẹrẹ ti olupin aṣoju aṣoju No. 2daemon
pidfile /ile/joke/proxy/3proxy.pid
olupin 8.8.8.8
nscache 65536
maxconn 500
awọn akoko ipari 1 5 30 60 180 1800 16 60
log /home/joke/proxy/logs/3proxy.log D
logformat "- +_L%t.% %N.%p %E %U %C:%c %R:%r %O %I %h %T"
yiyi 3 pada
danu
auth iponly
dnspr
gba laaye*
obi 200 ibọsẹ5 IP_ADDRESS_EXTERNAL_PROXY#1 3128 tester 1234
obi 200 ibọsẹ5 IP_ADDRESS_EXTERNAL_PROXY#2 3128 tester 1234
obi 200 ibọsẹ5 IP_ADDRESS_EXTERNAL_PROXY#3 3128 tester 1234
obi 200 ibọsẹ5 IP_ADDRESS_EXTERNAL_PROXY#4 3128 tester 1234
obi 100 ibọsẹ5 IP_ADDRESS_EXTERNAL_PROXY#5 3128 tester 1234
obi 100 ibọsẹ5 IP_ADDRESS_EXTERNAL_PROXY#6 3128 tester 1234
itanna /opt/proxy/3proxy-0.8.12/src/TransparentPlugin.ld.so transparent_plugin
tcppm -i0.0.0.0 888 127.0.0.1 11111
Ṣiṣeto ati ṣiṣiṣẹ NAT + iṣeto aṣoju aṣoju
Ninu iṣeto yii, a yoo lo ẹrọ NAT deede pẹlu yiyan tabi aṣoju aṣoju ni kikun ti awọn adirẹsi ẹni kọọkan tabi awọn subnets. Awọn olumulo nẹtiwọọki ti inu yoo ṣiṣẹ pẹlu awọn iṣẹ kan/awọn isunti lai ṣe akiyesi pe wọn n ṣiṣẹ nipasẹ aṣoju kan. Gbogbo awọn asopọ https ṣiṣẹ daradara, ko si awọn iwe-ẹri nilo lati ṣe ipilẹṣẹ / rọpo.
Ni akọkọ, jẹ ki a pinnu iru awọn iṣẹ abẹlẹ/awọn iṣẹ ti a fẹ lati ṣe aṣoju. Jẹ ki a ro pe awọn aṣoju ita wa nibiti iṣẹ kan bii pandora.com nṣiṣẹ. Bayi o wa lati pinnu awọn subnets/adirẹsi rẹ.
1. Ping
root@debian9:~# ping pandora.com
PING pandora.com (208.85.40.20) 56 (84) awọn baiti ti data.
2. Tẹ BGP 208.85.40.20 sinu Google
Jẹ ki a lọ si aaye naa
O le rii pe subnet ti Mo n wa ni AS40428 Pandora Media, Inc
Ṣii awọn asọtẹlẹ v4
Eyi ni awọn subnets ti a beere!
199.116.161.0/24
199.116.162.0/24
199.116.164.0/23
199.116.164.0/24
199.116.165.0/24
208.85.40.0/24
208.85.41.0/24
208.85.42.0/23
208.85.42.0/24
208.85.43.0/24
208.85.44.0/24
208.85.46.0/23
208.85.46.0/24
208.85.47.0/24
3. Lati dinku nọmba awọn subnets, o nilo lati ṣe akojọpọ. Lọ si aaye naa ati daakọ akojọ wa nibẹ. Bi abajade - 6 subnets dipo 14.
199.116.161.0/24
199.116.162.0/24
199.116.164.0/23
208.85.40.0/22
208.85.44.0/24
208.85.46.0/23
4. Ko iptables ofin
root@debian9:~# iptables -F
root@debian9:~# iptables -X
root@debian9:~# iptables -t nat -F
root@debian9:~# iptables -t nat -X
Mu ọna siwaju ati NAT ṣiṣẹ
root@debian9:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@debian9:~# iptables -A FORWARD -i enp0s3 -o enp0s8 -j ACCEPT
root@debian9:~# iptables -A FORWARD -i enp0s8 -o enp0s3 -j ACCEPT
root@debian9:~# iptables -t nat -A POSTROUTING -o enp0s3 -s 192.168.201.0/24 -j MASQUERADE
Lati rii daju pe siwaju wa ni sise patapata lẹhin atunbere, jẹ ki a yi faili naa pada
root@debian9:~# nano /etc/sysctl.conf
Ati uncomment ila
net.ipv4.ip_forward = 1
Ctrl + X lati fi faili pamọ
5. A fi ipari si pandora.com subnets ni aṣoju kan
root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.201.0/24 -d 199.116.161.0/24,199.116.162.0/24,199.116.164.0/23,208.85.40.0/22,208.85.44.0/24,208.85.46.0/23 -p tcp -j REDIRECT --to-ports 888
6. Jẹ ki a pa awọn ofin mọ
root@debian9:~# iptables-save > /etc/iptables/rules.v4
Ṣiṣeto ati ṣiṣe Aṣoju Sihin nipasẹ iṣeto olulana
Ninu iṣeto yii, olupin aṣoju ti o han gbangba le jẹ PC lọtọ tabi ẹrọ foju kan lẹhin olulana ile/ajọpọ. O to lati forukọsilẹ awọn ipa-ọna aimi lori olulana tabi awọn ẹrọ ati gbogbo subnet yoo lo aṣoju laisi iwulo fun eyikeyi awọn eto afikun.
PATAKI! O jẹ dandan pe ẹnu-ọna wa gba IP aimi lati ọdọ olulana, tabi tunto lati jẹ aimi funrararẹ.
1. Tunto adirẹsi ẹnu-ọna aimi kan (ohun ti nmu badọgba enp0s3)
root@debian9:~# nano /etc/network/interfaces
/etc/network/faili atọkun# Faili yii ṣe apejuwe awọn atọkun nẹtiwọọki ti o wa lori eto rẹ
# ati bii o ṣe le mu wọn ṣiṣẹ. Fun alaye diẹ ẹ sii, wo awọn atọkun (5).
orisun /etc/network/interfaces.d/*
# Ni wiwo nẹtiwọọki loopback
auto lo
iface lo inet loopback
# Ni wiwo nẹtiwọọki akọkọ
gba-hotplug enp0s3
iface enp0s3 inet aimi
adirẹsi 192.168.23.2
netmask 255.255.255.0
ẹnu-ọna 192.168.23.254
# Ni wiwo nẹtiwọki Atẹle
gba-hotplug enp0s8
iface enp0s8 inet aimi
adirẹsi 192.168.201.254
netmask 255.255.255.0
2. Gba awọn ẹrọ laaye lati inu subnet 192.168.23.0/24 lati lo aṣoju
root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.23.0/24 -d 199.116.161.0/24,199.116.162.0/24,199.116.164.0/23,208.85.40.0/22,208.85.44.0/24,208.85.46.0/23 -p tcp -j REDIRECT --to-ports 888
3. Jẹ ki a pa awọn ofin mọ
root@debian9:~# iptables-save > /etc/iptables/rules.v4
4. Jẹ ki a forukọsilẹ awọn subnets lori olulana
Akojọ nẹtiwọki olulana199.116.161.0 255.255.255.0 192.168.23.2
199.116.162.0 255.255.255.0 192.168.23.2
199.116.164.0 255.255.254.0 192.168.23.2
208.85.40.0 255.255.252.0 192.168.23.2
208.85.44.0 255.255.255.0 192.168.23.2
208.85.46.0 255.255.254.0 192.168.23.2
Awọn ohun elo / awọn orisun ti a lo
1. Oju opo wẹẹbu osise ti eto 3proxy
2. Awọn ilana fun fifi 3proxy lati orisun
3. 3proxy idagbasoke ẹka lori GitHub
orisun: www.habr.com