5. ubah pemilik file folder cache
chown -R proxy:proxy /cache1
chown -R proxy:proxy /cache2
chown -R proxy:proxy /cache3
chown -R proxy:proxy /cache4
chown -R proxy:proxy /var/log/squid
chmod 777 /cache1
chmod 777 /cache2
chmod 777 /cache3
chmod 777 /cache4
6. Copy file squid ke /etc/init.d/
chmod +x /etc/init.d/squid
update-rc.d squid defaults
7. Buat sertifikat tanah squid nya
cd /etc/squid
mkdir ssl_cert
cd ssl_cert
openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem
openssl x509 -in myCA.pem -outform DER -out myCA.der
mkdir /var/squid cd /var/squid
mkdir ssl_db
cd
chown -R nobody /var/squid/ssl_db/
/usr/lib/squid/ssl_crtd -c -s /var/squid/ssl_db/certs
chown -R proxy:proxy
/var/squid/ssl_db/
8. Buat dir cache
squid -z
9. Tambahkan file dibawah in pada /etc/rc.local
modprobe xt_TPROXY
modprobe xt_socket
modprobe nf_tproxy_core
modprobe xt_mark
modprobe nf_nat
modprobe nf_conntrack_ipv4
modprobe nf_conntrack
modprobe nf_defrag_ipv4
modprobe ipt_REDIRECT
modprobe iptable_nat
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK –set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A INPUT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING ! -d 192.168.3.2/32 -p tcp –dport 80 -j TPROXY –tproxy-mark 0x1/0x1 –on port 3129
iptables -t mangle -A PREROUTING ! -d 192.168.3.2/32 -p tcp –dport 443 -j TPROXY –tproxy-mark 0x1/0x1 –on-port 3127
/sbin/ip rule add fwmark 1 lookup 100
/sbin/ip route add local 0.0.0.0/0 dev lo table 100
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_forward
exit 0
10. Tambahkan mangle pada mikrotik
/ip firewall mangle add action=mark-routing chain=prerouting comment=”TPROXY ROUTING” disabled=no dst-port=80,443 in-interface=ether2-local new-routing-mark=tproxy_rm passthrough=no \ protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=80,443 in-interface=ether3-proxy new-connection-mark=tproxy_cm passthrough=yes protocol=tcp \ src-address=!192.168.3.2
add action=mark-routing chain=prerouting connection-mark=tproxy_cm disabled=no in-interface=!ether3-proxy new-routing-mark=tproxy_rm passthrough=no
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.3.2 routing-mark=tproxy_rm scope=30 target-scope=10
Pages:
- 1
- 2
Komentar Terakhir