I-ProHoster > Блог > Ukuphatha > Izisekelo zokusebenzisa ummeleli obala kusetshenziswa i-3proxy nama-iptables/netfilter noma "ukufaka yonke into ngommeleli"

Izisekelo zokusebenzisa ummeleli obala kusetshenziswa i-3proxy nama-iptables/netfilter noma "ukufaka yonke into ngommeleli"

Kulesi sihloko ngithanda ukuveza amathuba okuba ummeleli obala, okuvumela ukuthi uqondise kabusha yonke noma ingxenye yethrafikhi ngamaseva abambayo angaphandle anganakwa nhlobo amaklayenti.

Lapho ngiqala ukuxazulula le nkinga, ngangibhekene neqiniso lokuthi ukuqaliswa kwayo kwakunenkinga eyodwa ebalulekile - umthetho olandelwayo we-HTTPS. Ezinsukwini zakudala ezinhle, kwakungekho izinkinga ezikhethekile nge-proxying ye-HTTP esobala, kodwa nge-proxying ye-HTTPS, iziphequluli zibika ukuphazanyiswa kwephrothokholi futhi yilapho injabulo iphela khona.

Emiyalweni evamile yeseva elibamba le-squid, baze baphakamise ukukhiqiza isitifiketi sakho futhi usifake kumakhasimende, okuwumbudane ophelele okungenani, okungenangqondo futhi okubukeka njengokuhlasela kwe-MITM. Ngiyazi ukuthi i-squid isingakwazi ukwenza okufanayo, kodwa lesi sihloko simayelana nendlela efakazelwe futhi esebenzayo isebenzisa i-3proxy evela ku-3APA3A ehlonishwayo.

Okulandelayo, sizobheka ngokuningiliziwe inqubo yokwakha i-3proxy kusuka emthonjeni, ukucushwa kwayo, i-proxy egcwele futhi ekhethiwe isebenzisa i-NAT, ukusatshalaliswa kwesiteshi kumaseva amaningana angaphandle, kanye nokusetshenziswa komzila kanye nemizila emile. Sisebenzisa i-Debian 9 x64 njenge-OS. Qala!

Ifaka ummeleli ongu-3 nokusebenzisa iseva elibamba evamile

1. Faka ifconfig (kusuka ku-net-tools package)
apt-get install net-tools
2. Faka I-Midnight Commander
apt-get install mc
3. Manje sinezindawo ezimbili zokusebenzelana:
enp0s3 - yangaphandle, ibheka i-inthanethi
enp0s8 - yangaphakathi, kufanele ibheke kunethiwekhi yendawo
Kokunye ukusatshalaliswa okusekelwe ku-Debian izixhumi ezibonakalayo zivame ukubizwa ngokuthi i-eth0 ne-eth1.
ifconfig -a

interfaceenp0s3: amafulegi=4163 umuntu 1500
inet 192.168.23.11 netmask 255.255.255.0 ukusakaza 192.168.23.255
inet6 fe80::a00:27ff:fec2:bae4 prefixlen 64 scopeid 0x20 ether 08:00:27:c2:ba:e4 txqueuelen 1000 (Ethernet)
Amaphakethe e-RX 6412 bytes 8676619 (8.2 MiB)
Amaphutha e-RX 0 ehle 0 ama-overruns 0 uzimele 0
Amaphakethe we-TX 1726 bytes 289128 (282.3 KiB)
Amaphutha e-TX 0 ehle 0 ukweqa 0 inkampani yenethiwekhi 0 ukushayisana 0

enp0s8: amafulegi=4098 umuntu 1500
ether 08:00:27:79:a7:e3 txqueuelen 1000 (Ethernet)
Amaphakethe e-RX 0 amabhayithi 0 (0.0 B)
Amaphutha e-RX 0 ehle 0 ama-overruns 0 uzimele 0
Amaphakethe we-TX 0 bytes 0 (0.0 B)
Amaphutha e-TX 0 ehle 0 ukweqa 0 inkampani yenethiwekhi 0 ukushayisana 0

bheka: amafulegi=73 umuntu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1 (Loopback Yasendaweni)
Amaphakethe e-RX 0 amabhayithi 0 (0.0 B)
Amaphutha e-RX 0 ehle 0 ama-overruns 0 uzimele 0
Amaphakethe we-TX 0 bytes 0 (0.0 B)
Amaphutha e-TX 0 ehle 0 ukweqa 0 inkampani yenethiwekhi 0 ukushayisana 0

I-interface ye-enp0s8 ayisetshenziswa okwamanje, sizoyivumela uma sifuna ukusebenzisa ummeleli we-NAT noma ukulungiselelwa kwe-NAT. Kungaleso sikhathi lapho kungaba okunengqondo ukuyinikeza i-IP emile.

4. Masiqale ukufaka i-3proxy

4.1 Ukufaka amaphakheji ayisisekelo okuhlanganisa i-3proxy evela emithonjeni

root@debian9:~# apt-get install build-essential libevent-dev libssl-dev -y

4.2. Masidale ifolda yokulanda ingobo yomlando enemithombo

root@debian9:~# mkdir -p /opt/proxy

4.3. Asiye kule folda

root@debian9:~# cd /opt/proxy

4.4. Manje ake silande iphakheji yakamuva ye-3proxy. Ngesikhathi sokubhala, inguqulo yakamuva ezinzile bekungu-0.8.12 (18/04/2018) Ilande kuwebhusayithi esemthethweni ye-3proxy

root@debian9:/opt/proxy# wget https://github.com/z3APA3A/3proxy/archive/0.8.12.tar.gz

4.5. Masikhiphe ingobo yomlando elandiwe

root@debian9:/opt/proxy# tar zxvf 0.8.12.tar.gz

4.6. Iya kumkhombandlela ongapakishiwe ukuze wakhe uhlelo

root@debian9:/opt/proxy# cd 3proxy-0.8.12

4.7. Okulandelayo, sidinga ukwengeza umugqa efayeleni likanhlokweni ukuze iseva yethu ingaziwa ngokuphelele (isebenza ngempela, yonke into ihloliwe, ama-IP weklayenti afihliwe)

root@debian9:/opt/proxy/3proxy-0.8.12# nano +29 src/proxy.h

Engeza umugqa

#define ANONYMOUS 1

Cindezela u-Ctrl+x no-Enter ukuze ulondoloze izinguquko.

4.8. Ake siqale ukuhlanganisa uhlelo

root@debian9:/opt/proxy/3proxy-0.8.12# make -f Makefile.Linux

I-Makelogyenza[2]: Ishiya inkomba '/opt/proxy/3proxy-0.8.12/src/plugins/TransparentPlugin'
yenza[1]: Ishiya inkomba '/opt/proxy/3proxy-0.8.12/src'

Awekho amaphutha, asiqhubeke.

4.9. Faka uhlelo kusistimu

root@debian9:/opt/proxy/3proxy-0.8.12# make -f Makefile.Linux install

4.10. Iya kumkhombandlela wezimpande bese uhlola lapho uhlelo lufakwe khona

root@debian9:/opt/proxy/3proxy-0.8.12# cd ~/
root@debian9:~# whereis 3proxy
3 ummeleli: /usr/local/bin/3proxy/usr/local/etc/3proxy

4.11. Ake sakhe ifolda yamafayela okumisa namalogi ohlwini lwemibhalo lwasekhaya lomsebenzisi

root@debian9:~# mkdir -p /home/joke/proxy/logs

4.12. Iya kumkhombandlela lapho kufanele kube khona ukulungiselelwa

root@debian9:~# cd /home/joke/proxy/

4.13. Dala ifayela elingenalutho bese ukopisha ukulungiselelwa lapho

root@debian9:/home/joke/proxy# cat > 3proxy.conf

3ummeleli.confi-daemon
pidfile /home/joke/proxy/3proxy.pid
iseva 8.8.8.8
isiqephu 65536
umhloli wabasebenzisi:CL:1234
ukuphela kwesikhathi 1 5 30 60 180 1800 16 60
log /home/joke/proxy/logs/3proxy.log D
ifomethi yelogi "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
jikelezisa 3
i-auth strong
Fula
vumela umhloli
amasokisi -p3128
ummeleli -p8080

Ukuze ulondoloze, cindezela u-Ctrl + Z

4.14. Masidale ifayela le-pid ukuze kungabikho amaphutha ngesikhathi sokuqalisa.

root@debian9:/home/joke/proxy# cat > 3proxy.pid

Ukuze ulondoloze, cindezela u-Ctrl + Z

4.15. Masiqalise iseva elibamba!

root@debian9:/home/joke/proxy# 3proxy /home/joke/proxy/3proxy.conf

4.16. Ake sibone ukuthi ingabe iseva ilalele ezimbobeni

root@debian9:~/home/joke/proxy# netstat -nlp

ilogi ye-netstatUxhumano lwe-inthanethi olusebenzayo (amaseva kuphela)
I-Proto Recv-Q Send-Q Ikheli Lendawo Ikheli Lendawo Yangaphandle I-PID/Igama Lohlelo
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LALELA 504/3ummeleli
tcp 0 0 0.0.0.0:22 0.0.0.0:* LALELA 338/sshd
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LALELA 504/3ummeleli
tcp6 0 0 :::22 :::* LALELA 338/sshd
udp 0 0 0.0.0.0:68 0.0.0.0:* 352/dhclient

Njengoba kwakubhalwe ku-config, ummeleli wethu wewebhu ulalela i-port 8080, ummeleli we-Socks5 ulalela i-port 3128.

4.17. Ukuze uqale ngokuzenzakalelayo isevisi yommeleli ngemva kokuqalisa kabusha, udinga ukuyengeza ku-cron.

root@debian9:/home/joke/proxy# crontab -e

Engeza umugqa

@reboot /usr/local/bin/3proxy /home/joke/proxy/3proxy.conf

Sicindezela u-Enter, njengoba i-cron kufanele ibone ukuphela kohlamvu lomugqa, bese igcina ifayela.

Kufanele kube nomlayezo mayelana nokufaka i-crontab entsha.

I-crontab: ifaka i-crontab entsha

4.18. Masiqalise kabusha isistimu futhi sizame ukuxhuma ngesiphequluli kummeleli. Ukuhlola, sisebenzisa isiphequluli seFirefox (sommeleli wewebhu) kanye nesengezo seFoxyProxy samasokisi5 esinobuqiniso.

root@debian9:/home/joke/proxy# reboot

4.19. Ngemuva kokuhlola ukusebenza kommeleli ngemuva kokuqalisa kabusha, ungabuka izingodo. Lokhu kuqeda ukusethwa kweseva elibamba.

3 ilogi yommeleli1542573996.018 PROXY.8080 00000 umhloli 192.168.23.10:50915 217.12.15.54:443 1193 6939 0 CONNECT_ads.yahoo.com:443_HTTP
1542574289.634 SOCK5.3128 00000 umhloli 192.168.23.10:51193 54.192.13.69:443 0 0 0 CONNECT_normandy.cdn.mozilla.net:443

Isetha futhi iqalise ukucushwa kommeleli we-Transparent NAT

Kulokhu kulungiselelwa, wonke amadivayisi akunethiwekhi yangaphakathi azosebenza ngokusobala ku-inthanethi ngeseva elibamba elikude. Impela konke ukuxhumeka kwe-TCP kuzoqondiswa kabusha kokukodwa noma ngaphezulu (kuyandisa ngempela ububanzi besiteshi, isibonelo sokumisa No. 2!) Isevisi ye-DNS izosebenzisa amakhono we-3proxy (dnspr). I-UDP ngeke “iphumele” ngaphandle, njengoba singakasebenzisi indlela eya phambili (ikhutshazwe ngokuzenzakalelayo kukernel ye-Linux).

1. Isikhathi sokunika amandla isixhumi esibonakalayo se-enp0s8

root@debian9:~# nano /etc/network/interfaces

/etc/network/interfaces ifayela# Leli fayela lichaza ukuxhumana kwenethiwekhi okutholakala kusistimu yakho
# kanye nendlela yokuzisebenzisa. Ukuze uthole ulwazi olwengeziwe, bheka izindawo zokusebenzelana(5).

umthombo /etc/network/interfaces.d/*

# I-loopback network interface
auto lo
iface lo inet loopback

# I-interface yenethiwekhi eyinhloko
vumela-hotplug enp0s3
iface enp0s3 inet dhcp

# Ukuxhumana kwenethiwekhi yesibili
vumela-hotplug enp0s8
iface enp0s8 inet static
ikheli le-192.168.201.254
I-255.255.255.0 ye-netmask

Lapha sinikeze isixhumi esibonakalayo se-enp0s8 ikheli elimile 192.168.201.254 kanye nemaski 255.255.255.0
Londoloza u-Ctrl+X bese uqalisa kabusha

root@debian9:~# reboot

2. Ukuhlola izixhumanisi

root@debian9:~# ifconfig

ifconfig logenp0s3: amafulegi=4163 umuntu 1500
inet 192.168.23.11 netmask 255.255.255.0 ukusakaza 192.168.23.255
inet6 fe80::a00:27ff:fec2:bae4 prefixlen 64 scopeid 0x20 ether 08:00:27:c2:ba:e4 txqueuelen 1000 (Ethernet)
Amaphakethe e-RX 61 bytes 7873 (7.6 KB)
Amaphutha e-RX 0 ehle 0 ama-overruns 0 uzimele 0
Amaphakethe we-TX 65 bytes 10917 (10.6 KiB)
Amaphutha e-TX 0 ehle 0 ukweqa 0 inkampani yenethiwekhi 0 ukushayisana 0

enp0s8: amafulegi=4163 umuntu 1500
inet 192.168.201.254 netmask 255.255.255.0 ukusakaza 192.168.201.255
inet6 fe80::a00:27ff:fe79:a7e3 prefixlen 64 scopeid 0x20 ether 08:00:27:79:a7:e3 txqueuelen 1000 (Ethernet)
Amaphakethe e-RX 0 amabhayithi 0 (0.0 B)
Amaphutha e-RX 0 ehle 0 ama-overruns 0 uzimele 0
Amaphakethe we-TX 8 bytes 648 (648.0 B)
Amaphutha e-TX 0 ehle 0 ukweqa 0 inkampani yenethiwekhi 0 ukushayisana 0

bheka: amafulegi=73 umuntu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1 (Loopback Yasendaweni)
Amaphakethe e-RX 0 amabhayithi 0 (0.0 B)
Amaphutha e-RX 0 ehle 0 ama-overruns 0 uzimele 0
Amaphakethe we-TX 0 bytes 0 (0.0 B)
Amaphutha e-TX 0 ehle 0 ukweqa 0 inkampani yenethiwekhi 0 ukushayisana 0

3. Konke kuphumelele, manje udinga ukulungisa i-3proxy ukuze uthole ummeleli obala.

root@debian9:~# cd /home/joke/proxy/
root@debian9:/home/joke/proxy# cat > 3proxytransp.conf

Isibonelo sokucushwa kweseva elibamba esobala No. 1i-daemon
pidfile /home/joke/proxy/3proxy.pid
iseva 8.8.8.8
isiqephu 65536
ukuphela kwesikhathi 1 5 30 60 180 1800 16 60
log /home/joke/proxy/logs/3proxy.log D
ifomethi yelogi "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
jikelezisa 3
Fula
i-auth iponly
dnspr
vumela *
umzali 1000 amasokisi5 IP_ADDRESS OF EXTERNAL_PROXY 3128 umhloli 1234
i-plugin /opt/proxy/3proxy-0.8.12/src/TransparentPlugin.ld.so transparent_plugin
tcppm -i0.0.0.0 888 127.0.0.1 11111

4. Manje sethula i-3proxy nge-config entsha
root@debian9:/home/joke/proxy# /usr/local/bin/3proxy /home/joke/proxy/3proxytransp.conf

5. Engeza ku-crontab futhi
root@debian9:/home/joke/proxy# crontab -e
@reboot /usr/local/bin/3proxy /home/joke/proxy/3proxytransp.conf

6. Ake sibone ukuthi ummeleli wethu ulaleleni manje
root@debian9:~# netstat -nlp

ilogi ye-netstatUxhumano lwe-inthanethi olusebenzayo (amaseva kuphela)
I-Proto Recv-Q Send-Q Ikheli Lendawo Ikheli Lendawo Yangaphandle I-PID/Igama Lohlelo
tcp 0 0 0.0.0.0:22 0.0.0.0:* LALELA 349/sshd
tcp 0 0 0.0.0.0:888 0.0.0.0:* LALELA 354/3ummeleli
tcp6 0 0 :::22 :::* LALELA 349/sshd
udp 0 0 0.0.0.0:53 0.0.0.0:* 354/3ummeleli
udp 0 0 0.0.0.0:68 0.0.0.0:* 367/dhclient

7. Manje ummeleli usulungele ukwamukela noma yikuphi ukuxhumeka kwe-TCP ku-port 888, i-DNS ku-port 53, ukuze ngemva kwalokho iqondiswe kabusha kummeleli we-remote socks5 kanye ne-DNS Google 8.8.8.8. Okufanele sikwenze ukulungisa i-netfilter (ama-iptables) kanye nemithetho ye-DHCP yokukhipha amakheli.

8. Faka i-iptables-persistent kanye nephakheji ye-dhcpd

root@debian9:~# apt-get install iptables-persistent isc-dhcp-server

9. Hlela ifayela lokuqalisa le-dhcpd
root@debian9:~# nano /etc/dhcp/dhcpd.conf

dhcpd.conf# dhcpd.conf
#
# Isampula yefayela lokumisa le-ISC dhcpd
#

# izincazelo zezinketho ezijwayelekile kuwo wonke amanethiwekhi asekelwayo...
inketho yesizinda-igama "example.org";
inketho yesizinda-igama-amaseva ns1.example.org, ns2.example.org;

isikhathi sokuqasha esizenzakalelayo-600;
isikhathi sokuqashisa esiphezulu 7200;

ddns-update-style akukho;

# Uma le seva ye-DHCP iyiseva esemthethweni ye-DHCP yendawo
# inethiwekhi, isiyalelo esigunyaziwe kufanele singaphawuliwe.

onegunya

# Ukucushwa okuhluke kancane kwe-subnet yangaphakathi.
i-subnet 192.168.201.0 netmask 255.255.255.0 {
ububanzi 192.168.201.10 192.168.201.250;
inketho yesizinda-igama-amaseva 192.168.201.254;
ama-option routers 192.168.201.254;
ikheli lokusakaza lekheli 192.168.201.255;
isikhathi sokuqasha esizenzakalelayo-600;
isikhathi sokuqashisa esiphezulu 7200;
}

11. Qalisa kabusha futhi uhlole isevisi ku-port 67
root@debian9:~# reboot
root@debian9:~# netstat -nlp

ilogi ye-netstatUxhumano lwe-inthanethi olusebenzayo (amaseva kuphela)
I-Proto Recv-Q Send-Q Ikheli Lendawo Ikheli Lendawo Yangaphandle I-PID/Igama Lohlelo
tcp 0 0 0.0.0.0:22 0.0.0.0:* LALELA 389/sshd
tcp 0 0 0.0.0.0:888 0.0.0.0:* LALELA 310/3ummeleli
tcp6 0 0 :::22 :::* LALELA 389/sshd
udp 0 0 0.0.0.0:20364 0.0.0.0:* 393/dhcpd
udp 0 0 0.0.0.0:53 0.0.0.0:* 310/3ummeleli
udp 0 0 0.0.0.0:67 0.0.0.0:* 393/dhcpd
udp 0 0 0.0.0.0:68 0.0.0.0:* 405/dhclient
udp6 0 0 :::31728 :::* 393/dhcpd
eluhlaza 0 0 0.0.0.0:1 0.0.0.0:* 393/dhcpd

12. Okusele ukuqondisa kabusha zonke izicelo ze-tcp ku-port 888 futhi ugcine umthetho kuma-iptables.

root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.201.0/24 -p tcp -j REDIRECT --to-ports 888

root@debian9:~# iptables-save > /etc/iptables/rules.v4

13. Ukwandisa umkhawulokudonsa wesiteshi, ungasebenzisa amaseva ama-proxy amaningana ngesikhathi esisodwa. Isamba kufanele sibe ngu-1000. Kusungulwa ukuxhumana okusha okungenzeka kube ngu-0.2, 0.2, 0.2, 0.2, 0,1, 0,1 kumaseva abambayo acacisiwe.

Qaphela: uma sinommeleli wewebhu, esikhundleni samasokisi5 sidinga ukubhala ukuxhuma, uma amasokisi4, bese kuba amasokisi4 (amasokisi4 AKUSEKI UKUGUNYAZWA KWENGENA/IPHASWEDI!)

Isibonelo sokucushwa kweseva elibamba esobala No. 2i-daemon
pidfile /home/joke/proxy/3proxy.pid
iseva 8.8.8.8
isiqephu 65536
maxconn 500
ukuphela kwesikhathi 1 5 30 60 180 1800 16 60
log /home/joke/proxy/logs/3proxy.log D
ifomethi yelogi "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
jikelezisa 3
Fula
i-auth iponly
dnspr
vumela *

umzali 200 amasokisi5 IP_ADDRESS_EXTERNAL_PROXY#1 3128 umhloli 1234
umzali 200 amasokisi5 IP_ADDRESS_EXTERNAL_PROXY#2 3128 umhloli 1234
umzali 200 amasokisi5 IP_ADDRESS_EXTERNAL_PROXY#3 3128 umhloli 1234
umzali 200 amasokisi5 IP_ADDRESS_EXTERNAL_PROXY#4 3128 umhloli 1234
umzali 100 amasokisi5 IP_ADDRESS_EXTERNAL_PROXY#5 3128 umhloli 1234
umzali 100 amasokisi5 IP_ADDRESS_EXTERNAL_PROXY#6 3128 umhloli 1234

i-plugin /opt/proxy/3proxy-0.8.12/src/TransparentPlugin.ld.so transparent_plugin
tcppm -i0.0.0.0 888 127.0.0.1 11111

Ukusetha nokusebenzisa i-NAT + Transparent Proxy ukucushwa

Kulokhu kucushwa, sizosebenzisa indlela evamile ye-NAT nge-proxy ekhethiwe noma esobala ngokugcwele yamakheli angawodwana noma ama-subnet. Abasebenzisi benethiwekhi yangaphakathi bazosebenza namasevisi/ama-subnet athile ngaphandle kokuqaphela ukuthi basebenza ngommeleli. Konke ukuxhumeka kwe-https kusebenza kahle, azikho izitifiketi ezidinga ukukhiqizwa/ukushintshwa.

Okokuqala, ake sinqume ukuthi yimaphi ama-subnet/amasevisi esifuna ukuwenza ummeleli. Ake sicabange ukuthi ama-proxies angaphandle atholakala lapho isevisi efana ne-pandora.com isebenza khona. Manje kusasele ukucacisa ama-subnet/amakheli ayo.

1. Iphing

root@debian9:~# ping pandora.com
I-PING pandora.com (208.85.40.20) 56(84) amabhayithi edatha.

2. Thayipha i-BGP 208.85.40.20 ku-Google

Asiye esizeni bgp.he.net/net/208.85.40.0/24#_netinfo
Kuyabonakala ukuthi i-subnet engiyifunayo yi-AS40428 Pandora Media, Inc

bgp.he.net/net/208.85.40.0/24#_netinfo

Ivula iziqalo ze-v4

bgp.he.net/AS40428#_prefixes

Nawa ama-subnet adingekayo!

199.116.161.0/24
199.116.162.0/24
199.116.164.0/23
199.116.164.0/24
199.116.165.0/24
208.85.40.0/24
208.85.41.0/24
208.85.42.0/23
208.85.42.0/24
208.85.43.0/24
208.85.44.0/24
208.85.46.0/23
208.85.46.0/24
208.85.47.0/24

3. Ukunciphisa inani lama-subnets, udinga ukwenza ukuhlanganisa. Hamba kusayithi ip-calculator.ru/aggregate futhi ukopishe uhlu lwethu lapho. Njengomphumela - 6 subnets esikhundleni 14.

199.116.161.0/24
199.116.162.0/24
199.116.164.0/23
208.85.40.0/22
208.85.44.0/24
208.85.46.0/23

4. Sula imithetho ye-iptables

root@debian9:~# iptables -F
root@debian9:~# iptables -X
root@debian9:~# iptables -t nat -F
root@debian9:~# iptables -t nat -X

Nika amandla indlela eya phambili ne-NAT

root@debian9:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@debian9:~# iptables -A FORWARD -i enp0s3 -o enp0s8 -j ACCEPT
root@debian9:~# iptables -A FORWARD -i enp0s8 -o enp0s3 -j ACCEPT
root@debian9:~# iptables -t nat -A POSTROUTING -o enp0s3 -s 192.168.201.0/24 -j MASQUERADE

Ukuqinisekisa ukuthi phambili kunikwe amandla unomphela ngemva kokuqalisa kabusha, ake sishintshe ifayela

root@debian9:~# nano /etc/sysctl.conf

Bese ususa umugqa

net.ipv4.ip_forward = 1

Ctrl+X ukuze ulondoloze ifayela

5. Sigoqa ama-subnet e-pandora.com kummeleli

root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.201.0/24 -d 199.116.161.0/24,199.116.162.0/24,199.116.164.0/23,208.85.40.0/22,208.85.44.0/24,208.85.46.0/23 -p tcp -j REDIRECT --to-ports 888

6. Masigcine imithetho

root@debian9:~# iptables-save > /etc/iptables/rules.v4

Ukusetha nokusebenzisa i-Transparent Proxy ngokucushwa kwerutha

Kulesi silungiselelo, iseva elibamba esobala ingaba i-PC ehlukile noma umshini obonakalayo ngemuva kwerutha yasekhaya/yenkampani. Kwanele ukubhalisa imizila emile kumzila noma kumadivayisi futhi yonke i-subnet izosebenzisa ummeleli ngaphandle kwesidingo sanoma yiziphi izilungiselelo ezengeziwe.

KUBALULEKILE! Kudingeka ukuthi isango lethu lithole i-IP emile kumzila, noma lilungiselwe ukuthi libe limile ngokwalo.

1. Lungiselela ikheli lesango elimile (i-adaptha ye-enp0s3)

root@debian9:~# nano /etc/network/interfaces

/etc/network/interfaces ifayela# Leli fayela lichaza ukuxhumana kwenethiwekhi okutholakala kusistimu yakho
# kanye nendlela yokuzisebenzisa. Ukuze uthole ulwazi olwengeziwe, bheka izindawo zokusebenzelana(5).

umthombo /etc/network/interfaces.d/*

# I-loopback network interface
auto lo
iface lo inet loopback

# I-interface yenethiwekhi eyinhloko
vumela-hotplug enp0s3
iface enp0s3 inet static
ikheli le-192.168.23.2
I-255.255.255.0 ye-netmask
isango le-192.168.23.254

# Ukuxhumana kwenethiwekhi yesibili
vumela-hotplug enp0s8
iface enp0s8 inet static
ikheli le-192.168.201.254
I-255.255.255.0 ye-netmask

2. Vumela amadivayisi asuka ku-192.168.23.0/24 subnet ukuthi asebenzise ummeleli

root@debian9:~# iptables -t nat -A PREROUTING -s 192.168.23.0/24 -d 199.116.161.0/24,199.116.162.0/24,199.116.164.0/23,208.85.40.0/22,208.85.44.0/24,208.85.46.0/23 -p tcp -j REDIRECT --to-ports 888

3. Masigcine imithetho
root@debian9:~# iptables-save > /etc/iptables/rules.v4

4. Masibhalise ama-subnets kumzila

Uhlu lwenethiwekhi yomzila199.116.161.0 255.255.255.0 192.168.23.2
199.116.162.0 255.255.255.0 192.168.23.2
199.116.164.0 255.255.254.0 192.168.23.2
208.85.40.0 255.255.252.0 192.168.23.2
208.85.44.0 255.255.255.0 192.168.23.2
208.85.46.0 255.255.254.0 192.168.23.2

Izinto/izinsiza ezisetshenzisiwe

1. Iwebhusayithi esemthethweni yohlelo lwe-3proxy 3proxy.ru

2. Imiyalelo yokufaka i-3proxy emthonjeni www.ekzorchik.ru/2015/02/how-to-take-your-socks-proxy

3. 3igatsha lokuthuthukiswa kommeleli ku-GitHub github.com/z3APA3A/3proxy/issues/274

Source: www.habr.com

Engeza amazwana