API tools faq
paste
Advertisement
sukriborneo

auto-install-squid

sukriborneo
Nov 5th, 2017
966
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.20 KB | None | 0 0
raw download clone embed print report diff
  1. #!/bin/bash
  2. wget -O /etc/apt/sources.list http://pastebin.com/raw/B9atBpyw
  3. apt-get update
  4. apt-get install build-essential devscripts libcppunit-dev openssl libssl-dev libcap-dev libsasl2-dev ccze pkg-config libkrb5-dev php5 apache2 -y
  5. wget -O /etc/apache2/ports.conf http://pastebin.com/raw/4pvrFczN
  6. # apabila belum memiliki folder cache, lalukan mkdir -p /cache , bila sudah memiliki folder cache, abaikan saja
  7. mkdir -p /cache
  8. chmod -R 777 /cache
  9. cd /var/www
  10. mkdir id
  11. mkdir flash
  12. wget http://c.speedtest.net/mini/mini.zip
  13. unzip mini.zip
  14. cp -arv mini/speedtest /var/www
  15. wget -O /var/www/flash/speedtest.swf http://c.speedtest.net/flash/speedtest.swf
  16. wget -O /var/www/flash/speedtest-long.swf http://c.speedtest.net/flash/speedtest-long.swf
  17. wget -O /var/www/speedtest-config.php http://www.speedtest.net/speedtest-config.php
  18. wget -O /var/www/ipaddress.php http://api.ookla.com/ipaddress.php
  19. wget -O /var/www/id/speedtest-config.php http://www.speedtest.net/id/speedtest-config.php
  20. cd
  21. wget http://www.measurement-factory.com/tmp/ecap/libecap-1.0.0.tar.gz
  22. tar xvf libecap-1.0.0.tar.gz
  23. cd libecap-1.0.0
  24. ./configure && make && make install
  25. echo '/usr/local/lib' >> /etc/ld.so.conf
  26. ldconfig
  27. cd
  28. wget http://www.measurement-factory.com/tmp/ecap/ecap_adapter_sample-1.0.0.tar.gz
  29. tar xzvf ecap_adapter_sample-1.0.0.tar.gz
  30. wget -O /root/ecap_adapter_sample-1.0.0/src/adapter_async.cc http://pastebin.com/raw/2iaykJAw
  31. cd ecap_adapter_sample-1.0.0
  32. ./configure && make && make install
  33. cd
  34. wget http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.20.tar.gz
  35. tar xzvf squid-3.5.20.tar.gz
  36. wget -O squid_forgery.patch http://pastebin.com/raw/cs6fKaAh
  37. cd squid-3.5.20
  38. patch -p0 <../squid_forgery.patch
  39. ./configure --prefix=/usr \
  40. --bindir=/usr/bin \
  41. --sbindir=/usr/sbin \
  42. --libexecdir=/usr/lib/squid \
  43. --sysconfdir=/etc/squid \
  44. --localstatedir=/var \
  45. --libdir=/usr/lib \
  46. --includedir=/usr/include \
  47. --datadir=/usr/share/squid \
  48. --mandir=/usr/share/man \
  49. --enable-storeio=ufs,aufs,diskd,rock \
  50. --enable-removal-policies=lru,heap \
  51. --enable-stacktrace \
  52. --enable-zph=qos \
  53. --enable-ecap \
  54. --enable-icap-client \
  55. --enable-wccp \
  56. --enable-wccpv2 \
  57. --enable-linux-netfilter \
  58. --disable-ident-lookup \
  59. --disable-auth \
  60. --disable-auth-basic \
  61. --disable-auth-digest \
  62. --disable-auth-negotiate \
  63. --disable-auth-ntlm \
  64. --disable-url-rewriter-helpers \
  65. --disable-storeid-rewrite-helpers \
  66. --with-logdir=/var/log/squid \
  67. --with-pid-file=/var/run/squid.pid \
  68. --with-swap-dir=/cache \
  69. --enable-large-cache-files \
  70. --with-large-files \
  71. --with-openssl
  72. make
  73. make install
  74. cd
  75. chown -R nobody /var/log/squid
  76. chown -R nobody /cache
  77. mkdir -p /etc/squid/ssl_cert
  78. openssl req -new -newkey rsa:2048 -sha256 -days 3652 -nodes -x509 -keyout /etc/squid/ssl_cert/proxy.pem -out /etc/squid/ssl_cert/proxy.pem -subj "/C=ID/ST=Jawa Tengah/L=Semarang/O=TSI/CN=Terapi Squid Indonesia"
  79. openssl x509 -in /etc/squid/ssl_cert/proxy.pem -outform DER -out /etc/squid/ssl_cert/proxy.der
  80. openssl x509 -in /etc/squid/ssl_cert/proxy.pem -outform DER -out /etc/squid/ssl_cert/proxy.crt
  81. cp -arv /etc/squid/ssl_cert /var/www
  82. echo '#
  83. dns_v4_first on
  84. reply_header_access Alternate-Protocol deny all
  85. reply_header_access Alt-Svc deny all
  86. refresh_all_ims on
  87. reload_into_ims on
  88.  
  89. #asumsi sisa hardisk 900Gban
  90. #(720000000/256/256)*2
  91. cache_dir aufs /cache 720000 21980 256
  92. cache_mem 2 MB
  93. cache_swap_high 95
  94. cache_swap_low 90
  95.  
  96. cache_replacement_policy heap LFUDA
  97. memory_replacement_policy heap GDSF
  98.  
  99. maximum_object_size 4096000 KB
  100. maximum_object_size_in_memory 0 KB
  101.  
  102. cache_mgr [email protected]
  103. visible_hostname cespun-proxy
  104. strip_query_terms off
  105. httpd_suppress_version_string on
  106. log_mime_hdrs off
  107. forwarded_for off
  108. via off
  109.  
  110. coredump_dir /var/log/squid
  111. logfile_rotate 1
  112.  
  113. max_filedescriptors 65536
  114.  
  115. fqdncache_size 4096
  116. ipcache_size 4096
  117. ipcache_high 95
  118. ipcache_low 90
  119.  
  120. http_port 3128
  121. http_port 3129 tproxy
  122. #https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
  123. https_port 3127 tproxy ssl-bump generate-host-certificates=on cert=/etc/squid/ssl_cert/warnet.pem
  124.  
  125. qos_flows local-hit=0x30
  126.  
  127. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
  128. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
  129. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
  130. acl localnet src fc00::/7 # RFC 4193 local private network range
  131. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
  132. acl SSL_ports port 443
  133. acl Safe_ports port 80 # http
  134. acl Safe_ports port 182 # http
  135. acl Safe_ports port 21 # ftp
  136. acl Safe_ports port 443 # https
  137. acl Safe_ports port 70 # gopher
  138. acl Safe_ports port 210 # wais
  139. acl Safe_ports port 1025-65535 # unregistered ports
  140. acl Safe_ports port 280 # http-mgmt
  141. acl Safe_ports port 488 # gss-http
  142. acl Safe_ports port 591 # filemaker
  143. acl Safe_ports port 777 # multiling http
  144. acl PURGE method PURGE
  145. acl step1 at_step SslBump1
  146. acl step2 at_step SslBump2
  147. acl step3 at_step SslBump3
  148. acl range206 req_header Range -i byte
  149. acl iphone browser -i regexp (iPhone|iPad)
  150. acl BB browser -i regexp (BlackBerry|PlayBook)
  151. acl Winphone browser -i regexp (Windows.*Phone|Trident|IEMobile)
  152. acl Android browser -i regexp Android
  153. acl yt-rewrite url_regex -i ^https?\:\/\/(www|gaming)\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]
  154. acl youtube url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
  155. acl urltomiss url_regex -i ^http.*(update|patch).*versi
  156. acl urltomiss url_regex -i ^http.*versi.*(update|patch)
  157. acl urltomiss url_regex -i ^http.*(update|patch|versi|version)\.ini
  158. acl urltomiss url_regex -i ^http.*(hsupdate|antihack|xigncode|gameguard|captcha|gameid|game_id|idgame|id_game|launcher|\.aspx|\.html|\.shtml|\.xhtml|\.ini)
  159. acl urltomiss url_regex -i ^http.*googlevideo\.com\/video(playback|goodput).*source[\&\=\?\/]yt_live
  160. acl urltomiss url_regex -i ^http.*googleapis\.com\/game
  161. acl patchpartial url_regex -i ^http.*patch.*garena
  162. acl patchpartial url_regex -i ^http.*garena.*patch
  163. acl httptomiss http_status 302
  164. acl mimehtml rep_mime_type -i mime-type ^text/html
  165. acl mimeplain rep_mime_type -i mime-type ^text/plain
  166. acl tostoreid url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
  167. acl tostoreid url_regex -i ^http.*(fbcdn|akamaihd)
  168. acl tostoreid url_regex -i ^http.*c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/.*\?
  169. acl tostoreid url_regex -i ^http.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/.*\/.*\?
  170. acl tostoreid url_regex -i ^http.*datafilehost.*\/get\.php.*file\=.*
  171. acl tostoreid url_regex -i ^http.*\.filehippo\.com\/.*\?
  172. acl tostoreid url_regex -i ^http.*\.4shared\.com\/.*\/.*\/.*\/dlink.*preview.mp3
  173. acl tostoreid url_regex -i ^http.*\.4shared\.com\/download\/.*\/.*\?tsid
  174. acl tostoreid url_regex -i ^http.*steam(powered|content)
  175. acl tostoreid url_regex -i ^http.*savefile\.co\:182\/.*\/.*\.(mp4|flv|3gp)
  176. acl tostoreid url_regex -i ^http.*video\-http\.media\-imdb\.com\/.*\.mp4\?
  177. acl tostoreid url_regex -i ^http.*\.dl\.sourceforge\.net
  178. acl speedtest url_regex -i ^http.*([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|speedtest|espeed|api\.ookla).*\/(speedtest\.swf|speedtest-long\.swf|latency\.txt|upload\.php|speedtest-config\.php|ipaddress\.php|random.*\.jpg)
  179. acl blokir url_regex -i ^http.*kendedes\.uzone\.id
  180. acl blokir url_regex -i ^http.*internetpositif\.uzone\.id
  181.  
  182. acl CONNECT method CONNECT
  183. acl getmethod method GET
  184.  
  185. deny_info http://103.80.80.246 blokir
  186. http_access deny blokir
  187.  
  188. http_access deny !Safe_ports
  189. http_access deny CONNECT !SSL_ports
  190. http_access allow localhost manager
  191. http_access deny manager
  192. http_access allow localhost purge
  193. http_access deny purge
  194. http_access allow localnet
  195. http_access allow localhost
  196. http_access deny all
  197.  
  198. access_log /var/log/squid/access.log !CONNECT
  199. #access_log none
  200.  
  201. range_offset_limit none range206 patchpartial
  202. range_offset_limit 128 KB range206 !patchpartial
  203. quick_abort_min 1 KB
  204. quick_abort_max 1 KB
  205. quick_abort_pct 95
  206.  
  207. cache deny speedtest
  208. cache deny urltomiss
  209. cache deny localhost
  210. ssl_bump splice localhost
  211. ssl_bump peek step1 all
  212. ssl_bump bump all
  213.  
  214. cache_peer 10.212.212.212 parent 8033 0 no-digest no-tproxy
  215. dead_peer_timeout 5 seconds
  216. cache_peer_access 10.212.212.212 allow speedtest
  217. cache_peer_access 10.212.212.212 deny all
  218. always_direct deny speedtest
  219. never_direct allow speedtest
  220.  
  221. url_rewrite_access allow yt-rewrite !iphone !BB !Winphone !Android
  222. url_rewrite_access deny all
  223. url_rewrite_program /etc/squid/storerewrite.pl
  224. url_rewrite_children 2000 startup=30 idle=1
  225.  
  226. request_header_access Accept-Encoding deny yt-rewrite !iphone !BB !Winphone !Android
  227. #yt_quality: tiny = 144px small = 240px medium = 360px large = 480px HD720 = Hd720px
  228. ecap_enable on
  229. loadable_modules /usr/local/lib/ecap_adapter_modifying.so
  230. ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="dash":"1","vq":"tiny","enablejsapi"
  231. adaptation_access modif allow yt-rewrite !iphone !BB !Winphone !Android
  232. adaptation_access modif deny all
  233.  
  234. store_id_bypass off
  235. store_id_extras "%{Referer}>h"
  236. store_id_program /etc/squid/storeid.pl
  237. store_id_children 2000 startup=30 idle=1
  238. store_id_access allow tostoreid
  239. store_id_access deny all
  240.  
  241. store_miss deny youtube httptomiss
  242. send_hit deny youtube httptomiss
  243. store_miss deny youtube mimeplain
  244. send_hit deny youtube mimeplain
  245. store_miss deny mimehtml
  246. send_hit deny mimehtml
  247. store_miss deny urltomiss
  248. send_hit deny urltomiss
  249. store_miss deny speedtest
  250. send_hit deny speedtest
  251.  
  252. refresh_pattern -i .* 0 90% 432000 override-expire override-lastmod reload-into-ims refresh-ims ignore-no-store ignore-must-revalidate ignore-private ignore-auth
  253.  
  254. max_stale 100 years ' > /etc/squid/squid.conf
  255.  
  256. echo '#!/usr/bin/perl
  257. #!/usr/bin/perl
  258. $|=1;
  259. while (<>) {
  260. @X = split;
  261. if ($X[0] =~ m/^http.*/) {
  262. $url = $X[0];
  263. $referer = $X[1];
  264. $urlreferer = $X[0] ." ". $X[1];
  265. } else {
  266. $chanel = $X[0];
  267. $url = $X[1];
  268. $referer = $X[2];
  269. $urlreferer = $X[1] ." ". $X[2];
  270. }
  271.  
  272. #youtube googlevideo
  273. if ($url =~ m/^https?\:\/\/.*google.*video(playback|goodput).*/){
  274. @cpn = m/[=%&?\/]cpn[=%&?\/]([^\&\s]*)/;
  275. @id = m/[=%&?\/]id[=%&?\/]([^\&\s]*)/;
  276. @itag = m/[=%&?\/]itag[=%&?\/]([\d]*)/;
  277. @range = m/[=%&?\/]range[=%&?\/]([\d]*-[\d]*)/;
  278. @mime = m/[=%&?\/]mime[=%&?\/]([^\&\s]*)/;
  279. if ($referer =~ m/^https?\:\/\/(www|gaming)\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]([^\&\s\?]*)/){
  280. @id = $3;
  281. } else {
  282. if (defined(@cpn[0])){
  283. if (-e "/var/log/squid/@cpn"){
  284. open FILE, "/var/log/squid/@cpn";
  285. @id = <FILE>;
  286. close FILE;
  287. }
  288. }
  289. }
  290. $out="OK store-id=http://squid/google/video/id=@id/itag=@itag/mime=@mime/range=@range";
  291.  
  292. #youtube parameter
  293. } elsif (
  294. ($url =~ m/^https?\:\/\/.*youtube.*(stream_204|watchtime|qoe|atr|csi_204|playback).*[=%&?\/]docid[=%&?\/]([^\&\s]*)/) ||
  295. ($url =~ m/^https?\:\/\/.*youtube.*(ptracking|set_awesome).*[=%&?\/]video_id[=%&?\/]([^\&\s]*)/) ||
  296. ($url =~ m/^https?\:\/\/.*youtube.*(player_204).*[=%&?\/]v[=%&?\/]([^\&\s]*)/)
  297. ){
  298. @id = $2;
  299. @cpn = m/[=%&?\/]cpn[=%&?\/]([^\&\s]*)/;
  300. if ($referer !~ m/^https?\:\/\/(www|gaming)\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]([^\&\s\?]*)/){
  301. unless (-e "/var/log/squid/@cpn"){
  302. open FILE, ">/var/log/squid/@cpn";
  303. print FILE @id;
  304. close FILE;
  305. }
  306. }
  307. $out = "ERR";
  308.  
  309. #utmgif
  310. } elsif ($url =~ m/^https?\:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) {
  311. $out="OK store-id=http://squid/google-analytics/__utm.gif";
  312.  
  313. #fbcdn.net or akamaihd.net video range
  314. } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/([\w-]+\.[\w]{2,4}).*(bytestart[=%&?\/][\d]+[&\/]byteend[=%&?\/][\d]+)/) {
  315. $out="OK store-id=http://squid/$1/$2/$3";
  316.  
  317. #fbcdn.net or akamaihd.net with size
  318. } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/([a-zA-Z][\d]+[x][\d]+\/[\w-]+\.[\w]{2,4})($|\?)/) {
  319. $out="OK store-id=http://squid/$1/$2";
  320.  
  321. #fbcdn.net or akamaihd.net safe_image.php
  322. } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/safe_image\.php\?(.*)/) {
  323. $out="OK store-id=http://squid/$1/$2";
  324.  
  325. #reverbnation
  326. } elsif ($url =~ m/^https?\:\/\/c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/(.*)\?.*/) {
  327. $out="OK store-id=http://squid/reverbnation/$1";
  328.  
  329. #playstore
  330. } elsif ($url =~ m/^https?\:\/\/.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/(.*\/.*)\?.*/) {
  331. $out="OK store-id=http://squid/android/market/$1";
  332.  
  333.  
  334. #filehost
  335. } elsif ($url =~ m/^https?\:\/\/.*datafilehost.*\/get\.php.*file\=(.*)/) {
  336. $out="OK store-id=http://squid/datafilehost/$1";
  337.  
  338.  
  339. #speedtest
  340. } elsif ($url =~ m/^https?\:\/\/.*(speedtest|espeed).*\/(.*\.(txt|jpg)).*/) {
  341. $out="OK store-id=http://squid/speedtest/$2";
  342.  
  343.  
  344. #filehippo
  345. } elsif ($url =~ m/^https?\:\/\/.*\.filehippo\.com\/.*\/([\w-]+\.[\w]{2,4})\?.*/) {
  346. $out="OK store-id=http://squid/filehippo/$1";
  347.  
  348.  
  349. #4shared preview.mp3
  350. } elsif ($url =~ m/^https?\:\/\/.*\.4shared\.com\/.*\/(.*\/.*)\/dlink.*preview.mp3/) {
  351. $out="OK store-id=http://squid/4shared/preview/$1";
  352.  
  353. #4shared
  354. } elsif ($url =~ m/^https?\:\/\/.*\.4shared\.com\/download\/(.*\/.*)\?tsid.*/) {
  355. $out="OK store-id=http://squid/4shared/download/$1";
  356.  
  357. #savefile-animeindo.tv
  358. } elsif ($url =~ m/^https?:\/\/www\.savefile\.co\:182\/.*\/(.*\.(mp4|flv|3gp)).*/) {
  359. $out="OK store-id=http://squid/savefile:182/$1";
  360.  
  361. #imdb
  362. } elsif ($url =~ m/^https?\:\/\/video\-http\.media\-imdb\.com\/(.*\.mp4)\?.*/) {
  363. $out="OK store-id=http://squid/imdb/$1";
  364.  
  365. #sourceforge
  366. } elsif ($url =~ m/^https?\:\/\/.*\.dl\.sourceforge\.net\/([\w-]+\.[\w]{2,3})/) {
  367. $out="OK store-id=http://squid/sourceforge/$1";
  368.  
  369. #steampowered dota 2
  370. } elsif ($url =~ m/^https?\:\/\/(.*steam(powered|content).*\/(client|depot)\/[\d]+\/(chunk|manifest)\/[^\?\s]*).*/) {
  371. $out="OK store-id=http://squid/$1";
  372.  
  373. } else {
  374. $out="ERR";
  375. }
  376.  
  377. if ($X[0] =~ m/^http.*/) {
  378. print "$out\n";
  379. } else {
  380. print "$chanel $out\n";
  381. }
  382. } ' > /etc/squid/storeid.pl
  383.  
  384.  
  385. echo '#!/usr/bin/perl
  386.  
  387. $|=1;
  388. while (<>) {
  389. @X = split;
  390. if ($X[0] =~ m/^http.*/) {
  391. $url = $X[0];
  392. $referer = $X[1];
  393. $urlreferer = $X[0] ." ". $X[1];
  394. } else {
  395. $chanel = $X[0];
  396. $url = $X[1];
  397. $referer = $X[2];
  398. $urlreferer = $X[1] ." ". $X[2];
  399. }
  400.  
  401.  
  402. #watch rewrite
  403. if ($url=~ m/(^https?\:\/\/(www|gaming)\.youtube\.com\/(watch\?v|embed|v)[\=\%\&\?\/].*[\=\%\&\?\/])(nohtml5\=1|html5\=1)(.*)/) {
  404. $out="OK rewrite-url=$1" . "nohtml5=1" . $5;
  405.  
  406. } elsif ($url=~ m/(^https?\:\/\/(www|gaming)\.youtube\.com\/(watch\?v|embed|v)[\=\%\&\?\/].*[\=\%\&\?\/].*)/) {
  407. $out="OK rewrite-url=$1" . "&nohtml5=1";
  408.  
  409. } elsif ($url=~ m/(^https?\:\/\/(www|gaming)\.youtube\.com\/(watch\?v)[\=\%\&\?\/][^\?^\&]*$)/) {
  410. $out="OK rewrite-url=$1" ."&nohtml5=1";
  411.  
  412. } elsif ($url=~ m/(^https?\:\/\/(www|gaming)\.youtube\.com\/(embed|v)[\=\%\&\?\/][^\?^\&]*$)/) {
  413. $out="OK rewrite-url=$1" ."?nohtml5=1";
  414.  
  415. } else {
  416. $out="ERR";
  417. }
  418.  
  419. if ($X[0] =~ m/^http.*/) {
  420. print "$out\n";
  421. } else {
  422. print "$chanel $out\n";
  423. }
  424. } ' > /etc/squid/storerewrite.pl
  425.  
  426.  
  427. chmod +x /etc/squid/storeid.pl
  428. chmod +x /etc/squid/storerewrite.pl
  429. chmod +x /etc/squid/squid.conf
  430. squid -zN
  431. wget -O /etc/init.d/squid http://pastebin.com/raw/A77yKwbi
  432. chmod +x /etc/init.d/squid
  433. update-rc.d squid defaults
  434. service squid start
  435. echo '#tproxy
  436. iptables -t mangle -N DIVERT
  437. iptables -t mangle -A DIVERT -j MARK --set-mark 1
  438. iptables -t mangle -A DIVERT -j ACCEPT
  439. iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
  440. iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
  441. iptables -t mangle -A PREROUTING -p tcp --dport 8080 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
  442. iptables -t mangle -A PREROUTING -p tcp --dport 8777 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
  443. iptables -t mangle -A PREROUTING -p tcp --dport 182 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
  444. iptables -t mangle -A PREROUTING -p tcp --dport 5050 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
  445. iptables -t mangle -A PREROUTING -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3127
  446. ip rule add fwmark 1 lookup 212
  447. ip route add local 0.0.0.0/0 dev lo table 212
  448.  
  449. #intercept
  450. #iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3129
  451. #iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3127
  452.  
  453. exit 0' > /etc/rc.local
  454. reboot
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!