Tproxy Router Mode
With Local Dns (Unblock Situs Terlarang)

IP Gateway                                  : 192.168.10.50        
Eth0 (  terhunung ke Gateway )  : 192.168.10.200
Eth1 (  terhunung ke LAN )        : 192.168.1.50  (Dijadikan Gateway Di Warnet)

Sript Iptabless  ( Copas Diatas exit 0 /etc/rc.local )

iptables -t nat -A PREROUTING -s 192.168.10.200 -p tcp --dport 443 -j ACCEPT iptables -t nat -A PREROUTING -s 192.168.10.200 -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j DNAT --to-destination 192.168.10.200:3129 iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 443 -j DNAT --to-destination 192.168.10.200:3127 iptables -t nat -A PREROUTING -i eth1 -p udp --dport 53 -j DNAT --to 192.168.1.200:53 iptables -t mangle -A PREROUTING -p tcp --dport 3129 -j DROP iptables -t mangle -A PREROUTING -p tcp --dport 3127 -j DROP iptables -t nat -A POSTROUTING -j MASQUERADE

/etc/network/interfaces

# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.10.200 netmask 255.255.255.0 network 192.168.10.0 broadcast 192.168.20.255 dns-nameserver 127.0.0.1 gateway 192.168.10.50 dns-nameserver 8.8.8.8 auto eth1 iface eth1 inet static address 192.168.1.200 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 auto eth1 iface eth1 inet static address 192.168.1.50 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255

/etc/unbound/unbound.conf 

server: verbosity: 1 statistics-interval: 120 num-threads: 1 interface: 0.0.0.0 outgoing-range: 512 num-queries-per-thread: 1024 msg-cache-size: 16m rrset-cache-size: 32m msg-cache-slabs: 4 rrset-cache-slabs: 4 cache-max-ttl: 86400 infra-host-ttl: 60 infra-lame-ttl: 120 infra-cache-numhosts: 10000 infra-cache-lame-size: 10k do-ip4: yes do-ip6: no do-udp: yes do-tcp: yes do-daemonize: yes # ip-transparent: yes interface-automatic: yes #access-control: 0.0.0.0/0 allow access-control: 192.168.0.0/16 allow access-control: 172.16.0.0/12 allow access-control: 10.0.0.0/8 allow access-control: 127.0.0.0/8 allow access-control: 0.0.0.0/0 refuse chroot: "/etc/unbound" username: "unbound" directory: "/etc/unbound" #logfile: "/etc/unbound/unbound.log" #use-syslog: yes logfile: "" use-syslog: no pidfile: "/etc/unbound/unbound.pid" root-hints: "/etc/unbound/named.cache" identity: "DNS" version: "1.4" hide-identity: yes hide-version: yes harden-glue: yes do-not-query-address: 127.0.0.1/8 do-not-query-localhost: yes module-config: "iterator" local-zone: "local.lan" transparent #zone localhost local-zone: "localhost." static local-data: "localhost. 10800 IN NS localhost." local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" local-data: "localhost. 10800 IN A 127.0.0.1" local-zone: "127.in-addr.arpa." static local-data: "127.in-addr.arpa. 10800 IN NS localhost." local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800" local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost." #zone mulya.net local-zone: "mulya.net." static local-data: "mulya.net. 86400 IN NS ns1.mulya.net." local-data: "mulya.net. 86400 IN SOA mulya.net. hostmaster.mulya.net. 3 3600 1200 604800 86400" local-data: "mulya.net. 86400 IN A 192.168.1.200" local-data: "www.mulya.net. 86400 IN A 192.168.1.200" local-data: "ns1.mulya.net. 86400 IN A 192.168.1.200" local-data: "mail.mulya.net. 86400 IN A 192.168.1.200" local-data: "mulya.net. 86400 IN MX 10 mail.mulya.net." local-data: "mulya.net. 86400 IN TXT v=spf1 a mx ~all" local-zone: "1.168.192.in-addr.arpa." static local-data: "1.168.192.in-addr.arpa. 10800 IN NS mulya.net." local-data: "1.168.192.in-addr.arpa. 10800 IN SOA mulya.net. hostmaster.mulya.net. 4 3600 1200 604800 864000" local-data: "200.1.168.192.in-addr.arpa. 10800 IN PTR mulya.net." forward-zone: name: "." forward-addr: 208.67.222.222@443 remote-control: control-enable: yes control-interface: 127.0.0.1 control-port: 953 server-key-file: "/etc/unbound/unbound_server.key" server-cert-file: "/etc/unbound/unbound_server.pem" control-key-file: "/etc/unbound/unbound_control.key" control-cert-file: "/etc/unbound/unbound_control.pem"

NB : Untuk IP Di Sesuaikan Sendiri yah....   Termasuk Di Localzone Unbound

Instalasi php Virtualbox Di Debian Wheezy

Instalasi php Virtualbox Di Debian Wheezy

Buat repo Debian  Virtualbox

nano /etc/apt/sources.list.d/virtualbox.list

Isi dengan ini

deb http://download.virtualbox.org/virtualbox/debian wheezy contrib

Ikuti Perintah ini ( Copas )

wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | apt-key add - apt-get update apt-get install virtualbox-4.3

Downloads Extensionpack Virtualbox

wget http://download.virtualbox.org/virtualbox/4.3.36/Oracle_VM_VirtualBox_Extension_Pack-4.3.36-105129.vbox-extpack VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-4.3.36-105129.vbox-extpack

Buat User Virtualbox

useradd -d /home/vbox -m -g vboxusers -s /bin/bash vbox passwd vboxt

/etc/default/virtualbox isi dgn ini

nano /etc/default/virtualbox isi dengan VBOXWEB_USER=vbox

membuat service debian autostart

update-rc.d vboxweb-service defaults /etc/init.d/vboxweb-service start

Instalasi nginx dan php

apt-get install nginx php5-common php5-mysql php5-fpm php-pear unzip /etc/init.d/nginx start

edit file /etc/nginx/sites-available/default

server { listen 80; ## listen for ipv4; this line is default and implied listen [::]:80 default ipv6only=on; ## listen for ipv6 root /usr/share/nginx/www; index index.php index.html index.htm; # Make site accessible from http://localhost/ server_name _; location / { # First attempt to serve request as file, then # as directory, then fall back to index.html try_files $uri $uri/ /index.html; # Uncomment to enable naxsi on this location # include /etc/nginx/naxsi.rules } location /doc/ { alias /usr/share/doc/; autoindex on; allow 127.0.0.1; deny all; } # Only for nginx-naxsi : process denied requests #location /RequestDenied { # For example, return an error code #return 418; #} #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/www; } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; include fastcgi_params; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # location ~ /\.ht { deny all; } }

/etc/init.d/nginx reload

Proses instalasi Virtualbox php engine

cd /usr/share/nginx/www wget http://www.mediafire.com/download/2j3skvaj6wuo924/phpvirtualbox.zip unzip phpvirtualbox.zip

Buka IP Adress Server anda
contoh :
http://192.168.1.100/phpvirtualbox
user:admin
passwd:admin

### DONE ###

Share Squid3 with storeid.php

Share Squid3 transparent with storeid.php  Debian Wheezy

Install Program 
Langsung copas aja...

apt-get -y install php5-cli php5-common php5-curl php5-intl nginx-extras php-apc php5-fpm apache2-utils \ openvpn htop telnet dnsutils chkconfig p7zip-full zip unzip ntp bzip2 libltdl7 ssh sudo libcap-dev \ libnetfilter-conntrack-dev lm-sensors libgif4 libjasper1 libgomp1 saidar ethtool snmpd snmp siege stress sysstat snmp-mibs-downloader wget http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.15.tar.gz tar xzvf squid-3.5.15.tar.gz cd squid-3.5.15 ./configure --build=x86_64-linux-gnu --prefix=/usr/local/squid3 --includedir=/usr/local/squid3/include --libexecdir=/usr/local/squid3/lib --sysconfdir=/etc/squid3 --with-logdir=/var/log/squid3 --mandir=/usr/local/squid3/share/man --infodir=/usr/local/squid3/share/info --localstatedir=/var --with-default-user=proxy --with-large-files --enable-removal-policies --with-pidfile=/var/run/squid3.pid --enable-storeio=ufs,aufs,diskd,rock --disable-arch-native --enable-icap-client --enable-underscores --enable-inline --enable-esi --enable-zph-qos --enable-async-io --enable-ssl-crtd --with-openssl --enable-follow-x-forwarded-for --enable-htcp --enable-arp-acl --enable-wccpv2 --enable-linux-netfilter --enable-delay-pools --enable-cache-digests --with-maxfd=131072 --with-netfilter-conntrack --enable-snmp make && make install

download file squid konfigurasinya disini

extrack dan upload menggunakan winscp

Kopas
echo "shm /dev/shm tmpfs nodev,nosuid,noexec 0 0" >> /etc/fstab
mkdir -p /var/spool/squid3/1
mkdir -p /var/spool/squid3/2
/usr/local/squid3/lib/ssl_crtd -c -s /etc/squid3/ssl_db
chmod +x /etc/init.d/squid3
chmod -R 777 /etc/squid3
chown -R proxy:proxy /etc/squid3
chmod -R 777 /var/log/squid3
chown -R proxy:proxy /var/log/squid3
chmod -R 777 /var/spool/squid3
chown -R proxy:proxy /var/spool/squid3
squid -z
service squid3 start



optimalisasi  disk cache
ingat hanya untuk disk cache....
/etc/fstab
gunakan opsi  "noatime,compress,noacl 0  0"  Untuk btrfs
gunakan opsi  "noatime,notail 0  0"  Untuk reiserfs


untuk Bridge transparent proxy copas Script ini di /etc/rc.local
#!/bin/sh -e
# Activate Module
modprobe xt_TPROXY
modprobe xt_socket
modprobe nf_tproxy_core
modprobe xt_mark
modprobe nf_nat
modprobe nf_conntrack_ipv4
modprobe nf_conntrack
modprobe nf_defrag_ipv4
modprobe ipt_REDIRECT
modprobe iptable_nat
#Make Bridge interface
brctl addbr br0
#Set eth0 and eth1 to promiscuous mode to listen and receive all frame
ifconfig eth0 0.0.0.0 promisc up
ifconfig eth1 0.0.0.0 promisc up
#Add eth0 and eth1 in br0
brctl addif br0 eth0
brctl addif br0 eth1
#Bring interface br0 up
ip link set br0 up
cd /proc/sys/net/bridge/ ; {  for i in *; do echo 0 > $i; done; unset i; }
cd /root
# Assign IP to br0 to easy remote to server
ip addr add 192.168.255.2/29 brd + dev br0
# Add route to br0
route add default gw 192.168.255.1 dev br0
#Flush all rule from mangle iptables and broute ebtables
iptables -t mangle -F
ebtables -t broute -F
#Add iptables
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A INPUT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
#Change ip as your proxy ip and your client segment
iptables -t mangle -A PREROUTING -d 192.168.255.2/32 -p tcp --dport 80 -j ACCEPT
iptables -t mangle -A PREROUTING -d 192.168.255.2/32 -p tcp --dport 3128 -j ACCEPT
# Redirec All traffic http to 3129
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
# Redirec Warnet traffic https to 3127
iptables -t mangle -A PREROUTING -s 192.168.2.0/24 -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3127
#Add ebtables, Becareful about INTERFACE
#Interface to Internet
ebtables -t broute -A BROUTING -i eth0 -p ipv4 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target ACCEPT
ebtables -t broute -A BROUTING -i eth0 -p ipv4 --ip-proto tcp --ip-sport 443 -j redirect --redirect-target ACCEPT
#Interface to Local Area Network
ebtables -t broute -A BROUTING -i eth1 -p ipv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target ACCEPT
ebtables -t broute -A BROUTING -i eth1 -p ipv4 --ip-proto tcp --ip-dport 443 -j redirect --redirect-target ACCEPT
/sbin/ip rule add fwmark 1 lookup 100
/sbin/ip route add local 0.0.0.0/0 dev lo table 100
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
# Route Via Distribusi - Change ip as your client segment
#/sbin/route add -net 192.168.111.0/24 gw 192.168.255.3
#/sbin/route add -net 192.168.2.0/24 gw 192.168.255.3
service squid3 start
exit 0

squid.conf

This summary is not available. Please click here to view the post.

Instalasi Squid3 Debian Wheezy

Install Program 
Langsung copas aja...

apt-get -y install php5-cli php5-common php5-curl php5-intl nginx-extras php-apc php5-fpm apache2-utils \ openvpn htop telnet dnsutils chkconfig p7zip-full zip unzip ntp bzip2 libltdl7 ssh sudo libcap-dev \ libnetfilter-conntrack-dev lm-sensors libgif4 libjasper1 libgomp1 saidar ethtool snmpd snmp siege stress sysstat snmp-mibs-downloader wget http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.15.tar.gz tar xzvf squid-3.5.15.tar.gz cd squid-3.5.15 ./configure --build=x86_64-linux-gnu --prefix=/usr/local/squid3 --includedir=/usr/local/squid3/include --libexecdir=/usr/local/squid3/lib --sysconfdir=/etc/squid3 --with-logdir=/var/log/squid3 --mandir=/usr/local/squid3/share/man --infodir=/usr/local/squid3/share/info --localstatedir=/var --with-default-user=proxy --with-large-files --enable-removal-policies --with-pidfile=/var/run/squid3.pid --enable-storeio=ufs,aufs,diskd,rock --disable-arch-native --enable-icap-client --enable-underscores --enable-inline --enable-esi --enable-zph-qos --enable-async-io --enable-ssl-crtd --with-openssl --enable-follow-x-forwarded-for --enable-htcp --enable-arp-acl --enable-wccpv2 --enable-linux-netfilter --enable-delay-pools --enable-cache-digests --with-maxfd=131072 --with-netfilter-conntrack --enable-snmp make && make install

squid.conf nya Disini

### Edit file di /etc/profiles

# /etc/profile: system-wide .profile file for the Bourne shell (sh(1)) # and Bourne compatible shells (bash(1), ksh(1), ash(1), ...). if [ "`id -u`" -eq 0 ]; then PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/squid3/sbin" else PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games" fi export PATH if [ "$PS1" ]; then if [ "$BASH" ] && [ "$BASH" != "/bin/sh" ]; then # The file bash.bashrc already sets the default PS1. # PS1='\h:\w\$ ' if [ -f /etc/bash.bashrc ]; then . /etc/bash.bashrc fi else if [ "`id -u`" -eq 0 ]; then PS1='# ' else PS1='$ ' fi fi fi # The default umask is now handled by pam_umask. # See pam_umask(8) and /etc/login.defs. if [ -d /etc/profile.d ]; then for i in /etc/profile.d/*.sh; do if [ -r $i ]; then . $i fi done unset i fi

#### reboot pc

##Membuat ssl Database dan Edit Permission Folder

/usr/local/squid3/lib/ssl_crtd -c -s /etc/squid3/ssl_db mkdir -p /var/spool/squid3/1 mkdir -p /var/spool/squid3/2 mkdir -p /var/spool/squid3/3 mkdir -p /var/log/squid3 chown -R proxy:proxy /etc/squid3 chown -R proxy:proxy /var/spool/squid3/1 chown -R proxy:proxy /var/spool/squid3/2 chown -R proxy:proxy /var/spool/squid3/3 chown -R proxy:proxy /var/log/squid3 chmod -R 777 /etc/squid3 chmod -R 777 /var/spool/squid3/1 chmod -R 777 /var/spool/squid3/2 chmod -R 777 /var/spool/squid3/3 chmod -R 777 /var/log/squid3 chmod -R 777 /var/log/squid3 chown -R proxy:proxy /var/log/squid3 mkdir /var/run/squid chmod -R 777 /var/run/squid chown -R proxy:proxy /var/run/squid squid -z

## /etc/sysctl.conf

#kernel.domainname = example.com #kernel.printk = 3 4 1 3 net.ipv4.tcp_syncookies=1 net.ipv4.tcp_timestamps=1 net.ipv4.tcp_window_scaling=1 net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1 net.netfilter.nf_conntrack_max=131072 #net.ipv4.conf.all.accept_redirects = 0 #net.ipv6.conf.all.accept_redirects = 0 #net.ipv4.conf.all.secure_redirects = 1 net.ipv4.conf.all.send_redirects=1 net.ipv6.conf.all.accept_source_route=1 #net.ipv4.conf.all.log_martians = 1 # Squid non Tproxy #net.ipv4.conf.default.rp_filter=1 #net.ipv4.conf.all.rp_filter=1 # Squid Tproxy net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.eth0.rp_filter=0 net.ipv4.conf.lo.rp_filter=0 net.ipv4.conf.gre0.rp_filter=0

## rc.local<br /> # Activate Module modprobe xt_TPROXY modprobe xt_socket modprobe nf_tproxy_core modprobe xt_mark modprobe nf_nat modprobe nf_conntrack_ipv4 modprobe nf_conntrack modprobe nf_defrag_ipv4 modprobe ipt_REDIRECT modprobe iptable_nat #Make Bridge interface brctl addbr br0 #Set eth0 and eth1 to promiscuous mode to listen and receive all frame ifconfig eth0 0.0.0.0 promisc up ifconfig eth1 0.0.0.0 promisc up #Add eth0 and eth1 in br0 brctl addif br0 eth0 brctl addif br0 eth1 #Bring interface br0 up ip link set br0 up cd /proc/sys/net/bridge/ ; { for i in *; do echo 0 > $i; done; unset i; } cd /root # Assign IP to br0 to easy remote to server ip addr add 192.168.1.100/24 brd + dev br0 # Add route to br0 route add default gw 192.168.1.50 dev br0 #Flush all rule from mangle iptables and broute ebtables iptables -t mangle -F ebtables -t broute -F #Add iptables iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A INPUT -j ACCEPT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT #Change ip as your proxy ip and your client segment iptables -t mangle -A PREROUTING -d 192.168.1.100/24 -p tcp --dport 80 -j ACCEPT iptables -t mangle -A PREROUTING -d 192.168.1.100/24 -p tcp --dport 3128 -j ACCEPT # Redirec All traffic http to 3129 iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 # Redirec Warnet traffic https to 3127 iptables -t mangle -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3127 #Add ebtables, Becareful about INTERFACE #Interface to Internet ebtables -t broute -A BROUTING -i eth0 -p ipv4 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target ACCEPT ebtables -t broute -A BROUTING -i eth0 -p ipv4 --ip-proto tcp --ip-sport 443 -j redirect --redirect-target ACCEPT #Interface to Local Area Network ebtables -t broute -A BROUTING -i eth1 -p ipv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target ACCEPT ebtables -t broute -A BROUTING -i eth1 -p ipv4 --ip-proto tcp --ip-dport 443 -j redirect --redirect-target ACCEPT /sbin/ip rule add fwmark 1 lookup 100 /sbin/ip route add local 0.0.0.0/0 dev lo table 100 echo 1 > /proc/sys/net/ipv4/ip_forward echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter /etc/rc.local exit 0

## /etc/network/interfaces

# The loopback network interface auto lo iface lo inet loopback