tutor install squid 3.5.xxx di ubuntu

1. apt-get update
2. apt-get install build-essential devscripts libcppunit-dev openssl libssl-dev libcap-dev libsasl2-dev ccze pkg-config libkrb5-dev apache2 php5 -y
3. ### install pake ecap seperti http://pastebin.com/G8sUCy6h
4. cd
5. wget http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.20-20160724-r14069.tar.gz
6. tar xzvf squid-3.5.20-20160724-r14069.tar.gz
7. wget -O squid_forgery.patch http://www.squid-cache.org/mail-archive/squid-users/201404/att-0240/squid_forgery.patch.txt
8. cd squid-3.5.20-20160724-r14069
9. patch -p0 <../squid_forgery.patch
10. ### configure squid http://pastebin.com/YJxDf02h
11. make
12. make install
13. chown -R nobody /var/log/squid
14. chown -R nobody /cache
15. mkdir -p /etc/squid/ssl_cert
16. openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout /etc/squid/ssl_cert/warnet.pem -out /etc/squid/ssl_cert/warnet.pem -subj "/C=ID/ST=Jawa Tengah/L=Semarang/O=TSI/CN=Terapi Squid Indonesia"
17. openssl x509 -in /etc/squid/ssl_cert/warnet.pem -outform DER -out /etc/squid/ssl_cert/warnet.der
18. openssl x509 -in /etc/squid/ssl_cert/warnet.pem -outform DER -out /etc/squid/ssl_cert/warnet.crt
19. /usr/lib/squid/ssl_crtd -c -s /var/lib/ssl_db
20. chown -R nobody /var/lib/ssl_db
21.  
22. ### awal squid.conf, jangan ditulis ###
23. # Recommended minimum configuration:
24. # sesuaikan ukuran cache
25. # sesuaikan ip address
26. # script squid.conf untuk non-range 360p
27.  
28. # Example rule allowing access from your local networks.
29. # Adapt to list your (internal) IP networks from where browsing
30. # should be allowed
31. dns_v4_first on
32. reply_header_access Alternate-Protocol deny all
33. reply_header_access Alt-Svc deny all
34.  
35. #cache_dir aufs /cache 700000 16 256
36. cache_dir aufs /cache 360000 1 1
37. cache_mem 8 MB
38. coredump_dir /var/log/squid
39.  
40. cache_swap_low 80
41. cache_swap_high 85
42. cache_replacement_policy heap LFUDA
43. memory_replacement_policy heap GDSF
44.  
45. maximum_object_size 4096000 KB
46. maximum_object_size_in_memory 0 KB
47. request_body_max_size 0 KB
48. refresh_all_ims on
49. reload_into_ims on
50.  
51. cache_mgr [email protected]
52. visible_hostname cespun-proxy
53. strip_query_terms off
54. httpd_suppress_version_string on
55. log_mime_hdrs off
56. forwarded_for off
57. via off
58.  
59. request_header_access X-Forwarded-For deny all
60. reply_header_access X-Forwarded-For deny all
61. request_header_access Via deny all
62. reply_header_access Via deny all
63. max_filedescriptors 65536
64.  
65. cache_swap_high 98
66. cache_swap_low 95
67. fqdncache_size 4096
68. ipcache_size 4096
69. dns_nameservers 208.67.222.222 208.67.220.220
70.  
71. http_port 3128
72. #http_port 3127 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
73. #http_port 3129 intercept
74. #https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
75. http_port 3129 tproxy
76. https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
77.  
78. qos_flows local-hit=0x30
79.  
80. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
81. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
82. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
83. acl localnet src fc00::/7 # RFC 4193 local private network range
84. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
85. acl SSL_ports port 443
86. acl Safe_ports port 80 # http
87. acl Safe_ports port 182 # http
88. acl Safe_ports port 21 # ftp
89. acl Safe_ports port 443 # https
90. acl Safe_ports port 70 # gopher
91. acl Safe_ports port 210 # wais
92. acl Safe_ports port 1025-65535 # unregistered ports
93. acl Safe_ports port 280 # http-mgmt
94. acl Safe_ports port 488 # gss-http
95. acl Safe_ports port 591 # filemaker
96. acl Safe_ports port 777 # multiling http
97.  
98. acl step1 at_step SslBump1
99. acl step2 at_step SslBump2
100. acl step3 at_step SslBump3
101. #acl sslserver ssl::server_name_regex -i "/etc/squid/bypass.txt"
102. #acl iphone browser -i regexp (iPhone|iPad)
103. #acl BB browser -i regexp (BlackBerry|PlayBook)
104. #acl Winphone browser -i regexp (Windows.*Phone|Trident|IEMobile)
105. #acl Android browser -i regexp Android
106. acl yt-modif url_regex -i ^https?\:\/\/www\.youtube\.com\/(watch\?v|embed|v)
107. acl youtube url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
108. acl versipatch url_regex -i ^http.*(update|patch).*versi
109. acl versipatch url_regex -i ^http.*versi.*(update|patch)
110. acl versipatch url_regex -i ^http.*(antihack|xigncode|gameguard)
111. #acl patchpartial url_regex -i ^http.*(garena|gemscool|netmarble|valve|dota|winnerinter|lytogame|megaxus).*patch
112. #acl patchpartial url_regex -i ^http.*patch.*(garena|gemscool|netmarble|valve|dota|winnerinter|lytogame|megaxus)
113. acl patchpartial url_regex -i ^http.*patch.*garena
114. acl patchpartial url_regex -i ^http.*garena.*patch
115. acl httptomiss http_status 302
116. acl mimehtml rep_mime_type -i mime-type ^text/html
117. acl mimeplain rep_mime_type -i mime-type ^text/plain
118. acl tostoreid url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
119. acl tostoreid url_regex -i ^http.*(fbcdn|akamaihd)
120. acl tostoreid url_regex -i ^http.*c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/.*\?
121. acl tostoreid url_regex -i ^http.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/.*\/.*\?
122. acl tostoreid url_regex -i ^http.*datafilehost.*\/get\.php.*file\=.*
123. acl tostoreid url_regex -i ^http.*\.filehippo\.com\/.*\?
124. acl tostoreid url_regex -i ^http.*\.4shared\.com\/.*\/.*\/.*\/dlink.*preview.mp3
125. acl tostoreid url_regex -i ^http.*\.4shared\.com\/download\/.*\/.*\?tsid
126. acl tostoreid url_regex -i ^http.*steam(powered|content)
127. acl tostoreid url_regex -i ^http.*savefile\.co\:182\/.*\/.*\.(mp4|flv|3gp)
128. acl tostoreid url_regex -i ^http.*video\-http\.media\-imdb\.com\/.*\.mp4\?
129. acl tostoreid url_regex -i ^http.*\.dl\.sourceforge\.net
130. #acl tostoreid url_regex -i ^http.*(speedtest|espeed).*\/.*\.(jpg|txt)
131. acl speedtest url_regex -i ^http.*(speedtest|espeed).*\/(latency|upload|random.*)\.(jpg|txt|php)
132. acl CONNECT method CONNECT
133. acl getmethod method GET
134.  
135. http_access deny !Safe_ports
136. http_access deny CONNECT !SSL_ports
137. http_access allow localhost manager
138. http_access deny manager
139. http_access allow localnet
140. http_access allow localhost
141. http_access deny all
142.  
143. request_header_access Range deny !patchpartial
144. #range_offset_limit 128 KB !patchpartial
145. range_offset_limit none patchpartial
146. quick_abort_min 1 KB
147. quick_abort_max 1 KB
148. quick_abort_pct 95
149.  
150. #request_header_access User-Agent deny yt-modif !iphone !BB !Winphone !Android
151. ### flash
152. #request_header_replace User-Agent Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14
153. ### flash
154. #request_header_replace User-Agent Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0) Opera 12.14
155. ###html5
156. #request_header_replace User-Agent Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
157. ###html5
158. #request_header_replace user_Agent Mozilla/5.0 (Windows NT 5.1; rv:35.0) Gecko/20100101 Firefox/35.0
159. #request_header_replace Mozilla/6.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:2.0.0.0) Gecko/20061028 Firefox/3.0
160.  
161. cache deny versipatch
162. cache deny localhost
163. ssl_bump splice localhost
164. #ssl_bump splice sslserver
165. ssl_bump peek step1 all
166. ssl_bump bump step2 all
167. ssl_bump splice step3 all
168.  
169.  
170.  
171. sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
172. sslcrtd_children 2000 startup=30 idle=1
173. sslproxy_capath /etc/squid/ssl_cert
174. sslproxy_cert_error allow all
175. sslproxy_flags DONT_VERIFY_PEER
176. sslproxy_flags NO_SESSION_REUSE
177. ssl_unclean_shutdown on
178. sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_ECDH_USE #Jika menggunakan versi setelah squid-3.5.12-20151222-r13967
179. #sslproxy_options NO_SSLv2,NO_SSLv3
180. sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
181.  
182. #debug_options 11,2 22,3
183. logfile_rotate 1
184. #logformat referer %ts.%03tu %>a %{Referer}>h %ru
185. #logformat referer %ts.%03tu %>a %ru %{Referer}>h
186. #logformat referer %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt %{Referer}>h %{User-Agent}>h
187. #access_log /var/log/squid/access.log !CONNECT
188. #access_log /var/log/squid/connect.log CONNECT
189. #cache_store_log /var/log/squid/store.log
190. access_log stdio:/var/log/squid/access.log
191. netdb_filename none
192.  
193.  
194. #ecap
195. #yt_quality: tiny = 144px small = 240px medium = 360px large = 480px HD720 = Hd720px
196. loadable_modules /usr/local/lib/ecap_adapter_modifying.so
197. ecap_enable on
198. request_header_access Accept-Encoding deny yt-modif
199. ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="dash":"0","vq":"medium","enablejsapi"
200. #ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="dash":"1","vq":"tiny","enablejsapi"
201. #ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="vq":"small","enablejsapi"
202. adaptation_access modif allow yt-modif
203. adaptation_access modif deny all
204.  
205. cache deny speedtest
206. url_rewrite_access allow speedtest
207. url_rewrite_access deny all
208. url_rewrite_program /etc/squid/speedtest.pl
209. redirector_bypass on
210. cache_peer 10.212.212.212 parent 8033 0 no-digest no-tproxy
211. dead_peer_timeout 5 seconds
212. cache_peer_access 10.212.212.212 allow speedtest
213. cache_peer_access 10.212.212.212 deny all
214. always_direct deny speedtest
215. never_direct allow speedtest
216. url_rewrite_children 2000 startup=30 idle=1
217.  
218. store_id_bypass off
219. store_id_extras "%{Referer}>h"
220. store_id_program /etc/squid/storeid.pl
221. store_id_children 2000 startup=30 idle=1
222. store_id_access deny !getmethod
223. store_id_access allow tostoreid
224. store_id_access deny all
225.  
226. store_miss deny youtube httptomiss
227. send_hit deny youtube httptomiss
228. store_miss deny youtube mimeplain
229. send_hit deny youtube mimeplain
230. store_miss deny mimehtml
231. send_hit deny mimehtml
232. store_miss deny versipatch
233. send_hit deny versipatch
234.  
235. refresh_pattern -i . 432000 100% 432000 override-expire override-lastmod reload-into-ims refresh-ims ignore-no-store ignore-must-revalidate ignore-private ignore-auth store-stale
236. max_stale 1 day
237. ### akhir squid.conf, jangan ditulis ###
238.  
239. ### awal storeid.pl , jangan ditulis ###
240. #!/usr/bin/perl
241. #
242. # storeid.pl with debug opt - based on storeurl.pl
243. # @ http://www2.fh-lausitz.de/launic/comp/misc/squid/projekt_youtube/
244. # referensi dan terimakasih khususnya pada Mr. Syaifudin JW aka Ucok Karnadi
245.  
246. use IO::File;
247. $|=1;
248. STDOUT->autoflush(1);
249. $debug=1; ## recommended:0
250. $bypassallrules=0; ## recommended:0
251. $sucks=""; ## unused
252. $sucks="sucks" if ($debug>=1);
253. $timenow="";
254. $printtimenow=1; ## print timenow: 0|1
255. my $logfile = '/var/log/squid/storeid.log';
256.  
257. open my $logfh, '>>', $logfile
258. or die "Couldn't open $logfile for appending: $!\n" if $debug;
259. $logfh->autoflush(1) if $debug;
260.  
261. while (<>) {
262. $timenow=time()." " if ($printtimenow);
263. print $logfh "$timenow"."in : input=$_" if ($debug>=1);
264.  
265. @X = split;
266. if ($X[0] =~ m/^http.*/) {
267. $url = $X[0];
268. $referer = $X[1];
269. $urlreferer = $X[0] ." ". $X[1];
270. } else {
271. $chanel = $X[0];
272. $url = $X[1];
273. $referer = $X[2];
274. $urlreferer = $X[1] ." ". $X[2];
275. }
276.  
277.  
278.  
279.  
280. if ($bypassallrules){
281. $out="$url"; ## map 1:1
282.  
283. #youtube googlevideo
284. } elsif ($url =~ m/^https?\:\/\/.*google.*video(playback|goodput).*/){
285. @cpn = m/[=%&?\/]cpn[=%&?\/]([^\&\s]*)/;
286. @id = m/[=%&?\/]id[=%&?\/]([^\&\s]*)/;
287. @itag = m/[=%&?\/]itag[=%&?\/]([\d]*)/;
288. @range = m/[=%&?\/]range[=%&?\/]([\d]*-[\d]*)/;
289. @mime = m/[=%&?\/]mime[=%&?\/]([^\&\s]*)/;
290. if ($referer =~ m/^https?\:\/\/www\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]([^\&\s\?]*)/){
291. @id = $2;
292. } else {
293. if (defined(@cpn[0])){
294. if (-e "/tmp/@cpn"){
295. open FILE, "/tmp/@cpn";
296. @id = <FILE>;
297. close FILE;
298. }
299. }
300. }
301. $out="OK store-id=http://squid/google/video/id=@id/itag=@itag/mime=@mime/range=@range";
302.  
303. #youtube parameter
304. } elsif (
305. ($url =~ m/^https?\:\/\/.*youtube.*(stream_204|watchtime|qoe|atr|csi_204|playback).*[=%&?\/]docid[=%&?\/]([^\&\s]*)/) ||
306. ($url =~ m/^https?\:\/\/.*youtube.*(ptracking|set_awesome).*[=%&?\/]video_id[=%&?\/]([^\&\s]*)/) ||
307. ($url =~ m/^https?\:\/\/.*youtube.*(player_204).*[=%&?\/]v[=%&?\/]([^\&\s]*)/)
308. ){
309. @id = $2;
310. @cpn = m/[=%&?\/]cpn[=%&?\/]([^\&\s]*)/;
311. if ($referer !~ m/^https?\:\/\/www\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]([^\&\s\?]*)/){
312. unless (-e "/tmp/@cpn"){
313. open FILE, ">/tmp/@cpn";
314. print FILE @id;
315. close FILE;
316. }
317. }
318. $out = "ERR";
319.  
320. #utmgif
321. } elsif ($url =~ m/^https?\:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) {
322. $out="OK store-id=http://squid/google-analytics/__utm.gif";
323.  
324. #fbcdn.net or akamaihd.net video range
325. } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/([\w-]+\.[\w]{2,4}).*(bytestart[=%&?\/][\d]+[&\/]byteend[=%&?\/][\d]+)/) {
326. $out="OK store-id=http://squid/$1/$2/$3";
327.  
328. #fbcdn.net or akamaihd.net with size
329. } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/([a-zA-Z][\d]+[x][\d]+\/[\w-]+\.[\w]{2,4})($|\?)/) {
330. $out="OK store-id=http://squid/$1/$2";
331.  
332. #fbcdn.net or akamaihd.net safe_image.php
333. } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/safe_image\.php\?(.*)/) {
334. $out="OK store-id=http://squid/$1/$2";
335.  
336. #reverbnation
337. } elsif ($url =~ m/^https?\:\/\/c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/(.*)\?.*/) {
338. $out="OK store-id=http://squid/reverbnation/$1";
339.  
340. #playstore
341. } elsif ($url =~ m/^https?\:\/\/.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/(.*\/.*)\?.*/) {
342. $out="OK store-id=http://squid/android/market/$1";
343.  
344.  
345. #filehost
346. } elsif ($url =~ m/^https?\:\/\/.*datafilehost.*\/get\.php.*file\=(.*)/) {
347. $out="OK store-id=http://squid/datafilehost/$1";
348.  
349.  
350. #speedtest
351. } elsif ($url =~ m/^https?\:\/\/.*(speedtest|espeed).*\/(.*\.(txt|jpg)).*/) {
352. $out="OK store-id=http://squid/speedtest/$2";
353.  
354.  
355. #filehippo
356. } elsif ($url =~ m/^https?\:\/\/.*\.filehippo\.com\/.*\/([\w-]+\.[\w]{2,4})\?.*/) {
357. $out="OK store-id=http://squid/filehippo/$1";
358.  
359.  
360. #4shared preview.mp3
361. } elsif ($url =~ m/^https?\:\/\/.*\.4shared\.com\/.*\/(.*\/.*)\/dlink.*preview.mp3/) {
362. $out="OK store-id=http://squid/4shared/preview/$1";
363.  
364. #4shared
365. } elsif ($url =~ m/^https?\:\/\/.*\.4shared\.com\/download\/(.*\/.*)\?tsid.*/) {
366. $out="OK store-id=http://squid/4shared/download/$1";
367.  
368. #savefile-animeindo.tv
369. } elsif ($url =~ m/^https?:\/\/www\.savefile\.co\:182\/.*\/(.*\.(mp4|flv|3gp)).*/) {
370. $out="OK store-id=http://squid/savefile:182/$1";
371.  
372. #imdb
373. } elsif ($url =~ m/^https?\:\/\/video\-http\.media\-imdb\.com\/(.*\.mp4)\?.*/) {
374. $out="OK store-id=http://squid/imdb/$1";
375.  
376. #sourceforge
377. } elsif ($url =~ m/^https?\:\/\/.*\.dl\.sourceforge\.net\/([\w-]+\.[\w]{2,3})/) {
378. $out="OK store-id=http://squid/sourceforge/$1";
379.  
380.  
381. #steampowered dota 2
382. #} elsif ($url =~ m/^https?\:\/\/.*(steam(powered|content).*\/(client|depot)\/[\d]+\/(chunk|manifest)\/[^\?\s]*).*/) {
383. # $out="OK store-id=http://squid/$1";
384.  
385. #steampowered dota 2
386. } elsif ($url =~ m/^https?\:\/\/.*steam(powered|content).*\/((client|depot)\/[\d]+\/(chunk|manifest)\/[^\?\s]*).*/) {
387. $out="OK store-id=http://squid/steam/content-powered/$2";
388.  
389. } else {
390. $out="ERR";
391. }
392.  
393. if ($X[0] =~ m/^http.*/) {
394. print $logfh "$timenow"."in : url=$urlreferer\n" if ($debug>=1);
395. print $logfh "$timenow"."out: $out\n" if ($debug>=1);
396. print $logfh "\n" if ($debug>=1);
397. print "$out\n";
398. } else {
399. print $logfh "$timenow"."in : chanel=$chanel url=$urlreferer\n" if ($debug>=1);
400. print $logfh "$timenow"."out: chanel=$chanel $out\n" if ($debug>=1);
401. print $logfh "\n" if ($debug>=1);
402. print "$chanel $out\n";
403. }
404. }
405. close $logfh if ($debug);
406. #### akhir script storeid.pl, jangan ditulis ###
407.  
408. ### awal speedtest.pl, jangan ditulis ###
409. #!/usr/bin/perl
410.  
411. $|=1;
412. while (<>) {
413. @X = split;
414. if ($X[0] =~ m/^http.*/) {
415. $url = $X[0];
416. $referer = $X[1];
417. $urlreferer = $X[0] ." ". $X[1];
418. } else {
419. $chanel = $X[0];
420. $url = $X[1];
421. $referer = $X[2];
422. $urlreferer = $X[1] ." ". $X[2];
423. }
424.  
425. if ($url=~ m/^https?\:\/\/.*(speedtest|espeed).*\/((latency|upload|random.*)\.(jpg|txt|php))/) {
426. $out="OK rewrite-url=http://10.212.212.212:8033/speedtest/$2";
427. } else {
428. $out="ERR";
429. }
430.  
431. if ($X[0] =~ m/^http.*/) {
432. print "$out\n";
433. } else {
434. print "$chanel $out\n";
435. }
436. }
437. ### akhir speedtest.pl, jangan ditulis ###
438.  
439. chmod +x /etc/squid/squid.conf
440. chmod +x /etc/squid/storeid.pl
441. chmod +x /etc/squid/speedtest.pl
442. squid -zN
443. wget --no-check-certificate -O /etc/init.d/squid https://gist.githubusercontent.com/e7d/1f784339df82c57a43bf/raw/squid.sh
444. chmod +x /etc/init.d/squid
445. update-rc.d squid defaults
446. service squid start
447. ### edit isi /etc/rc.local, tambahkan baris berikut :
448. ### awal penambahan di rc.local, jangan ditulis ###
449. iptables -t mangle -N DIVERT
450. iptables -t mangle -A DIVERT -j MARK --set-mark 1
451. iptables -t mangle -A DIVERT -j ACCEPT
452. iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
453. iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
454. iptables -t mangle -A PREROUTING -p tcp --dport 8080 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
455. iptables -t mangle -A PREROUTING -p tcp --dport 8777 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
456. iptables -t mangle -A PREROUTING -p tcp --dport 182 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
457. iptables -t mangle -A PREROUTING -p tcp --dport 5050 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
458. iptables -t mangle -A PREROUTING -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3127
459. ip rule add fwmark 1 lookup 212
460. ip route add local 0.0.0.0/0 dev lo table 212
461.  
462. #intercept
463. #iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3129
464. #iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3127
465. ### akhir penambahan rc.local, jangan ditulis ###
466.  
467. reboot