tweaking dulu system ubuntu anda1. tweaking limit open file & ip forwarding
Code:
echo "* soft nofile 65535" >> /etc/security/limits.conf echo "* hard nofile 65535" >> /etc/security/limits.conf echo "net.ipv4.conf.all.rp_filter=0" >> /etc/sysctl.conf echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
Code:
apt-get install build-essential apt-get install libcap-dev
1. download squid2.7.STABLE9 & patch
Code:
wget http://www.squid-cache.org/Versions/v2/2.7/squid-2.7.STABLE9.tar.gz wget http://www.visolve.com/squid/tproxy4/squid-2.7s9-tproxy-4.patch
Code:
tar -zxvf squid-2.7.STABLE9.tar.gz cd squid-2.7.STABLE9 patch -p1 < ../squid-2.7s9-tproxy-4.patch
Code:
./configure '--prefix=/usr/local/squid' \ '--enable-async-io=24' \ '--enable-storeio=ufs,aufs,null,diskd' \ '--enable-auth=basic' \ '--enable-err-languages=English' \ '--disable-ident-lookups' \ '--disable-cache-digests' \ '--enable-follow-x-forwarded-for' \ '--enable-delay-pools' \ '--enable-http-violations' \ '--enable-arp-acl' \ '--with-maxfd=65535' \ '--enable-linux-netfilter' \ '--enable-linux-tproxy' \ '--with-libcap' make make install
4. di squid.conf anda tambahkan option ini pada bagian
Code:
http_port 8080 tansparent tproxy max_filedescriptors 65535
5. setting iproute2 & iptables untuk intercepting tproxy (transparent proxy)
Code:
ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 8080
Tidak ada komentar:
Posting Komentar