TPROXY

requirements

1. latest kernel linux-2.6.18 here

2. tproxy patch for kernel 2.6.18 from here

3. iptables version 1.3.8 from netfilter

4. a pack of cigaretes and a cup of capucinno

5. squid 2.6.STABLE18 from squid-cache.org

Recompile your kernel…..

cd /usr/src

tar -jxvf <your-path-dir>/linux-2.6.18.6.tar.bz2

patch your kernel with tproxy support

tar -zxvf /<path-your-dir>/cttproxy-2.6.18-2.0.6.tar.gz

cd linux-2.6.18.4/

cat /usr/src/cttproxy-2.6.18-2.0.6/patch_tree/01-nat_reservations.patch | patch -p1

cat /usr/src/cttproxy-2.6.18-2.0.6/patch_tree/02-tproxy.patch | patch -p1

cat /usr/src/cttproxy-2.6.18-2.0.6/patch_tree/03-nat_delete.patch | patch -p1

make clean && make mrproper

make menuconfig or make config

under networking –> netowrking options –> netfilter configuration

CONFIG_IP_NF_TPROXY=m
CONFIG_IP_NF_MATCH_TPROXY=m
CONFIG_IP_NF_TARGET_TPROXY=m

contact me for complete .config

make && make install && make modules_install

cp arch/i386/boot/bzImage /boot/System.map-2.6.18

re-write your lilo.conf to load new kernel image at boot time

reload your lilo

reboot your server

—————————————————————————————

patching your iptables….

cd /usr/src

tar -jxvf /<your-path-dir>/iptables-1.3.8.tar.bz2

cd iptables-1.3.8/

cat /usr/src/cttproxy-2.6.18-2.0.6/iptables/iptables-1.3-cttproxy.diff | patch -p1

make KERNEL_DIR=/usr/src/linux-2.6.18/

make install KERNEL_DIR=/usr/src/linux-2.6.18/

make install-devel (optional)

modprobe ipt_tproxy

modprobe iptable_tproxy

if you don’t get any error, you got it!!!

————————————————————————————–

installing squid………….

cd /usr/src/

tar -jxvf /<your-path-dir>/squid-2.6.STABLE18.tar.bz2

cd squid-2.6.STABLE18

./configure ‘–prefix=/usr/local/squid’ ‘–sysconfdir=/etc/squid’ ‘–bindir=/usr/bin’ ‘–sbindir=/usr/sbin’ ‘–enable-FEATURE=yes’ ‘–enable-storeio=ufs,diskd,null’ ‘–enable-icmp’ ‘–enable-delay-pools’ ‘–enable-icap-client’ ‘–enable-kill-parent-hack’ ‘–enable-cachemgr-hostname=indomeya.net.id’ ‘–enable-arp-acl’ ‘–enable-ssl’ ‘–enable-cache-digests’ ‘–enable-x-accelerator-vary’ ‘–enable-stacktraces’ ‘–enable-cpu-profiling’ ‘–with-PACKAGE=yes’ ‘–enable-dependency-tracking’ ‘–enable-gnuregex’ ‘–enable-xmalloc-statistics’ ‘–enable-removal-policies=lru’ ‘–enable-useragent-log’ ‘–enable-referer-log’ ‘–enable-forw-via-db’ ‘–enable-default-hostsfile=/etc/hosts’ ‘–enable-ntlm-fail-open’ ‘–with-pic’ ‘–with-pthreads’ ‘-with-aio’ ‘–with-dl’ ‘–with-large-files’ ‘–enable-http-violations’ ‘–enable-underscores’ ‘–enable-linux-tproxy’ ‘–enable-linux-netfilter’ ‘–enable-htcp’ ‘–enable-leakfinder’ ‘–enable-follow-x-forwarded-for’

at this configure option will put squid.conf at /etc/squid/…

——————————————————————————————

write your squid.conf with your own imagination or contact me if you want to use my squid.conf. All of squid.conf reference is available here.

——————————————————————————————

Make sure you’ve change all permission on proxy cache directory when needed and run your squid as a daemon.

put this iptables command to your iptables init script

iptables -t tproxy -A PREROUTING -s xxx.xxx.xxx.xxx/24 -p tcp -m tcp –dport 80 -j TPROXY –on-port 3128 –on-ip 0.0.0.0

correct me if i’m wrong……… :D

Advertisement

1 March 2008
Categories: Smart BOX . Tags: , , . Author: pulsar-solo.co.cc

10 Comments

  1. Comment by Saffieyp on 27 March 2008 4:25 am

    thank you, dude

    Reply
  2. Comment by bayu on 24 April 2008 3:46 pm

    Mas boleh minta squid.conf nya gak?
    Trus yg dinetfilter tuh yg bagian yg di [M] yg mana aja terus yg [ * ] mana aja ?
    saya udah install smua dan gak ada yg error cm pas mau browsing gak bs di sisi clientnya apa ada yg salah mohon bantuannya
    terima kasih

    Reply
  3. Comment by vivo on 13 July 2008 2:50 pm

    thank you for this documentation
    please send to me the config file of kernel

    Reply
  4. Comment by Iyus on 23 July 2008 1:17 pm

    mas sy udah berhasil patch dll kernel sama IPtables tp koq pas browsing masih tetep gak bisa ??? sy pake mode Bridge

    Reply
  5. Comment by tedkaz on 25 July 2008 12:20 am

    Thanks for all the info, can you please send me the kernel config.

    Reply
  6. Comment by ravish on 27 September 2008 5:11 pm

    Hi …
    please can send me the kernel config file.

    thanks is advance.

    Reply
  7. Comment by essooo on 12 October 2008 1:59 am

    xghjykuk

    Reply
  8. Comment by amirabas zebhy on 18 November 2008 2:05 am

    Thanks for all the info, can you please send me the kernel config
    tanks

    Reply
  9. Comment by Amin on 13 February 2009 10:09 pm

    Thanks for all the info, can you please send me the kernel & squid config?!

    Reply
  10. Comment by siva on 26 May 2009 10:40 pm

    Hello, Thanks for your details. I am the new user of Centos. Really i doesn’t know the total subject of linux. Now i am learning LINUX through INTERNET and practice it in system.But many friends told me that internet also guide you in a wrong way.
    Now i am using Centos on IBM System X3400 server Machine. It is having Xeon Processors. I don’t know whether the kernel u linked here will work on this or not. Can you please send me the total configuration.

    I tried this in my system. But when i typed make, it will add some new files and it will ask “physical address where the kernel is loaded (PHYSICAL_START) [0x000000] (NEW)”
    My system’s present kernel version is 2.6.18-92.el5xen
    Here what shall i do? I stucked here, please help me in this problem.

    Reply

Comments RSS TrackBack Identifier URI

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.