avatar
Кто знает что и где  нужно поправить,
что бы всё заработало?

# /etc/hostapd/hostapd.conf
interface=wlan0
ssid=##.**.###
hw_mode=g
channel=6
macaddr_acl=0
wpa=1
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
wpa_ptk_rekey=600
wpa_passphrase=20011979

# /etc/default/hostapd
# Defaults for hostapd initscript
#
# See /usr/share/doc/hostapd/README.Debian for information about alternative
# methods of managing hostapd.
#
# Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration
# file and hostapd will be started during system boot. An example configuration
# file can be found at /usr/share/doc/hostapd/examples/hostapd.conf.gz
#
DAEMON_CONF=/etc/hostapd/hostapd.conf

# Additional daemon options to be appended to hostapd command:-
#     -d   show more debug messages (-dd for even more)
#     -K   include key data in debug messages
#     -t   include timestamps in some debug messages
#
# Note that -B (daemon mode) and -P (pidfile) options are automatically
# configured by the init.d script and must not be added to DAEMON_OPTS.
#
#DAEMON_OPTS=""

# /etc/default/isc-dhcp-server
# Defaults for isc-dhcp-server initscript
# sourced by /etc/init.d/isc-dhcp-server
# installed at /etc/default/isc-dhcp-server by the maintainer scripts

#
# This is a POSIX shell fragment
#

# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
DHCPD_CONF=/etc/dhcp/dhcpd.conf

# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
DHCPD_PID=/var/run/dhcpd.pid

# Additional options to start dhcpd with.
#    Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""

# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
#    Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACES="wlan0"

# /etc/dhcp/dhcpd.conf
# Sample configuration file for ISC dhcpd for Debian
#
#

# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
#ddns-update-style none;

# option definitions common to all supported networks...
option domain-name "example.org";
#option domain-name-servers ns1.example.org, ns2.example.org;

#default-lease-time 600;
#max-lease-time 7200;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
#log-facility local7;

# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.

#subnet 10.152.187.0 netmask 255.255.255.0 {
#}

# This is a very basic subnet declaration.

#subnet 10.254.239.0 netmask 255.255.255.224 {
#  range 10.254.239.10 10.254.239.20;
#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
#}

# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.

#subnet 10.254.239.32 netmask 255.255.255.224 {
#  range dynamic-bootp 10.254.239.40 10.254.239.60;
#  option broadcast-address 10.254.239.31;
#  option routers rtr-239-32-1.example.org;
#}

# A slightly different configuration for an internal subnet.
#subnet 10.5.5.0 netmask 255.255.255.224 {
#  range 10.5.5.26 10.5.5.30;
#  option domain-name-servers ns1.internal.example.org;
#  option domain-name "internal.example.org";
#  option routers 10.5.5.1;
#  option broadcast-address 10.5.5.31;
#  default-lease-time 600;
#  max-lease-time 7200;
#}

# Hosts which require special configuration options can be listed in
# host statements.   If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.

#host passacaglia {
#  hardware ethernet 0:0:c0:5d:bd:95;
#  filename "vmunix.passacaglia";
#  server-name "toccata.fugue.com";
#}

# Fixed IP addresses can also be specified for hosts.   These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
#host fantasia {
#  hardware ethernet 08:00:07:26:c0:a5;
#  fixed-address fantasia.fugue.com;
#}

# You can declare a class of clients and then do address allocation
# based on that.   The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.

#class "foo" {
#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
#}

#shared-network 224-29 {
#  subnet 10.17.224.0 netmask 255.255.255.0 {
#    option routers rtr-224.example.org;
#  }
#  subnet 10.0.29.0 netmask 255.255.255.0 {
#    option routers rtr-29.example.org;
#  }
#  pool {
#    allow members of "foo";
#    range 10.17.224.10 10.17.224.250;
#  }
#  pool {
#    deny members of "foo";
#    range 10.0.29.10 10.0.29.230;
#  }
#}

subnet 192.168.1.0 netmask 255.255.255.0 {
    range 192.168.1.10 192.168.1.255;
    option domain-name-servers 192.168.1.2;
    option routers 192.168.1.1;
    interface wlan0 ;
}

option domain-name ##.**.###;

subnet 192.168.55.0 netmask 255.255.255.0 {
    range 192.168.55.10 192.168.55.100;
    option domain-name-servers 8.8.4.4, 8.8.4.4;
    option routers 192.168.55.1;
    interface wlan0 ;
}

еще не плохо static ip wi-fi получить
/etc/network/interfaces поправить
там будет для всех точек в /etc/wpa_supplicant/wpa_supplicant.conf static ip?

avatar
/etc/sysctl.conf

net.ipv4.ip_forward=1


# /etc/network/interfaces

Код

auto lo
iface lo inet loopback

iface eth0 inet manual

iface default inet manual

auto wlan0

allow-hotplug wlan0
iface wlan0 inet static
address 192.168.4.253/24
gateway 192.168.4.1
broadcast 192.168.4.255
name_server 192.168.4.1
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

auto uap0

iface uap0 inet static

address 192.168.55.1/24
# netmask 255.255.255.0
network 192.168.55.0
broadcast 192.168.55.255

pre-up  iw phy phy0 interface add "$IFACE" type __ap    || true
up      ifup "$IFACE"    || true

#pre-up  iw phy phy0 interface add uap0 type __ap    || true
#up      ifup uap0    || true

pre-up iptables-restore < /etc/network/firewall.rules# /etc/dnsmasq.conf

Код

interface=uap0
no-dhcp-interface=lo,wlan0
bind-interfaces
domain-needed
bogus-priv
dhcp-range=192.168.55.10,192.168.55.49,255.255.255.0,12h
dhcp-option=3,192.168.55.1

IPTables

Код

echo "### ** iptables Rules ** ###
### ** DEFAULT SETTING ** ###
### ** Блокировать только входящие соединения ** ###"
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
echo "iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT"
### ** iptables sshguard ** ###
echo "### ** iptables sshguard ** ###"
ip6tables -N sshguard
ip6tables -A INPUT -j sshguard
echo "ip6tables -N sshguard
ip6tables -A INPUT -j sshguard"
### ** Forwarding Tor ** ###
echo "### ** Forwarding Tor ** ###"
iptables -t nat -A PREROUTING -i
uap0 -p tcp --dport 22 -j REDIRECT --to-ports 22
iptables -t nat -A PREROUTING -i
uap0 -p udp --dport 55 -j REDIRECT --to-ports 55
iptables -t nat -A PREROUTING -i
uap0 -p tcp --syn -j REDIRECT --to-ports 9040
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERAD
echo "iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 22 -j REDIRECT --to-ports 22
iptables -t nat -A PREROUTING -i
uap0 -p udp --dport 55 -j REDIRECT --to-ports 55
iptables -t nat -A PREROUTING -i
uap0 -p tcp --syn -j REDIRECT --to-ports 9040
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERAD"
### ** Ban Ruleles ** ###
echo "### ** Ban Ruleles ** ###"
iptables -A INPUT -p tcp -m tcp --dport 5:65535 -m state --state NEW -m hashlimit --hashlimit 1/hour --hashlimit-burst 5 --hashlimit-mode srcip --hashlimit-name MPB --hashlimit-htable-expire 90000 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 5:65535 --tcp-flags SYN,RST,ACK SYN -j DROP
echo "iptables -A INPUT -p tcp -m tcp --dport 5:65535 -m state --state NEW -m hashlimit --hashlimit 1/hour --hashlimit-burst 5 --hashlimit-mode srcip --hashlimit-name MPB --hashlimit-htable-expire 90000 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 5:65535 --tcp-flags SYN,RST,ACK SYN -j DROP"
iptables -I INPUT -p tcp --port 443 --tcp-flags RST RST -j DROP
echo "iptables -I INPUT -p tcp --port 443 --tcp-flags RST RST -j DROP"
### ** Port Rules ** ###
echo "### ** Port Rules ** ###"
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT # HTTPS
iptables -A INPUT -s 127.0.0.1/32 -m state --state NEW -p tcp --dport 80 -j ACCEPT
echo "iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT # HTTPS
iptables -A INPUT -s 127.0.0.1/32 -m state --state NEW -p tcp --dport 80 -j ACCEPT"



eth0      Link encap:Ethernet  HWaddr b8:27:eb:b9:4c:b8  
          inet addr:192.168.1.36  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a38b:bdef:c560:db9d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:810343 errors:0 dropped:1 overruns:0 frame:0
          TX packets:417383 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1182164291 (1.1 GiB)  TX bytes:34286459 (32.6 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:430 errors:0 dropped:0 overruns:0 frame:0
          TX packets:430 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:90444 (88.3 KiB)  TX bytes:90444 (88.3 KiB)

uap0      Link encap:Ethernet  HWaddr b8:27:eb:ec:19:ed  
          inet addr:192.168.55.1  Bcast:192.168.55.255  Mask:255.255.255.0
          inet6 addr: fe80::4483:2e98:f119:ede0/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wlan0     Link encap:Ethernet  HWaddr b8:27:eb:ec:19:ed  
          inet addr:192.168.1.46  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::d018:e18f:72d5:c274/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9901 errors:0 dropped:962 overruns:0 frame:0
          TX packets:7703 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:10000070 (9.5 MiB)  TX bytes:1888042 (1.8 MiB)
avatar
/etc/network/interfaces

auto uap0

iface uap0 inet static

address 192.168.55.1/24
broadcast 192.168.55.255

pre-up iptables-restore < /etc/network/iptables.rules
tunctl -t uap0 -u pi
hwaddress ether a0:b1:c2:d3:e4:f5 uap0

pre-up  iw phy phy0 interface add uap0 type __ap    || true
up      ifup uap0    || true

/etc/dnsmasq.conf

pid-file=/var/run/dnsmasq/dnsmasq.pid
log-facility=/var/log/dnsmasq.log
user=dnsmasq
group=dnsmasq
no-resolv
no-poll
stop-dns-rebind
clear-on-reload
bind-interfaces
domain-needed
bogus-priv
interface=uap0
no-dhcp-interface=lo,wlan0
listen-address=127.0.0.1,192.168.0.1,192.168.1.1,192.168.4.1
dhcp-range=192.168.55.10,192.168.55.100,255.255.255.0,12h
dhcp-option=3,192.168.55.1

# /etc/hostapd/hostapd.conf
interface=uap0
driver=nl80211
ssid=my_ssid
hw_mode=g
ieee80211n=1
ht_capab=[HT40-][SHORT-GI-40]
channel=6
# macaddr_acl=0
macaddr_acl=1
accept_mac_file=/etc/hostapd/hostapd.accept
wmm_enabled=1
auth_algs=1
ignore_broadcast_ssid=0
# ignore_broadcast_ssid=1 # hidden
wpa=2
wpa_psk_file=/etc/hostapd/hostapd.wpa_psk
# wpa_passphrase=##**###
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
avatar


#!/bin/bash
#!
tunctl -u pi -t uap0
ifconfig uap0 up




# /etc/dnsmasq.conf
pid-file=/var/run/dnsmasq/dnsmasq.pid
log-facility=/var/log/dnsmasq.log
user=dnsmasq
group=dnsmasq
no-resolv
no-poll
stop-dns-rebind
clear-on-reload
bind-interfaces
domain-needed
bogus-priv
interface=uap0
no-dhcp-interface=lo,wlan0
listen-address=127.0.0.1,192.168.0.1,192.168.1.1,192.168.4.1
dhcp-range=192.168.55.10,192.168.55.100,255.255.255.0,12

/etc/network/interfaces

auto uap0

iface uap0 inet static
address 192.168.55.1/24
broadcast 192.168.55.255

pre-up iptables-restore < /etc/network/iptables.rules
# pre-up  iw phy phy0 interface add uap0 type __ap    || true
# up      ifup uap0    || true
avatar
Чего wlan1, у меня wlan0.
avatar
Я так же затупил.
Помогите разобраться с wifi.

cat /etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=RU


network={
    ssid="myssid"
    psk="password"
    key_mgmt=WPA-PSK
}

cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)

# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback

iface eth0 inet manual

allow-hotplug wlan0
iface wlan0 inet manual
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

allow-hotplug wlan1
iface wlan1 inet manual
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet manual

cat /etc/dhcpcd.conf
# A sample configuration for dhcpcd.
# See dhcpcd.conf(5) for details.

# Allow users of this group to interact with dhcpcd via the control socket.
#controlgroup wheel

# Inform the DHCP server of our hostname for DDNS.
hostname

# Use the hardware address of the interface for the Client ID.
clientid
# or
# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
#duid

# Persist interface configuration when dhcpcd exits.
persistent

# Rapid commit support.
# Safe to enable by default because it requires the equivalent option set
# on the server to actually work.
option rapid_commit

# A list of options to request from the DHCP server.
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
# Most distributions have NTP support.
option ntp_servers
# Respect the network MTU.
# Some interface drivers reset when changing the MTU so disabled by default.
#option interface_mtu

# A ServerID is required by RFC2131.
require dhcp_server_identifier

# Generate Stable Private IPv6 Addresses instead of hardware based ones
slaac private

# A hook script is provided to lookup the hostname if not set by the DHCP
# server, but it should not be run by default.
nohook lookup-hostname
#
nodhcp

interface wlan0
static ip_address=192.168.55.46/24
static routers=192.168.1.1
static domain_name_servers=192.168.55.1
static domain_search=192.168.55.1

interface eth0
static ip_address=192.168.1.36/24
static routers=192.168.1.1
static domain_name_servers=192.168.1.1
static domain_search=192.168.1.1

cat /etc/dhcp/dhcpd.conf
# /etc/dhcp/dhcpd.conf
# Sample configuration file for ISC dhcpd for Debian
#
#

# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;

# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 600;
max-lease-time 7200;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.

#subnet 10.152.187.0 netmask 255.255.255.0 {
#}

# This is a very basic subnet declaration.

#subnet 10.254.239.0 netmask 255.255.255.224 {
#  range 10.254.239.10 10.254.239.20;
#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
#}

# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.

#subnet 10.254.239.32 netmask 255.255.255.224 {
#  range dynamic-bootp 10.254.239.40 10.254.239.60;
#  option broadcast-address 10.254.239.31;
#  option routers rtr-239-32-1.example.org;
#}

# A slightly different configuration for an internal subnet.
#subnet 10.5.5.0 netmask 255.255.255.224 {
#  range 10.5.5.26 10.5.5.30;
#  option domain-name-servers ns1.internal.example.org;
#  option domain-name "internal.example.org";
#  option routers 10.5.5.1;
#  option broadcast-address 10.5.5.31;
#  default-lease-time 600;
#  max-lease-time 7200;
#}

# Hosts which require special configuration options can be listed in
# host statements.   If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.

#host passacaglia {
#  hardware ethernet 0:0:c0:5d:bd:95;
#  filename "vmunix.passacaglia";
#  server-name "toccata.fugue.com";
#}

# Fixed IP addresses can also be specified for hosts.   These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
#host fantasia {
#  hardware ethernet 08:00:07:26:c0:a5;
#  fixed-address fantasia.fugue.com;
#}

# You can declare a class of clients and then do address allocation
# based on that.   The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.

#class "foo" {
#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
#}

#shared-network 224-29 {
#  subnet 10.17.224.0 netmask 255.255.255.0 {
#    option routers rtr-224.example.org;
#  }
#  subnet 10.0.29.0 netmask 255.255.255.0 {
#    option routers rtr-29.example.org;
#  }
#  pool {
#    allow members of "foo";
#    range 10.17.224.10 10.17.224.250;
#  }
#  pool {
#    deny members of "foo";
#    range 10.0.29.10 10.0.29.230;
#  }
#}

# doman our net
option domain-name "anonymous-ap.local";

# parameter subnet
subnet 192.168.55.0 netmask 255.255.255.0 {
  range 192.168.55.10 192.168.55.100;
  option domain-name-servers 8.8.4.4, 8.8.4.4;
  option routers 192.168.55.1;
  interface wlan0;
}

что я и где забыл указать?
Права доступа к файлам?
avatar
настроить прокси для windows или firefox не проблема, она в другом. Есть raspberrypi с этими двумя проки, можно поставить и третью tinyproxy.
Вопрпос в том, что с этого компьтера squid, privoxy, tor работает, но как сделать прозрачный прокси, что бы можно было его как шлюз и как localhost проки использовать, указав на другом ip:port
## /etc/tinyproxy.conf
## tinyproxy.conf -- tinyproxy daemon configuration file
##
## This example tinyproxy.conf file contains example settings
## with explanations in comments. For decriptions of all
## parameters, see the tinproxy.conf(5) manual page.
##

#
# User/Group: This allows you to set the user and group that will be
# used for tinyproxy after the initial binding to the port has been done
# as the root user. Either the user or group name or the UID or GID
# number may be used.
#
User nobody
Group nogroup

#
# Port: Specify the port which tinyproxy will listen on.  Please note
# that should you choose to run on a port lower than 1024 you will need
# to start tinyproxy using root.
#
Port 3648

#
# Listen: If you have multiple interfaces this allows you to bind to
# only one. If this is commented out, tinyproxy will bind to all
# interfaces present.
#
#Listen 192.168.0.1
Upstream 127.0.0.1:3128 # Upstream 127.0.0.1:????
#
# Bind: This allows you to specify which interface will be used for
# outgoing connections.  This is useful for multi-home'd machines where
# you want all traffic to appear outgoing from one particular interface.
#
#Bind 192.168.0.1

#
# BindSame: If enabled, tinyproxy will bind the outgoing connection to the
# ip address of the incoming connection.
#
#BindSame yes

#
# Timeout: The maximum number of seconds of inactivity a connection is
# allowed to have before it is closed by tinyproxy.
#
Timeout 120

#
# ErrorFile: Defines the HTML file to send when a given HTTP error
# occurs.  You will probably need to customize the location to your
# particular install.  The usual locations to check are:
#   /usr/local/share/tinyproxy
#   /usr/share/tinyproxy
#   /etc/tinyproxy
#
#ErrorFile 404 "/usr/share/tinyproxy/404.html"
#ErrorFile 400 "/usr/share/tinyproxy/400.html"
#ErrorFile 503 "/usr/share/tinyproxy/503.html"
#ErrorFile 403 "/usr/share/tinyproxy/403.html"
#ErrorFile 408 "/usr/share/tinyproxy/408.html"

#
# DefaultErrorFile: The HTML file that gets sent if there is no
# HTML file defined with an ErrorFile keyword for the HTTP error
# that has occured.
#
DefaultErrorFile "/usr/share/tinyproxy/default.html"

#
# StatHost: This configures the host name or IP address that is treated
# as the stat host: Whenever a request for this host is received,
# Tinyproxy will return an internal statistics page instead of
# forwarding the request to that host.  The default value of StatHost is
# tinyproxy.stats.
#
#StatHost "tinyproxy.stats"
#

#
# StatFile: The HTML file that gets sent when a request is made
# for the stathost.  If this file doesn't exist a basic page is
# hardcoded in tinyproxy.
#
StatFile "/usr/share/tinyproxy/stats.html"

#
# Logfile: Allows you to specify the location where information should
# be logged to.  If you would prefer to log to syslog, then disable this
# and enable the Syslog directive.  These directives are mutually
# exclusive.
#
Logfile "/var/log/tinyproxy/tinyproxy.log"

#
# Syslog: Tell tinyproxy to use syslog instead of a logfile.  This
# option must not be enabled if the Logfile directive is being used.
# These two directives are mutually exclusive.
#
#Syslog On

#
# LogLevel:
#
# Set the logging level. Allowed settings are:
#    Critical    (least verbose)
#    Error
#    Warning
#    Notice
#    Connect        (to log connections without Info's noise)
#    Info        (most verbose)
#
# The LogLevel logs from the set level and above. For example, if the
# LogLevel was set to Warning, then all log messages from Warning to
# Critical would be output, but Notice and below would be suppressed.
#
LogLevel Info

#
# PidFile: Write the PID of the main tinyproxy thread to this file so it
# can be used for signalling purposes.
#
PidFile "/var/run/tinyproxy/tinyproxy.pid"

#
# XTinyproxy: Tell Tinyproxy to include the X-Tinyproxy header, which
# contains the client's IP address.
#
#XTinyproxy Yes
XTinyproxy No
#
# Upstream:
#
# Turns on upstream proxy support.
#
# The upstream rules allow you to selectively route upstream connections
# based on the host/domain of the site being accessed.
#
# For example:
#  # connection to test domain goes through testproxy
#  upstream testproxy:8008 ".test.domain.invalid"
#  upstream testproxy:8008 ".our_testbed.example.com"
#  upstream testproxy:8008 "192.168.128.0/255.255.254.0"
#
#  # no upstream proxy for internal websites and unqualified hosts
#  no upstream ".internal.example.com"
#  no upstream "www.example.com"
#  no upstream "10.0.0.0/8"
#  no upstream "192.168.0.0/255.255.254.0"
#  no upstream "."
#
#  # connection to these boxes go through their DMZ firewalls
#  upstream cust1_firewall:8008 "testbed_for_cust1"
#  upstream cust2_firewall:8008 "testbed_for_cust2"
#
#  # default upstream is internet firewall
#  upstream firewall.internal.example.com:80
#
# The LAST matching rule wins the route decision.  As you can see, you
# can use a host, or a domain:
#  name     matches host exactly
#  .name    matches any host in domain "name"
#  .        matches any host with no domain (in 'empty' domain)
#  IP/bits  matches network/mask
#  IP/mask  matches network/mask
#
#Upstream some.remote.proxy:port

#
# MaxClients: This is the absolute highest number of threads which will
# be created. In other words, only MaxClients number of clients can be
# connected at the same time.
#
MaxClients 20

#
# MinSpareServers/MaxSpareServers: These settings set the upper and
# lower limit for the number of spare servers which should be available.
#
# If the number of spare servers falls below MinSpareServers then new
# server processes will be spawned.  If the number of servers exceeds
# MaxSpareServers then the extras will be killed off.
#
MinSpareServers 5
MaxSpareServers 20

#
# StartServers: The number of servers to start initially.
#
StartServers 10

#
# MaxRequestsPerChild: The number of connections a thread will handle
# before it is killed. In practise this should be set to 0, which
# disables thread reaping. If you do notice problems with memory
# leakage, then set this to something like 10000.
#
MaxRequestsPerChild 0

#
# Allow: Customization of authorization controls. If there are any
# access control keywords then the default action is to DENY. Otherwise,
# the default action is ALLOW.
#
# The order of the controls are important. All incoming connections are
# tested against the controls based on order.
#
Allow 127.0.0.1
#Allow 192.168.0.0/16
Allow 192.168.0.0/24
Allow 172.16.0.0/12
Allow 10.0.0.0/8

#
# AddHeader: Adds the specified headers to outgoing HTTP requests that
# Tinyproxy makes. Note that this option will not work for HTTPS
# traffic, as Tinyproxy has no control over what headers are exchanged.
#
#AddHeader "X-My-Header" "Powered by Tinyproxy"

#
# ViaProxyName: The "Via" header is required by the HTTP RFC, but using
# the real host name is a security concern.  If the following directive
# is enabled, the string supplied will be used as the host name in the
# Via header; otherwise, the server's host name will be used.
#
ViaProxyName "tinyproxy"

#
# DisableViaHeader: When this is set to yes, Tinyproxy does NOT add
# the Via header to the requests. This virtually puts Tinyproxy into
# stealth mode. Note that RFC 2616 requires proxies to set the Via
# header, so by enabling this option, you break compliance.
# Don't disable the Via header unless you know what you are doing...
#
#DisableViaHeader Yes
DisableViaHeader Yes
#
# Filter: This allows you to specify the location of the filter file.
#
#Filter "/etc/filter"
z
#
# FilterURLs: Filter based on URLs rather than domains.
#
#FilterURLs On

#
# FilterExtended: Use POSIX Extended regular expressions rather than
# basic.
#
#FilterExtended On

#
# FilterCaseSensitive: Use case sensitive regular expressions.
#
#FilterCaseSensitive On

#
# FilterDefaultDeny: Change the default policy of the filtering system.
# If this directive is commented out, or is set to "No" then the default
# policy is to allow everything which is not specifically denied by the
# filter file.
#
# However, by setting this directive to "Yes" the default policy becomes
# to deny everything which is _not_ specifically allowed by the filter
# file.
#
#FilterDefaultDeny Yes

#
# Anonymous: If an Anonymous keyword is present, then anonymous proxying
# is enabled.  The headers listed are allowed through, while all others
# are denied. If no Anonymous keyword is present, then all headers are
# allowed through.  You must include quotes around the headers.
#
# Most sites require cookies to be enabled for them to work correctly, so
# you will need to allow Cookies through if you access those sites.
#
#Anonymous "Host"
#Anonymous "Authorization"
#Anonymous "Cookie"

#
# ConnectPort: This is a list of ports allowed by tinyproxy when the
# CONNECT method is used.  To disable the CONNECT method altogether, set
# the value to 0.  If no ConnectPort line is found, all ports are
# allowed (which is not very secure.)
#
# The following two ports are used by SSL.
#
ConnectPort 443
ConnectPort 563

#
# Configure one or more ReversePath directives to enable reverse proxy
# support. With reverse proxying it's possible to make a number of
# sites appear as if they were part of a single site.
#
# If you uncomment the following two directives and run tinyproxy
# on your own computer at port 8888, you can access Google using
# http://localhost:8888/google/ and Wired News using
# http://localhost:8888/wired/news/. Neither will actually work
# until you uncomment ReverseMagic as they use absolute linking.
#
#ReversePath "/google/"    "http://www.google.com/"
#ReversePath "/wired/"    "http://www.wired.com/"

#
# When using tinyproxy as a reverse proxy, it is STRONGLY recommended
# that the normal proxy is turned off by uncommenting the next directive.
#
#ReverseOnly Yes

#
# Use a cookie to track reverse proxy mappings. If you need to reverse
# proxy sites which have absolute links you must uncomment this.
#
#ReverseMagic Yes

#
# The URL that's used to access this reverse proxy. The URL is used to
# rewrite HTTP redirects so that they won't escape the proxy. If you
# have a chain of reverse proxies, you'll need to put the outermost
# URL here (the address which the end user types into his/her browser).
#
# If not set then no rewriting occurs.
#
#ReverseBaseURL "http://localhost:8888/"

как настроить все это, что можно по сети использовать эту прокси?
avatar
по ходу не реально. картинки только
avatar
Доброе время суток, всем.
У меня вопрос, как прокси настроить.

# /etc/privoxy/config
user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
logdir /var/log/privoxy
actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
actionsfile default.action   # Main actions file
actionsfile user.action      # User customizations
filterfile default.filter
filterfile user.filter      # User customizations
logfile logfile
listen-address  127.0.0.1:8118
accept-intercepted-requests 1
toggle 0
enable-remote-toggle  0
enable-remote-http-toggle  0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
enable-proxy-authentication-forwarding 0
forwarded-connect-retries  0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
tolerate-pipelining 1
socket-timeout 300
forward-socks5t / 127.0.0.1:9050 .
forward-socks4a .* localhost:9050 .
# forward-socks5t / 127.0.0.1:9050 195.138.78.143:3130
# forward-socks4a .* localhost:9050 195.138.78.143:3130
forward .i2p localhost:4444
max-client-connections 4096

# /etc/squid3/squid.conf
#!
# Список портов, к которым разрешен доступ через прокси-сервер по протоколу HTTP
acl Safe_ports port 55        # tor
acl Safe_ports port 70        # gopher
acl Safe_ports port 80        # http
acl Safe_ports port 210        # wais
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 443        # https Yandex Disk
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl Safe_ports port 3128    # proxy
acl Safe_ports port 5190    # icq
acl Safe_ports port 5222    # yandex disk
acl Safe_ports port 14628    # vpn
acl Safe_ports port 19730    # ssh
acl Safe_ports port 19735    # vnc
acl Safe_ports port 59475     # ftp
acl Safe_ports port 5-65535    # unregistered ports
acl CONNECT method CONNECT
#!
# Разрешить только локальное управление кэшем
http_access allow localhost manager
http_access deny manager
#
# Не использовать IPv6, если доступен IPv4-адрес
# По умолчанию, приоритет отдается протоколу IPv6, что может привести к ошибкам соединения, если IPv6 недоступен
dns_v4_first on
#
http_access allow Safe_ports # Разрешить доступ к портам Safe_ports
http_access allow localhost  # Разрешить доступ к localhost
http_access deny all # Запретить всем остальным
#!
# Запретить доступ к локальным ресурсам сервера через прокси
# Настоятельно рекомендуется задать это правило, чтобы исключить внешний доступ
# к приложениям, принимающим подключения по внутренним адресам (127.0.0.1 и др.).
http_access deny to_localhost
#!
# Образец правила разрешающего доступ в интернет из вашей локальной сети
# Список ваших внутренних IP-сетей, задается в acl localnet
http_access allow localhost
# Последнее правило, блокирует все, что не было разрешено выше
http_access deny all
#!
# Адрес и порт для входящих подключений
# Обычно Squid ожидает подключения на порт 3128
# Если требуется только прозрачный прокси, соединения можно ограничить внутренним интерфейсом
http_port 3128
#!
# Раскомментируйте, чтобы указать путь для дискового кеширования
# Кэш: формат, размещение, размер в мегабайтах, число папок первой и второй вложенности
# Указанный размер кэша не учитывает издержки файловой системы и должен быть примерно на 20% меньше доступного дискового пространства
# Директиву cache_dir, можно указать несколько раз, для добавления под кэш дополнительных дисков
cache_dir ufs /var/squid/cache 100 16 256
# Путь сохранения дампов аварийного завершения
coredump_dir /var/squid/cache
#!
# Время устаревания кэшируемого контента в минутах, если явно не задано сервером
# Поля: шаблон URL, минимальное время в минутах, процент для расчета времени устаревания объекта, максимальное время в минутах
# Если повторный запрос приходит до наступления минимального времени, объект считается актуальным, запрос к серверу не выполняется
# Расчет времени жизни производится по формуле: (ВремяПолучения-ВремяСоздания)*Процент
# Чем старее объект, тем дольше он содержится в кэше, но не дольше заданного максимального времени
# http://etutorials.org/Server+Administration/Squid.+The+definitive+guide/Chapter+7.+Disk+Cache+Basics/7.7+refresh_pattern/
#!
# Время жизни объектов для протоколов FTP и GOPHER
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
# Нулевое время жизни для динамического контента
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
# Время жизни по умолчанию
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern .               0       20%     4320
#!
# Дополнительные параметры конфигурации
# acl rules
acl rbu_host url_regex "~/.ban.url.base/ban.urls"
acl i2p_host dstdomain .i2p
acl tor_host dstdomain .union
# cache_peer rules
cache_peer localhost parent 4444 0 no-query proxy-only
cache_peer_access localhost allow i2p_host
cache_peer_access localhost deny all
cache_peer 127.0.0.1 parent 8118 0 no-query proxy-only
cache_peer_access 127.0.0.1 allow tor_host
cache_peer_access 127.0.0.1 allow rbu_host
cache_peer_access 127.0.0.1 deny all

на localhost все работает, но не понятно, что надо сделать что бы через получить proxy server.
avatar
Хочу узнать, как мне запустить sh в атозагруке. Пихал и в /etc/rc.local и в /home/dmal/.config/autostart, /etc/init

boot.sh

x11vnc -dontdisconnect -display :0 -auth /var/run/lightdm/root/:0 -notruecolor -noxfixes -shared -forever -gui -many tray=setpass -usepw -rfbauth ~/.vnc/passwd -rfbport 5900 -bg -o /var/log/x11vnc.log

/etc/init/x11vnc.conf

# /etc/init/x11vnc.conf

start on login-session-start
script
x11vnc -dontdisconnect -display :0 -auth /var/run/lightdm/root/:0 -notruecolor -noxfixes -shared -forever -rfbport 5900 -bg -o /var/log/x11vnc.log -rfbauth ~/.vnc/passwd
end script

ставил и supervisor не помогает

# /etc/init/x11vnc.conf
start on login-session-start
script
x11vnc -dontdisconnect -display :0 -auth /var/run/lightdm/root/:0 -notruecolor -noxfixes -shared -forever -gui -many tray=setpass -usepw -rfbauth ~/.vnc/passwd -rfbport 5900 -bg -o /var/log/x11vnc.log
end script

[program:x11vnc]
command=/usr/local/bin/x11_vnc.sh
autostart=true
autorestart=true
stderr_logfile=/var/log/long.err.log
stdout_logfile=/var/log/long.out.log
  • 1