Scribd Logo
Upload

Welcome to Scribd!

  • Setting Tproxy Mode Bridge

    Uploaded by

    Denny Tobing
    26 views2 pages
    Setting Tproxy Mode Bridge

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Setting Tproxy Mode Bridge

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    26 views2 pages

    Setting Tproxy Mode Bridge

    Uploaded by

    Denny Tobing
    Setting Tproxy Mode Bridge

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    SETTING TPROXY MODE BRIDGE

    TOPOLOGI

    - OS proxy ubuntu server
    - 2 lan card
    - Asumsi squid3.x sudah terinstall dan berjalan dengan baik
    Ether mikrotik 192.168.20.1/24
    br0 192.168.20.2
    client 192.168.20.3-192.168.20.254
    1. Install Paket pendukung
    apt-get install ebtables
    apt-get install bridge-utils
    2. Set file /etc/network/interfaces, hapus isinya dan hanya bagian ini yang jangan
    ================================
    etc/network/interfaces
    auto lo
    iface lo inet loopback
    3. Set file /etc/rc.local
    ifconfig eth0 0.0.0.0 promisc up
    ifconfig eth1 0.0.0.0 promisc up

    brctl addbr br0
    brctl addif br0 eth0
    brctl addif br0 eth1

    ifconfig br0 192.168.20.2 netmask 255.255.255.0 up
    route add default gw 192.168.20.1 dev br0

    modprobe xt_TPROXY
    modprobe xt_socket
    modprobe nf_tproxy_core
    modprobe xt_mark
    modprobe nf_nat
    modprobe nf_conntrack_ipv4
    modprobe nf_conntrack
    modprobe nf_defrag_ipv4
    modprobe ipt_REDIRECT
    modprobe iptable_nat

    iptables -F
    iptables -t nat -F
    iptables -t mangle -F
    iptables -X
    iptables -t nat -X


    ip rule add fwmark 1 lookup 100
    ip route add local 0.0.0.0/0 dev lo table 100
    echo 0 >/proc/sys/net/ipv4/conf/lo/rp_filter
    echo 1 >/proc/sys/net/ipv4/ip_forward
    iptables -t mangle -N DIVERT
    iptables -t mangle -A DIVERT -j MARK --set-mark 1
    iptables -t mangle -A DIVERT -j ACCEPT
    iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
    iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port
    3129
    iptables -t mangle -A PREROUTING -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port
    3127
    ebtables -F
    ebtables -t broute -A BROUTING -p ipv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target
    ACCEPT
    ebtables -t broute -A BROUTING -p ipv4 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target
    ACCEPT
    #=================================================================
    exit 0
    4. Reboot pc proxy..beres

    You might also like