If you can't read please download the document
TProxy IPFire
Embed Size (px)
Citation preview
Khusus untuk webproxy bawaan IPFire (squid 3.x) atau addon
squid-2.7STABLE9. Non-aktifkan transparent di web interface ->
Save & Restart Edit file atau tambahkan file
/etc/squid/squid.conf.pre.local, tambahkan baris b erikut :
http_port 3129 transparent tproxy [root@IPFire [root@IPFire
[root@IPFire [root@IPFire [root@IPFire [root@IPFire [root@IPFire
[root@IPFire [root@IPFire ~]# ~]# ~]# ~]# ~]# ~]# ~]# ~]# ~]#
modprobe modprobe modprobe modprobe modprobe modprobe modprobe
modprobe modprobe xt_TPROXY xt_socket nf_tproxy_core xt_mark nf_nat
nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 ipt_REDIRECTSesuaikan
IP Address pada interface green. Sebagai contoh, saya pake
172.16.5.1 [root@IPFire ~]# [root@IPFire ~]# [root@IPFire ~]#
[root@IPFire ~]# [root@IPFire ~]# [root@IPFire ~]# t 80 -j ACCEPT
[root@IPFire ~]# t 3128 -j ACCEPT [root@IPFire ~]# ort 80 -j TPROXY
iptables iptables iptables iptables iptables iptables -t -t -t -t
-t -t mangle mangle mangle mangle mangle mangle -N -A -A -A -A -A
DIVERT DIVERT -j MARK --set-mark 1 DIVERT -j ACCEPT INPUT -j ACCEPT
PREROUTING -p tcp -m socket -j DIVERT PREROUTING -d 172.16.5.1/32
-p tcp --dporiptables -t mangle -A PREROUTING -d 172.16.5.1/32 -p
tcp --dpor iptables -t mangle -A PREROUTING ! -d 172.16.5.1/32 -p
tcp --dp --tproxy-mark 0x1/0x1 --on-port 3129[root@IPFire ~]# ip
rule add fwmark 1 lookup 100 [root@IPFire ~]# ip route add local
0.0.0.0/0 dev lo table 100 [root@IPFire ~]# sysctl
net.ipv4.ip_nonlocal_bind=1 [root@IPFire ~]# sysctl
net.ipv4.ip_forward=1 Setting Mikrotik : /ip firewall mangle add
action=mark-routing chain=prerouting disabled=no dst-port=80 \
in-interface=ether1-client new-routing-mark=proxy passthrough=no
protocol=tc p add action=mark-connection chain=prerouting
disabled=no dst-port=80 \ in-interface=ether5-PROXY
new-connection-mark=tproxy passthrough=yes protoco l=\ tcp
src-address=!172.16.5.1 add action=mark-routing chain=prerouting
connection-mark=tproxy disabled=no \ in-interface=!ether5-proxy
new-routing-mark=proxy passthrough=no tulisan ini dicomot dari
tempat sampah mas Syaifuddin. :)
