Advertisement
sukriborneo

tutor install squid 3.5.xxx di ubuntu

Nov 5th, 2017
103
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. apt-get update
  2. apt-get install build-essential devscripts libcppunit-dev openssl libssl-dev libcap-dev libsasl2-dev ccze pkg-config libkrb5-dev apache2 php5 -y
  3. ### install pake ecap seperti http://pastebin.com/G8sUCy6h
  4. cd
  5. wget http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.20-20160724-r14069.tar.gz
  6. tar xzvf squid-3.5.20-20160724-r14069.tar.gz
  7. wget -O squid_forgery.patch http://www.squid-cache.org/mail-archive/squid-users/201404/att-0240/squid_forgery.patch.txt
  8. cd squid-3.5.20-20160724-r14069
  9. patch -p0 <../squid_forgery.patch
  10. ### configure squid http://pastebin.com/YJxDf02h
  11. make
  12. make install
  13. chown -R nobody /var/log/squid
  14. chown -R nobody /cache
  15. mkdir -p /etc/squid/ssl_cert
  16. openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout /etc/squid/ssl_cert/warnet.pem -out /etc/squid/ssl_cert/warnet.pem -subj "/C=ID/ST=Jawa Tengah/L=Semarang/O=TSI/CN=Terapi Squid Indonesia"
  17. openssl x509 -in /etc/squid/ssl_cert/warnet.pem -outform DER -out /etc/squid/ssl_cert/warnet.der
  18. openssl x509 -in /etc/squid/ssl_cert/warnet.pem -outform DER -out /etc/squid/ssl_cert/warnet.crt
  19. /usr/lib/squid/ssl_crtd -c -s /var/lib/ssl_db
  20. chown -R nobody /var/lib/ssl_db
  21.  
  22. ### awal squid.conf, jangan ditulis ###
  23. # Recommended minimum configuration:
  24. # sesuaikan ukuran cache
  25. # sesuaikan ip address
  26. # script squid.conf untuk non-range 360p
  27.  
  28. # Example rule allowing access from your local networks.
  29. # Adapt to list your (internal) IP networks from where browsing
  30. # should be allowed
  31. dns_v4_first on
  32. reply_header_access Alternate-Protocol deny all
  33. reply_header_access Alt-Svc deny all
  34.  
  35. #cache_dir aufs /cache 700000 16 256
  36. cache_dir aufs /cache 360000 1 1
  37. cache_mem 8 MB
  38. coredump_dir /var/log/squid
  39.  
  40. cache_swap_low 80
  41. cache_swap_high 85
  42. cache_replacement_policy heap LFUDA
  43. memory_replacement_policy heap GDSF
  44.  
  45. maximum_object_size 4096000 KB
  46. maximum_object_size_in_memory 0 KB
  47. request_body_max_size 0 KB
  48. refresh_all_ims on
  49. reload_into_ims on
  50.  
  51. cache_mgr cespun@gmail.com
  52. visible_hostname cespun-proxy
  53. strip_query_terms off
  54. httpd_suppress_version_string on
  55. log_mime_hdrs off
  56. forwarded_for off
  57. via off
  58.  
  59. request_header_access X-Forwarded-For deny all
  60. reply_header_access X-Forwarded-For deny all
  61. request_header_access Via deny all
  62. reply_header_access Via deny all
  63. max_filedescriptors 65536
  64.  
  65. cache_swap_high 98
  66. cache_swap_low 95
  67. fqdncache_size 4096
  68. ipcache_size 4096
  69. dns_nameservers 208.67.222.222 208.67.220.220
  70.  
  71. http_port 3128
  72. #http_port 3127 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
  73. #http_port 3129 intercept
  74. #https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
  75. http_port 3129 tproxy
  76. https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
  77.  
  78. qos_flows local-hit=0x30
  79.  
  80. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
  81. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
  82. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
  83. acl localnet src fc00::/7 # RFC 4193 local private network range
  84. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
  85. acl SSL_ports port 443
  86. acl Safe_ports port 80 # http
  87. acl Safe_ports port 182 # http
  88. acl Safe_ports port 21 # ftp
  89. acl Safe_ports port 443 # https
  90. acl Safe_ports port 70 # gopher
  91. acl Safe_ports port 210 # wais
  92. acl Safe_ports port 1025-65535 # unregistered ports
  93. acl Safe_ports port 280 # http-mgmt
  94. acl Safe_ports port 488 # gss-http
  95. acl Safe_ports port 591 # filemaker
  96. acl Safe_ports port 777 # multiling http
  97.  
  98. acl step1 at_step SslBump1
  99. acl step2 at_step SslBump2
  100. acl step3 at_step SslBump3
  101. #acl sslserver ssl::server_name_regex -i "/etc/squid/bypass.txt"
  102. #acl iphone browser -i regexp (iPhone|iPad)
  103. #acl BB browser -i regexp (BlackBerry|PlayBook)
  104. #acl Winphone browser -i regexp (Windows.*Phone|Trident|IEMobile)
  105. #acl Android browser -i regexp Android
  106. acl yt-modif url_regex -i ^https?\:\/\/www\.youtube\.com\/(watch\?v|embed|v)
  107. acl youtube url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
  108. acl versipatch url_regex -i ^http.*(update|patch).*versi
  109. acl versipatch url_regex -i ^http.*versi.*(update|patch)
  110. acl versipatch url_regex -i ^http.*(antihack|xigncode|gameguard)
  111. #acl patchpartial url_regex -i ^http.*(garena|gemscool|netmarble|valve|dota|winnerinter|lytogame|megaxus).*patch
  112. #acl patchpartial url_regex -i ^http.*patch.*(garena|gemscool|netmarble|valve|dota|winnerinter|lytogame|megaxus)
  113. acl patchpartial url_regex -i ^http.*patch.*garena
  114. acl patchpartial url_regex -i ^http.*garena.*patch
  115. acl httptomiss http_status 302
  116. acl mimehtml rep_mime_type -i mime-type ^text/html
  117. acl mimeplain rep_mime_type -i mime-type ^text/plain
  118. acl tostoreid url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
  119. acl tostoreid url_regex -i ^http.*(fbcdn|akamaihd)
  120. acl tostoreid url_regex -i ^http.*c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/.*\?
  121. acl tostoreid url_regex -i ^http.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/.*\/.*\?
  122. acl tostoreid url_regex -i ^http.*datafilehost.*\/get\.php.*file\=.*
  123. acl tostoreid url_regex -i ^http.*\.filehippo\.com\/.*\?
  124. acl tostoreid url_regex -i ^http.*\.4shared\.com\/.*\/.*\/.*\/dlink.*preview.mp3
  125. acl tostoreid url_regex -i ^http.*\.4shared\.com\/download\/.*\/.*\?tsid
  126. acl tostoreid url_regex -i ^http.*steam(powered|content)
  127. acl tostoreid url_regex -i ^http.*savefile\.co\:182\/.*\/.*\.(mp4|flv|3gp)
  128. acl tostoreid url_regex -i ^http.*video\-http\.media\-imdb\.com\/.*\.mp4\?
  129. acl tostoreid url_regex -i ^http.*\.dl\.sourceforge\.net
  130. #acl tostoreid url_regex -i ^http.*(speedtest|espeed).*\/.*\.(jpg|txt)
  131. acl speedtest url_regex -i ^http.*(speedtest|espeed).*\/(latency|upload|random.*)\.(jpg|txt|php)
  132. acl CONNECT method CONNECT
  133. acl getmethod method GET
  134.  
  135. http_access deny !Safe_ports
  136. http_access deny CONNECT !SSL_ports
  137. http_access allow localhost manager
  138. http_access deny manager
  139. http_access allow localnet
  140. http_access allow localhost
  141. http_access deny all
  142.  
  143. request_header_access Range deny !patchpartial
  144. #range_offset_limit 128 KB !patchpartial
  145. range_offset_limit none patchpartial
  146. quick_abort_min 1 KB
  147. quick_abort_max 1 KB
  148. quick_abort_pct 95
  149.  
  150. #request_header_access User-Agent deny yt-modif !iphone !BB !Winphone !Android
  151. ### flash
  152. #request_header_replace User-Agent Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14
  153. ### flash
  154. #request_header_replace User-Agent Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0) Opera 12.14
  155. ###html5
  156. #request_header_replace User-Agent Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
  157. ###html5
  158. #request_header_replace user_Agent Mozilla/5.0 (Windows NT 5.1; rv:35.0) Gecko/20100101 Firefox/35.0
  159. #request_header_replace Mozilla/6.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:2.0.0.0) Gecko/20061028 Firefox/3.0
  160.  
  161. cache deny versipatch
  162. cache deny localhost
  163. ssl_bump splice localhost
  164. #ssl_bump splice sslserver
  165. ssl_bump peek step1 all
  166. ssl_bump bump step2 all
  167. ssl_bump splice step3 all
  168.  
  169.  
  170.  
  171. sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
  172. sslcrtd_children 2000 startup=30 idle=1
  173. sslproxy_capath /etc/squid/ssl_cert
  174. sslproxy_cert_error allow all
  175. sslproxy_flags DONT_VERIFY_PEER
  176. sslproxy_flags NO_SESSION_REUSE
  177. ssl_unclean_shutdown on
  178. sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_ECDH_USE #Jika menggunakan versi setelah squid-3.5.12-20151222-r13967
  179. #sslproxy_options NO_SSLv2,NO_SSLv3
  180. sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
  181.  
  182. #debug_options 11,2 22,3
  183. logfile_rotate 1
  184. #logformat referer %ts.%03tu %>a %{Referer}>h %ru
  185. #logformat referer %ts.%03tu %>a %ru %{Referer}>h
  186. #logformat referer %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt %{Referer}>h %{User-Agent}>h
  187. #access_log /var/log/squid/access.log !CONNECT
  188. #access_log /var/log/squid/connect.log CONNECT
  189. #cache_store_log /var/log/squid/store.log
  190. access_log stdio:/var/log/squid/access.log
  191. netdb_filename none
  192.  
  193.  
  194. #ecap
  195. #yt_quality: tiny = 144px small = 240px medium = 360px large = 480px HD720 = Hd720px
  196. loadable_modules /usr/local/lib/ecap_adapter_modifying.so
  197. ecap_enable on
  198. request_header_access Accept-Encoding deny yt-modif
  199. ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="dash":"0","vq":"medium","enablejsapi"
  200. #ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="dash":"1","vq":"tiny","enablejsapi"
  201. #ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="vq":"small","enablejsapi"
  202. adaptation_access modif allow yt-modif
  203. adaptation_access modif deny all
  204.  
  205. cache deny speedtest
  206. url_rewrite_access allow speedtest
  207. url_rewrite_access deny all
  208. url_rewrite_program /etc/squid/speedtest.pl
  209. redirector_bypass on
  210. cache_peer 10.212.212.212 parent 8033 0 no-digest no-tproxy
  211. dead_peer_timeout 5 seconds
  212. cache_peer_access 10.212.212.212 allow speedtest
  213. cache_peer_access 10.212.212.212 deny all
  214. always_direct deny speedtest
  215. never_direct allow speedtest
  216. url_rewrite_children 2000 startup=30 idle=1
  217.  
  218. store_id_bypass off
  219. store_id_extras "%{Referer}>h"
  220. store_id_program /etc/squid/storeid.pl
  221. store_id_children 2000 startup=30 idle=1
  222. store_id_access deny !getmethod
  223. store_id_access allow tostoreid
  224. store_id_access deny all
  225.  
  226. store_miss deny youtube httptomiss
  227. send_hit deny youtube httptomiss
  228. store_miss deny youtube mimeplain
  229. send_hit deny youtube mimeplain
  230. store_miss deny mimehtml
  231. send_hit deny mimehtml
  232. store_miss deny versipatch
  233. send_hit deny versipatch
  234.  
  235. refresh_pattern -i . 432000 100% 432000 override-expire override-lastmod reload-into-ims refresh-ims ignore-no-store ignore-must-revalidate ignore-private ignore-auth store-stale
  236. max_stale 1 day
  237. ### akhir squid.conf, jangan ditulis ###
  238.  
  239. ### awal storeid.pl , jangan ditulis ###
  240. #!/usr/bin/perl
  241. #
  242. # storeid.pl with debug opt - based on storeurl.pl
  243. # @ http://www2.fh-lausitz.de/launic/comp/misc/squid/projekt_youtube/
  244. # referensi dan terimakasih khususnya pada Mr. Syaifudin JW aka Ucok Karnadi
  245.  
  246. use IO::File;
  247. $|=1;
  248. STDOUT->autoflush(1);
  249. $debug=1; ## recommended:0
  250. $bypassallrules=0; ## recommended:0
  251. $sucks=""; ## unused
  252. $sucks="sucks" if ($debug>=1);
  253. $timenow="";
  254. $printtimenow=1; ## print timenow: 0|1
  255. my $logfile = '/var/log/squid/storeid.log';
  256.  
  257. open my $logfh, '>>', $logfile
  258. or die "Couldn't open $logfile for appending: $!\n" if $debug;
  259. $logfh->autoflush(1) if $debug;
  260.  
  261. while (<>) {
  262. $timenow=time()." " if ($printtimenow);
  263. print $logfh "$timenow"."in : input=$_" if ($debug>=1);
  264.  
  265. @X = split;
  266. if ($X[0] =~ m/^http.*/) {
  267. $url = $X[0];
  268. $referer = $X[1];
  269. $urlreferer = $X[0] ." ". $X[1];
  270. } else {
  271. $chanel = $X[0];
  272. $url = $X[1];
  273. $referer = $X[2];
  274. $urlreferer = $X[1] ." ". $X[2];
  275. }
  276.  
  277.  
  278.  
  279.  
  280. if ($bypassallrules){
  281. $out="$url"; ## map 1:1
  282.  
  283. #youtube googlevideo
  284. } elsif ($url =~ m/^https?\:\/\/.*google.*video(playback|goodput).*/){
  285. @cpn = m/[=%&?\/]cpn[=%&?\/]([^\&\s]*)/;
  286. @id = m/[=%&?\/]id[=%&?\/]([^\&\s]*)/;
  287. @itag = m/[=%&?\/]itag[=%&?\/]([\d]*)/;
  288. @range = m/[=%&?\/]range[=%&?\/]([\d]*-[\d]*)/;
  289. @mime = m/[=%&?\/]mime[=%&?\/]([^\&\s]*)/;
  290. if ($referer =~ m/^https?\:\/\/www\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]([^\&\s\?]*)/){
  291. @id = $2;
  292. } else {
  293. if (defined(@cpn[0])){
  294. if (-e "/tmp/@cpn"){
  295. open FILE, "/tmp/@cpn";
  296. @id = <FILE>;
  297. close FILE;
  298. }
  299. }
  300. }
  301. $out="OK store-id=http://squid/google/video/id=@id/itag=@itag/mime=@mime/range=@range";
  302.  
  303. #youtube parameter
  304. } elsif (
  305. ($url =~ m/^https?\:\/\/.*youtube.*(stream_204|watchtime|qoe|atr|csi_204|playback).*[=%&?\/]docid[=%&?\/]([^\&\s]*)/) ||
  306. ($url =~ m/^https?\:\/\/.*youtube.*(ptracking|set_awesome).*[=%&?\/]video_id[=%&?\/]([^\&\s]*)/) ||
  307. ($url =~ m/^https?\:\/\/.*youtube.*(player_204).*[=%&?\/]v[=%&?\/]([^\&\s]*)/)
  308. ){
  309. @id = $2;
  310. @cpn = m/[=%&?\/]cpn[=%&?\/]([^\&\s]*)/;
  311. if ($referer !~ m/^https?\:\/\/www\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]([^\&\s\?]*)/){
  312. unless (-e "/tmp/@cpn"){
  313. open FILE, ">/tmp/@cpn";
  314. print FILE @id;
  315. close FILE;
  316. }
  317. }
  318. $out = "ERR";
  319.  
  320. #utmgif
  321. } elsif ($url =~ m/^https?\:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) {
  322. $out="OK store-id=http://squid/google-analytics/__utm.gif";
  323.  
  324. #fbcdn.net or akamaihd.net video range
  325. } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/([\w-]+\.[\w]{2,4}).*(bytestart[=%&?\/][\d]+[&\/]byteend[=%&?\/][\d]+)/) {
  326. $out="OK store-id=http://squid/$1/$2/$3";
  327.  
  328. #fbcdn.net or akamaihd.net with size
  329. } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/([a-zA-Z][\d]+[x][\d]+\/[\w-]+\.[\w]{2,4})($|\?)/) {
  330. $out="OK store-id=http://squid/$1/$2";
  331.  
  332. #fbcdn.net or akamaihd.net safe_image.php
  333. } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/safe_image\.php\?(.*)/) {
  334. $out="OK store-id=http://squid/$1/$2";
  335.  
  336. #reverbnation
  337. } elsif ($url =~ m/^https?\:\/\/c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/(.*)\?.*/) {
  338. $out="OK store-id=http://squid/reverbnation/$1";
  339.  
  340. #playstore
  341. } elsif ($url =~ m/^https?\:\/\/.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/(.*\/.*)\?.*/) {
  342. $out="OK store-id=http://squid/android/market/$1";
  343.  
  344.  
  345. #filehost
  346. } elsif ($url =~ m/^https?\:\/\/.*datafilehost.*\/get\.php.*file\=(.*)/) {
  347. $out="OK store-id=http://squid/datafilehost/$1";
  348.  
  349.  
  350. #speedtest
  351. } elsif ($url =~ m/^https?\:\/\/.*(speedtest|espeed).*\/(.*\.(txt|jpg)).*/) {
  352. $out="OK store-id=http://squid/speedtest/$2";
  353.  
  354.  
  355. #filehippo
  356. } elsif ($url =~ m/^https?\:\/\/.*\.filehippo\.com\/.*\/([\w-]+\.[\w]{2,4})\?.*/) {
  357. $out="OK store-id=http://squid/filehippo/$1";
  358.  
  359.  
  360. #4shared preview.mp3
  361. } elsif ($url =~ m/^https?\:\/\/.*\.4shared\.com\/.*\/(.*\/.*)\/dlink.*preview.mp3/) {
  362. $out="OK store-id=http://squid/4shared/preview/$1";
  363.  
  364. #4shared
  365. } elsif ($url =~ m/^https?\:\/\/.*\.4shared\.com\/download\/(.*\/.*)\?tsid.*/) {
  366. $out="OK store-id=http://squid/4shared/download/$1";
  367.  
  368. #savefile-animeindo.tv
  369. } elsif ($url =~ m/^https?:\/\/www\.savefile\.co\:182\/.*\/(.*\.(mp4|flv|3gp)).*/) {
  370. $out="OK store-id=http://squid/savefile:182/$1";
  371.  
  372. #imdb
  373. } elsif ($url =~ m/^https?\:\/\/video\-http\.media\-imdb\.com\/(.*\.mp4)\?.*/) {
  374. $out="OK store-id=http://squid/imdb/$1";
  375.  
  376. #sourceforge
  377. } elsif ($url =~ m/^https?\:\/\/.*\.dl\.sourceforge\.net\/([\w-]+\.[\w]{2,3})/) {
  378. $out="OK store-id=http://squid/sourceforge/$1";
  379.  
  380.  
  381. #steampowered dota 2
  382. #} elsif ($url =~ m/^https?\:\/\/.*(steam(powered|content).*\/(client|depot)\/[\d]+\/(chunk|manifest)\/[^\?\s]*).*/) {
  383. # $out="OK store-id=http://squid/$1";
  384.  
  385. #steampowered dota 2
  386. } elsif ($url =~ m/^https?\:\/\/.*steam(powered|content).*\/((client|depot)\/[\d]+\/(chunk|manifest)\/[^\?\s]*).*/) {
  387. $out="OK store-id=http://squid/steam/content-powered/$2";
  388.  
  389. } else {
  390. $out="ERR";
  391. }
  392.  
  393. if ($X[0] =~ m/^http.*/) {
  394. print $logfh "$timenow"."in : url=$urlreferer\n" if ($debug>=1);
  395. print $logfh "$timenow"."out: $out\n" if ($debug>=1);
  396. print $logfh "\n" if ($debug>=1);
  397. print "$out\n";
  398. } else {
  399. print $logfh "$timenow"."in : chanel=$chanel url=$urlreferer\n" if ($debug>=1);
  400. print $logfh "$timenow"."out: chanel=$chanel $out\n" if ($debug>=1);
  401. print $logfh "\n" if ($debug>=1);
  402. print "$chanel $out\n";
  403. }
  404. }
  405. close $logfh if ($debug);
  406. #### akhir script storeid.pl, jangan ditulis ###
  407.  
  408. ### awal speedtest.pl, jangan ditulis ###
  409. #!/usr/bin/perl
  410.  
  411. $|=1;
  412. while (<>) {
  413. @X = split;
  414. if ($X[0] =~ m/^http.*/) {
  415. $url = $X[0];
  416. $referer = $X[1];
  417. $urlreferer = $X[0] ." ". $X[1];
  418. } else {
  419. $chanel = $X[0];
  420. $url = $X[1];
  421. $referer = $X[2];
  422. $urlreferer = $X[1] ." ". $X[2];
  423. }
  424.  
  425. if ($url=~ m/^https?\:\/\/.*(speedtest|espeed).*\/((latency|upload|random.*)\.(jpg|txt|php))/) {
  426. $out="OK rewrite-url=http://10.212.212.212:8033/speedtest/$2";
  427. } else {
  428. $out="ERR";
  429. }
  430.  
  431. if ($X[0] =~ m/^http.*/) {
  432. print "$out\n";
  433. } else {
  434. print "$chanel $out\n";
  435. }
  436. }
  437. ### akhir speedtest.pl, jangan ditulis ###
  438.  
  439. chmod +x /etc/squid/squid.conf
  440. chmod +x /etc/squid/storeid.pl
  441. chmod +x /etc/squid/speedtest.pl
  442. squid -zN
  443. wget --no-check-certificate -O /etc/init.d/squid https://gist.githubusercontent.com/e7d/1f784339df82c57a43bf/raw/squid.sh
  444. chmod +x /etc/init.d/squid
  445. update-rc.d squid defaults
  446. service squid start
  447. ### edit isi /etc/rc.local, tambahkan baris berikut :
  448. ### awal penambahan di rc.local, jangan ditulis ###
  449. iptables -t mangle -N DIVERT
  450. iptables -t mangle -A DIVERT -j MARK --set-mark 1
  451. iptables -t mangle -A DIVERT -j ACCEPT
  452. iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
  453. iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
  454. iptables -t mangle -A PREROUTING -p tcp --dport 8080 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
  455. iptables -t mangle -A PREROUTING -p tcp --dport 8777 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
  456. iptables -t mangle -A PREROUTING -p tcp --dport 182 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
  457. iptables -t mangle -A PREROUTING -p tcp --dport 5050 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
  458. iptables -t mangle -A PREROUTING -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3127
  459. ip rule add fwmark 1 lookup 212
  460. ip route add local 0.0.0.0/0 dev lo table 212
  461.  
  462. #intercept
  463. #iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3129
  464. #iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3127
  465. ### akhir penambahan rc.local, jangan ditulis ###
  466.  
  467. reboot
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement