ane belom pernah pake squid dari package ubuntu, jadi ane kurang tau paket dari ubuntu server udah support TPROXY belom.
buat install squid agar optimal bisa tweaking dulu system ubuntu anda
1. tweaking limit open file & ip forwarding
Code:
echo "* soft nofile 65535" >> /etc/security/limits.conf echo "* hard nofile 65535" >> /etc/security/limits.conf echo "net.ipv4.conf.all.rp_filter=0" >> /etc/sysctl.conf echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
Code:
apt-get install build-essential apt-get install libcap-dev
1. download squid2.7.STABLE9 & patch
Code:
wget http://www.squid-cache.org/Versions/v2/2.7/squid-2.7.STABLE9.tar.gz wget http://www.visolve.com/squid/tproxy4/squid-2.7s9-tproxy-4.patch
Code:
tar -zxvf squid-2.7.STABLE9.tar.gz cd squid-2.7.STABLE9 patch -p1 < ../squid-2.7s9-tproxy-4.patch
Code:
./configure '--prefix=/usr/local/squid' \ '--enable-async-io=24' \ '--enable-storeio=ufs,aufs,null,diskd' \ '--enable-auth=basic' \ '--enable-err-languages=English' \ '--disable-ident-lookups' \ '--disable-cache-digests' \ '--enable-follow-x-forwarded-for' \ '--enable-delay-pools' \ '--enable-http-violations' \ '--enable-arp-acl' \ '--with-maxfd=65535' \ '--enable-linux-netfilter' \ '--enable-linux-tproxy' \ '--with-libcap' make make install
4. di squid.conf anda tambahkan option ini pada bagian
Code:
http_port 8080 tansparent tproxy max_filedescriptors 65535
5. setting iproute2 & iptables untuk intercepting tproxy (transparent proxy)
Code:
ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 8080
