Advertisement
sukriborneo

auto-install-squid

Nov 5th, 2017
938
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2. wget -O /etc/apt/sources.list http://pastebin.com/raw/B9atBpyw
  3. apt-get update
  4. apt-get install build-essential devscripts libcppunit-dev openssl libssl-dev libcap-dev libsasl2-dev ccze pkg-config libkrb5-dev php5 apache2 -y
  5. wget -O /etc/apache2/ports.conf http://pastebin.com/raw/4pvrFczN
  6. # apabila belum memiliki folder cache, lalukan mkdir -p /cache , bila sudah memiliki folder cache, abaikan saja
  7. mkdir -p /cache
  8. chmod -R 777 /cache
  9. cd /var/www
  10. mkdir id
  11. mkdir flash
  12. wget http://c.speedtest.net/mini/mini.zip
  13. unzip mini.zip
  14. cp -arv mini/speedtest /var/www
  15. wget -O /var/www/flash/speedtest.swf http://c.speedtest.net/flash/speedtest.swf
  16. wget -O /var/www/flash/speedtest-long.swf http://c.speedtest.net/flash/speedtest-long.swf
  17. wget -O /var/www/speedtest-config.php http://www.speedtest.net/speedtest-config.php
  18. wget -O /var/www/ipaddress.php http://api.ookla.com/ipaddress.php
  19. wget -O /var/www/id/speedtest-config.php http://www.speedtest.net/id/speedtest-config.php
  20. cd
  21. wget http://www.measurement-factory.com/tmp/ecap/libecap-1.0.0.tar.gz
  22. tar xvf libecap-1.0.0.tar.gz
  23. cd libecap-1.0.0
  24. ./configure && make && make install
  25. echo '/usr/local/lib' >> /etc/ld.so.conf
  26. ldconfig
  27. cd
  28. wget http://www.measurement-factory.com/tmp/ecap/ecap_adapter_sample-1.0.0.tar.gz
  29. tar xzvf ecap_adapter_sample-1.0.0.tar.gz
  30. wget -O /root/ecap_adapter_sample-1.0.0/src/adapter_async.cc http://pastebin.com/raw/2iaykJAw
  31. cd ecap_adapter_sample-1.0.0
  32. ./configure && make && make install
  33. cd
  34. wget http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.20.tar.gz
  35. tar xzvf squid-3.5.20.tar.gz
  36. wget -O squid_forgery.patch http://pastebin.com/raw/cs6fKaAh
  37. cd squid-3.5.20
  38. patch -p0 <../squid_forgery.patch
  39. ./configure --prefix=/usr \
  40. --bindir=/usr/bin \
  41. --sbindir=/usr/sbin \
  42. --libexecdir=/usr/lib/squid \
  43. --sysconfdir=/etc/squid \
  44. --localstatedir=/var \
  45. --libdir=/usr/lib \
  46. --includedir=/usr/include \
  47. --datadir=/usr/share/squid \
  48. --mandir=/usr/share/man \
  49. --enable-storeio=ufs,aufs,diskd,rock \
  50. --enable-removal-policies=lru,heap \
  51. --enable-stacktrace \
  52. --enable-zph=qos \
  53. --enable-ecap \
  54. --enable-icap-client \
  55. --enable-wccp \
  56. --enable-wccpv2 \
  57. --enable-linux-netfilter \
  58. --disable-ident-lookup \
  59. --disable-auth \
  60. --disable-auth-basic \
  61. --disable-auth-digest \
  62. --disable-auth-negotiate \
  63. --disable-auth-ntlm \
  64. --disable-url-rewriter-helpers \
  65. --disable-storeid-rewrite-helpers \
  66. --with-logdir=/var/log/squid \
  67. --with-pid-file=/var/run/squid.pid \
  68. --with-swap-dir=/cache \
  69. --enable-large-cache-files \
  70. --with-large-files \
  71. --with-openssl
  72. make
  73. make install
  74. cd
  75. chown -R nobody /var/log/squid
  76. chown -R nobody /cache
  77. mkdir -p /etc/squid/ssl_cert
  78. openssl req -new -newkey rsa:2048 -sha256 -days 3652 -nodes -x509 -keyout /etc/squid/ssl_cert/proxy.pem -out /etc/squid/ssl_cert/proxy.pem -subj "/C=ID/ST=Jawa Tengah/L=Semarang/O=TSI/CN=Terapi Squid Indonesia"
  79. openssl x509 -in /etc/squid/ssl_cert/proxy.pem -outform DER -out /etc/squid/ssl_cert/proxy.der
  80. openssl x509 -in /etc/squid/ssl_cert/proxy.pem -outform DER -out /etc/squid/ssl_cert/proxy.crt
  81. cp -arv /etc/squid/ssl_cert /var/www
  82. echo '#
  83. dns_v4_first on
  84. reply_header_access Alternate-Protocol deny all
  85. reply_header_access Alt-Svc deny all
  86. refresh_all_ims on
  87. reload_into_ims on
  88.  
  89. #asumsi sisa hardisk 900Gban
  90. #(720000000/256/256)*2
  91. cache_dir aufs /cache 720000 21980 256
  92. cache_mem 2 MB
  93. cache_swap_high 95
  94. cache_swap_low 90
  95.  
  96. cache_replacement_policy heap LFUDA
  97. memory_replacement_policy heap GDSF
  98.  
  99. maximum_object_size 4096000 KB
  100. maximum_object_size_in_memory 0 KB
  101.  
  102. cache_mgr cespun@gmail.com
  103. visible_hostname cespun-proxy
  104. strip_query_terms off
  105. httpd_suppress_version_string on
  106. log_mime_hdrs off
  107. forwarded_for off
  108. via off
  109.  
  110. coredump_dir /var/log/squid
  111. logfile_rotate 1
  112.  
  113. max_filedescriptors 65536
  114.  
  115. fqdncache_size 4096
  116. ipcache_size 4096
  117. ipcache_high 95
  118. ipcache_low 90
  119.  
  120. http_port 3128
  121. http_port 3129 tproxy
  122. #https_port 3127 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/warnet.pem
  123. https_port 3127 tproxy ssl-bump generate-host-certificates=on cert=/etc/squid/ssl_cert/warnet.pem
  124.  
  125. qos_flows local-hit=0x30
  126.  
  127. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
  128. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
  129. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
  130. acl localnet src fc00::/7 # RFC 4193 local private network range
  131. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
  132. acl SSL_ports port 443
  133. acl Safe_ports port 80 # http
  134. acl Safe_ports port 182 # http
  135. acl Safe_ports port 21 # ftp
  136. acl Safe_ports port 443 # https
  137. acl Safe_ports port 70 # gopher
  138. acl Safe_ports port 210 # wais
  139. acl Safe_ports port 1025-65535 # unregistered ports
  140. acl Safe_ports port 280 # http-mgmt
  141. acl Safe_ports port 488 # gss-http
  142. acl Safe_ports port 591 # filemaker
  143. acl Safe_ports port 777 # multiling http
  144. acl PURGE method PURGE
  145. acl step1 at_step SslBump1
  146. acl step2 at_step SslBump2
  147. acl step3 at_step SslBump3
  148. acl range206 req_header Range -i byte
  149. acl iphone browser -i regexp (iPhone|iPad)
  150. acl BB browser -i regexp (BlackBerry|PlayBook)
  151. acl Winphone browser -i regexp (Windows.*Phone|Trident|IEMobile)
  152. acl Android browser -i regexp Android
  153. acl yt-rewrite url_regex -i ^https?\:\/\/(www|gaming)\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]
  154. acl youtube url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
  155. acl urltomiss url_regex -i ^http.*(update|patch).*versi
  156. acl urltomiss url_regex -i ^http.*versi.*(update|patch)
  157. acl urltomiss url_regex -i ^http.*(update|patch|versi|version)\.ini
  158. acl urltomiss url_regex -i ^http.*(hsupdate|antihack|xigncode|gameguard|captcha|gameid|game_id|idgame|id_game|launcher|\.aspx|\.html|\.shtml|\.xhtml|\.ini)
  159. acl urltomiss url_regex -i ^http.*googlevideo\.com\/video(playback|goodput).*source[\&\=\?\/]yt_live
  160. acl urltomiss url_regex -i ^http.*googleapis\.com\/game
  161. acl patchpartial url_regex -i ^http.*patch.*garena
  162. acl patchpartial url_regex -i ^http.*garena.*patch
  163. acl httptomiss http_status 302
  164. acl mimehtml rep_mime_type -i mime-type ^text/html
  165. acl mimeplain rep_mime_type -i mime-type ^text/plain
  166. acl tostoreid url_regex -i ^http.*(youtube|googlevideo|videoplayback|videogoodput)
  167. acl tostoreid url_regex -i ^http.*(fbcdn|akamaihd)
  168. acl tostoreid url_regex -i ^http.*c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/.*\?
  169. acl tostoreid url_regex -i ^http.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/.*\/.*\?
  170. acl tostoreid url_regex -i ^http.*datafilehost.*\/get\.php.*file\=.*
  171. acl tostoreid url_regex -i ^http.*\.filehippo\.com\/.*\?
  172. acl tostoreid url_regex -i ^http.*\.4shared\.com\/.*\/.*\/.*\/dlink.*preview.mp3
  173. acl tostoreid url_regex -i ^http.*\.4shared\.com\/download\/.*\/.*\?tsid
  174. acl tostoreid url_regex -i ^http.*steam(powered|content)
  175. acl tostoreid url_regex -i ^http.*savefile\.co\:182\/.*\/.*\.(mp4|flv|3gp)
  176. acl tostoreid url_regex -i ^http.*video\-http\.media\-imdb\.com\/.*\.mp4\?
  177. acl tostoreid url_regex -i ^http.*\.dl\.sourceforge\.net
  178. acl speedtest url_regex -i ^http.*([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|speedtest|espeed|api\.ookla).*\/(speedtest\.swf|speedtest-long\.swf|latency\.txt|upload\.php|speedtest-config\.php|ipaddress\.php|random.*\.jpg)
  179. acl blokir url_regex -i ^http.*kendedes\.uzone\.id
  180. acl blokir url_regex -i ^http.*internetpositif\.uzone\.id
  181.  
  182. acl CONNECT method CONNECT
  183. acl getmethod method GET
  184.  
  185. deny_info http://103.80.80.246 blokir
  186. http_access deny blokir
  187.  
  188. http_access deny !Safe_ports
  189. http_access deny CONNECT !SSL_ports
  190. http_access allow localhost manager
  191. http_access deny manager
  192. http_access allow localhost purge
  193. http_access deny purge
  194. http_access allow localnet
  195. http_access allow localhost
  196. http_access deny all
  197.  
  198. access_log /var/log/squid/access.log !CONNECT
  199. #access_log none
  200.  
  201. range_offset_limit none range206 patchpartial
  202. range_offset_limit 128 KB range206 !patchpartial
  203. quick_abort_min 1 KB
  204. quick_abort_max 1 KB
  205. quick_abort_pct 95
  206.  
  207. cache deny speedtest
  208. cache deny urltomiss
  209. cache deny localhost
  210. ssl_bump splice localhost
  211. ssl_bump peek step1 all
  212. ssl_bump bump all
  213.  
  214. cache_peer 10.212.212.212 parent 8033 0 no-digest no-tproxy
  215. dead_peer_timeout 5 seconds
  216. cache_peer_access 10.212.212.212 allow speedtest
  217. cache_peer_access 10.212.212.212 deny all
  218. always_direct deny speedtest
  219. never_direct allow speedtest
  220.  
  221. url_rewrite_access allow yt-rewrite !iphone !BB !Winphone !Android
  222. url_rewrite_access deny all
  223. url_rewrite_program /etc/squid/storerewrite.pl
  224. url_rewrite_children 2000 startup=30 idle=1
  225.  
  226. request_header_access Accept-Encoding deny yt-rewrite !iphone !BB !Winphone !Android
  227. #yt_quality: tiny = 144px small = 240px medium = 360px large = 480px HD720 = Hd720px
  228. ecap_enable on
  229. loadable_modules /usr/local/lib/ecap_adapter_modifying.so
  230. ecap_service modif respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim="enablejsapi" replacement="dash":"1","vq":"tiny","enablejsapi"
  231. adaptation_access modif allow yt-rewrite !iphone !BB !Winphone !Android
  232. adaptation_access modif deny all
  233.  
  234. store_id_bypass off
  235. store_id_extras "%{Referer}>h"
  236. store_id_program /etc/squid/storeid.pl
  237. store_id_children 2000 startup=30 idle=1
  238. store_id_access allow tostoreid
  239. store_id_access deny all
  240.  
  241. store_miss deny youtube httptomiss
  242. send_hit deny youtube httptomiss
  243. store_miss deny youtube mimeplain
  244. send_hit deny youtube mimeplain
  245. store_miss deny mimehtml
  246. send_hit deny mimehtml
  247. store_miss deny urltomiss
  248. send_hit deny urltomiss
  249. store_miss deny speedtest
  250. send_hit deny speedtest
  251.  
  252. refresh_pattern -i .* 0 90% 432000 override-expire override-lastmod reload-into-ims refresh-ims ignore-no-store ignore-must-revalidate ignore-private ignore-auth
  253.  
  254. max_stale 100 years ' > /etc/squid/squid.conf
  255.  
  256. echo '#!/usr/bin/perl
  257. #!/usr/bin/perl
  258. $|=1;
  259. while (<>) {
  260. @X = split;
  261. if ($X[0] =~ m/^http.*/) {
  262. $url = $X[0];
  263. $referer = $X[1];
  264. $urlreferer = $X[0] ." ". $X[1];
  265. } else {
  266. $chanel = $X[0];
  267. $url = $X[1];
  268. $referer = $X[2];
  269. $urlreferer = $X[1] ." ". $X[2];
  270. }
  271.  
  272. #youtube googlevideo
  273. if ($url =~ m/^https?\:\/\/.*google.*video(playback|goodput).*/){
  274. @cpn = m/[=%&?\/]cpn[=%&?\/]([^\&\s]*)/;
  275. @id = m/[=%&?\/]id[=%&?\/]([^\&\s]*)/;
  276. @itag = m/[=%&?\/]itag[=%&?\/]([\d]*)/;
  277. @range = m/[=%&?\/]range[=%&?\/]([\d]*-[\d]*)/;
  278. @mime = m/[=%&?\/]mime[=%&?\/]([^\&\s]*)/;
  279. if ($referer =~ m/^https?\:\/\/(www|gaming)\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]([^\&\s\?]*)/){
  280. @id = $3;
  281. } else {
  282. if (defined(@cpn[0])){
  283. if (-e "/var/log/squid/@cpn"){
  284. open FILE, "/var/log/squid/@cpn";
  285. @id = <FILE>;
  286. close FILE;
  287. }
  288. }
  289. }
  290. $out="OK store-id=http://squid/google/video/id=@id/itag=@itag/mime=@mime/range=@range";
  291.  
  292. #youtube parameter
  293. } elsif (
  294. ($url =~ m/^https?\:\/\/.*youtube.*(stream_204|watchtime|qoe|atr|csi_204|playback).*[=%&?\/]docid[=%&?\/]([^\&\s]*)/) ||
  295. ($url =~ m/^https?\:\/\/.*youtube.*(ptracking|set_awesome).*[=%&?\/]video_id[=%&?\/]([^\&\s]*)/) ||
  296. ($url =~ m/^https?\:\/\/.*youtube.*(player_204).*[=%&?\/]v[=%&?\/]([^\&\s]*)/)
  297. ){
  298. @id = $2;
  299. @cpn = m/[=%&?\/]cpn[=%&?\/]([^\&\s]*)/;
  300. if ($referer !~ m/^https?\:\/\/(www|gaming)\.youtube\.com\/(watch\?v|embed|v)[=%&?\/]([^\&\s\?]*)/){
  301. unless (-e "/var/log/squid/@cpn"){
  302. open FILE, ">/var/log/squid/@cpn";
  303. print FILE @id;
  304. close FILE;
  305. }
  306. }
  307. $out = "ERR";
  308.  
  309. #utmgif
  310. } elsif ($url =~ m/^https?\:\/\/www\.google-analytics\.com\/__utm\.gif\?.*/) {
  311. $out="OK store-id=http://squid/google-analytics/__utm.gif";
  312.  
  313. #fbcdn.net or akamaihd.net video range
  314. } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/([\w-]+\.[\w]{2,4}).*(bytestart[=%&?\/][\d]+[&\/]byteend[=%&?\/][\d]+)/) {
  315. $out="OK store-id=http://squid/$1/$2/$3";
  316.  
  317. #fbcdn.net or akamaihd.net with size
  318. } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/([a-zA-Z][\d]+[x][\d]+\/[\w-]+\.[\w]{2,4})($|\?)/) {
  319. $out="OK store-id=http://squid/$1/$2";
  320.  
  321. #fbcdn.net or akamaihd.net safe_image.php
  322. } elsif ($url =~ m/^https?\:\/\/.*(fbcdn\.net|akamaihd\.net).*\/safe_image\.php\?(.*)/) {
  323. $out="OK store-id=http://squid/$1/$2";
  324.  
  325. #reverbnation
  326. } elsif ($url =~ m/^https?\:\/\/c2lo\.reverbnation\.com\/audio_player\/ec_stream_song\/(.*)\?.*/) {
  327. $out="OK store-id=http://squid/reverbnation/$1";
  328.  
  329. #playstore
  330. } elsif ($url =~ m/^https?\:\/\/.*\.c\.android\.clients\.google\.com\/market\/GetBinary\/GetBinary\/(.*\/.*)\?.*/) {
  331. $out="OK store-id=http://squid/android/market/$1";
  332.  
  333.  
  334. #filehost
  335. } elsif ($url =~ m/^https?\:\/\/.*datafilehost.*\/get\.php.*file\=(.*)/) {
  336. $out="OK store-id=http://squid/datafilehost/$1";
  337.  
  338.  
  339. #speedtest
  340. } elsif ($url =~ m/^https?\:\/\/.*(speedtest|espeed).*\/(.*\.(txt|jpg)).*/) {
  341. $out="OK store-id=http://squid/speedtest/$2";
  342.  
  343.  
  344. #filehippo
  345. } elsif ($url =~ m/^https?\:\/\/.*\.filehippo\.com\/.*\/([\w-]+\.[\w]{2,4})\?.*/) {
  346. $out="OK store-id=http://squid/filehippo/$1";
  347.  
  348.  
  349. #4shared preview.mp3
  350. } elsif ($url =~ m/^https?\:\/\/.*\.4shared\.com\/.*\/(.*\/.*)\/dlink.*preview.mp3/) {
  351. $out="OK store-id=http://squid/4shared/preview/$1";
  352.  
  353. #4shared
  354. } elsif ($url =~ m/^https?\:\/\/.*\.4shared\.com\/download\/(.*\/.*)\?tsid.*/) {
  355. $out="OK store-id=http://squid/4shared/download/$1";
  356.  
  357. #savefile-animeindo.tv
  358. } elsif ($url =~ m/^https?:\/\/www\.savefile\.co\:182\/.*\/(.*\.(mp4|flv|3gp)).*/) {
  359. $out="OK store-id=http://squid/savefile:182/$1";
  360.  
  361. #imdb
  362. } elsif ($url =~ m/^https?\:\/\/video\-http\.media\-imdb\.com\/(.*\.mp4)\?.*/) {
  363. $out="OK store-id=http://squid/imdb/$1";
  364.  
  365. #sourceforge
  366. } elsif ($url =~ m/^https?\:\/\/.*\.dl\.sourceforge\.net\/([\w-]+\.[\w]{2,3})/) {
  367. $out="OK store-id=http://squid/sourceforge/$1";
  368.  
  369. #steampowered dota 2
  370. } elsif ($url =~ m/^https?\:\/\/(.*steam(powered|content).*\/(client|depot)\/[\d]+\/(chunk|manifest)\/[^\?\s]*).*/) {
  371. $out="OK store-id=http://squid/$1";
  372.  
  373. } else {
  374. $out="ERR";
  375. }
  376.  
  377. if ($X[0] =~ m/^http.*/) {
  378. print "$out\n";
  379. } else {
  380. print "$chanel $out\n";
  381. }
  382. } ' > /etc/squid/storeid.pl
  383.  
  384.  
  385. echo '#!/usr/bin/perl
  386.  
  387. $|=1;
  388. while (<>) {
  389. @X = split;
  390. if ($X[0] =~ m/^http.*/) {
  391. $url = $X[0];
  392. $referer = $X[1];
  393. $urlreferer = $X[0] ." ". $X[1];
  394. } else {
  395. $chanel = $X[0];
  396. $url = $X[1];
  397. $referer = $X[2];
  398. $urlreferer = $X[1] ." ". $X[2];
  399. }
  400.  
  401.  
  402. #watch rewrite
  403. if ($url=~ m/(^https?\:\/\/(www|gaming)\.youtube\.com\/(watch\?v|embed|v)[\=\%\&\?\/].*[\=\%\&\?\/])(nohtml5\=1|html5\=1)(.*)/) {
  404. $out="OK rewrite-url=$1" . "nohtml5=1" . $5;
  405.  
  406. } elsif ($url=~ m/(^https?\:\/\/(www|gaming)\.youtube\.com\/(watch\?v|embed|v)[\=\%\&\?\/].*[\=\%\&\?\/].*)/) {
  407. $out="OK rewrite-url=$1" . "&nohtml5=1";
  408.  
  409. } elsif ($url=~ m/(^https?\:\/\/(www|gaming)\.youtube\.com\/(watch\?v)[\=\%\&\?\/][^\?^\&]*$)/) {
  410. $out="OK rewrite-url=$1" ."&nohtml5=1";
  411.  
  412. } elsif ($url=~ m/(^https?\:\/\/(www|gaming)\.youtube\.com\/(embed|v)[\=\%\&\?\/][^\?^\&]*$)/) {
  413. $out="OK rewrite-url=$1" ."?nohtml5=1";
  414.  
  415. } else {
  416. $out="ERR";
  417. }
  418.  
  419. if ($X[0] =~ m/^http.*/) {
  420. print "$out\n";
  421. } else {
  422. print "$chanel $out\n";
  423. }
  424. } ' > /etc/squid/storerewrite.pl
  425.  
  426.  
  427. chmod +x /etc/squid/storeid.pl
  428. chmod +x /etc/squid/storerewrite.pl
  429. chmod +x /etc/squid/squid.conf
  430. squid -zN
  431. wget -O /etc/init.d/squid http://pastebin.com/raw/A77yKwbi
  432. chmod +x /etc/init.d/squid
  433. update-rc.d squid defaults
  434. service squid start
  435. echo '#tproxy
  436. iptables -t mangle -N DIVERT
  437. iptables -t mangle -A DIVERT -j MARK --set-mark 1
  438. iptables -t mangle -A DIVERT -j ACCEPT
  439. iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
  440. iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
  441. iptables -t mangle -A PREROUTING -p tcp --dport 8080 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
  442. iptables -t mangle -A PREROUTING -p tcp --dport 8777 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
  443. iptables -t mangle -A PREROUTING -p tcp --dport 182 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
  444. iptables -t mangle -A PREROUTING -p tcp --dport 5050 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
  445. iptables -t mangle -A PREROUTING -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3127
  446. ip rule add fwmark 1 lookup 212
  447. ip route add local 0.0.0.0/0 dev lo table 212
  448.  
  449. #intercept
  450. #iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3129
  451. #iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3127
  452.  
  453. exit 0' > /etc/rc.local
  454. reboot
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement