วันอังคารที่ 10 พฤษภาคม พ.ศ. 2554

Scrip Server ( rc.firewall.local )

Scrip Server ( rc.firewall.local )

เริ่มกันด้วย rc.firewall.local

#!/bin/bash
#
# firewall install script
# Description: Firewall script for clarkconnect
# Custom firewall rules.
# This file is executed by the firewall on stop/start/restart.
# Oxygen Netdesign
#------|-------|-----------|-------|--------------|
# PPP | BW | Weight | Sting | Rule
#------|-------|-----------|-------|--------------|
# PPP0 | 4 mb.| Weight 200| NET | Balance Net.
# PPP1 | 4 mb.| Weight 1 | GAME3 | All game.
#------|-------|-----------|-------|--------------|

NET="MULTIWAN_ppp0"
GAME="MULTIWAN_ppp1"
LOCAL=192.168.1.0/24

#GAME SERVER
#ThaicyberGames
#$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m all -d 210.86.0.0/16 -j $GAME

#DotA-Create
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m multiport --sport 6101:6160 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -m multiport --sport 6101:6160 -j $GAME

#DotA-Join / DotA-GG Server TCP 7456,8687,8688 UDP 1513,1514/ DotA-TGC TCP 7456,8687,1513
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m multiport --dport 6001:6255,7001:7255,7456,8687:8688 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -m multiport --dport 1513:1514,6001:6255,7001:7255 -j $GAME

#-------update 17.11.2008-----------
#Kart Rider
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.91.69.0/255.255.255.255 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.91.69.0/255.255.255.255 -j $GAME

#-------update 27.10.2008-----------
#QWorld
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.91.123.76/255.255.255.255 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.91.123.77/255.255.255.255 -j $GAME

#-------update 12.10.2008-----------
#Fifa /Redirect Bittorrent to Net line
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.91.68.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 158.39.49.41/255.255.255.255 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 159.153.186.14/255.255.255.255 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 159.153.186.15/255.255.255.255 -j $GAME

#-------update 05.10.2008-----------
#PVP
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.47.40.0/255.255.255.0 --dport 6680:6700 -j $GAME

#Nostale
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 203.121.165.0/255.255.255.0 --dport 4000:4100 -j $GAME

#-------updtae 10/08/2551-----------

#FlyFF Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 203.195.98.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -m udp -d 203.195.98.0/255.255.255.0 -j $GAME

#Winner IPBonus
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.43.33.98/255.255.255.255 -j $GAME

#Redstone IPBonus
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 203.121.165.196/255.255.255.255 -j $GAME

#-----------------------------------

#BF2
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.57.128.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -m udp -d 202.57.128.0/255.255.255.0 -j $GAME

$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.142.215.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -m udp -d 202.142.215.0/255.255.255.0 -j $GAME

#Lineage private
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp --dport 7777 -j $GAME

#Rag All private
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp --dport 6900 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp --dport 5121 -j $GAME

#Asiasoft Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 203.144.179.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 203.144.244.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 203.144.137.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 203.144.132.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.90.227.0/255.255.255.0 -j $GAME

#Lineage2 Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.90.252.0/255.255.255.0 -j $GAME

#SF/Trickter Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.90.203.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -m udp -d 61.90.203.0/255.255.255.0 -j $GAME

#Getamp/Acana Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 210.86.180.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -m udp -d 210.86.180.0/255.255.255.0 -j $GAME

#Talerunner Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 203.113.10.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -m udp -d 203.113.10.0/255.255.255.0 -j $GAME

#WMO/SDO/Pirate King Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.43.33.0/255.255.255.0 -j $GAME

#Pangya/Fantatenis Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 58.64.24.0/255.255.255.0 -j $GAME

#Laghaim Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.90.198.0/255.255.255.0 -j $GAME

#Ran Online Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.142.207.0/255.255.255.0 -j $GAME

#Dark Story Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.47.6.0/255.255.255.0 -j $GAME

#Khan Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 221.128.124.0/255.255.255.0 -j $GAME

#Dream Of Mirror Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.19.242.0/255.255.255.0 -j $GAME

#ECO Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.91.127.0/255.255.255.0 -j $GAME

#Project One Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.19.248.0/255.255.255.0 -j $GAME

#Huang Ey/3Kingdom/Seal Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.47.39.0/255.255.255.0 -j $GAME

#Perfectworld Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.91.123.0/255.255.255.0 -j $GAME

#Luna Online Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.43.34.0/255.255.255.0 -j $GAME

#GHOST Online Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 203.144.130.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -m udp -d 203.144.130.0/255.255.255.0 -j $GAME

#16pound Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.47.40.0/255.255.255.0 -j $GAME

#C.S. Game Server / Secret Game Server / wonderland Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.43.33.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -m udp -d 202.43.33.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.43.34.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -m udp -d 202.43.34.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.43.35.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -m udp -d 202.43.35.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.43.36.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -m udp -d 202.43.36.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.43.37.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -m udp -d 202.43.37.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.43.38.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -m udp -d 202.43.38.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.43.39.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -m udp -d 202.43.39.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.43.40.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -m udp -d 202.43.40.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.43.41.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -m udp -d 202.43.41.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.43.42.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -m udp -d 202.43.42.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.43.43.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -m udp -d 202.43.43.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.43.44.0/255.255.255.0 -j $GAME
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -m udp -d 202.43.44.0/255.255.255.0 -j $GAME

#Hipstreet Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 58.97.46.0/255.255.255.0 -j $GAME

#Pucca Game Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 58.64.28.0/255.255.255.0 -j $GAME



#PATCH SERVER
#Cabal Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 203.144.132.123/255.255.255.255 -j $NET

#Asiasoft Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 203.144.132.11/255.255.255.255 -j $NET

#Asiasoft Manual Patch
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 203.144.132.5/255.255.255.255 -j $NET

#TS Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 203.144.137.5/255.255.255.255 -j $NET

#Lineage2 Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.90.199.6/255.255.255.255 -j $NET

#SF/Trickter Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.90.203.90/255.255.255.255 -j $NET
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.90.203.244/255.255.255.255 -j $NET

#Getamp/Acana Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 210.86.180.148/255.255.255.255 -j $NET
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 210.86.180.140/255.255.255.255 -j $NET

#WMO/SDO/Pirate King Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.43.33.116/255.255.255.255 -j $NET
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.43.33.33/255.255.255.255 -j $NET
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.43.33.54/255.255.255.255 -j $NET

#Pangya/Fantatenis Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 203.195.98.6/255.255.255.255 -j $NET
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 58.64.24.151/255.255.255.255 -j $NET

#Lagheim Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.90.198.77/255.255.255.255 -j $NET

#Ran Online Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.142.207.240/255.255.255.255 -j $NET

#Tale runner Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 203.113.10.20/255.255.255.255 -j $NET

#Dark Story Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.47.6.131/255.255.255.255 -j $NET

#Khan Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 221.128.124.90/255.255.255.255 -j $NET

#Dream of Mirror Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.19.242.158/255.255.255.255 -j $NET

#ECO Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.91.127.85/255.255.255.255 -j $NET

#3 Kingdoms/Seal Online/Huang Ey Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.47.39.88/255.255.255.255 -j $NET
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.47.39.115/255.255.255.255 -j $NET
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.47.39.116/255.255.255.255 -j $NET

#Project One Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.19.248.234/255.255.255.255 -j $NET

#Flyff Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 203.195.98.21/255.255.255.255 -j $NET

#lastchaos Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.90.198.122/255.255.255.255 -j $NET

#C.S.Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.43.33.122/255.255.255.255 -j $NET

#Secret Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.43.33.60/255.255.255.255 -j $NET

#wonderland Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.43.33.156/255.255.255.255 -j $NET

#Hipstreet Patch Server
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 58.97.46.241/255.255.255.255 -j $NET

#Ftp Frox & etc
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m multiport --dport 20,21,80,2009 -j $NET

#Cabal Shop
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 203.144.132.140/255.255.255.255 -j $GAME

#playplus
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.90.252.74/255.255.255.255 -j $GAME

#playplus
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.90.252.75/255.255.255.255 -j $GAME

#-------ADSL Speed Test / update 27.10.2008-----------

#Speed Test / PPP0 /maxnet.co.th/speedtest
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 202.69.137.180/255.255.255.255 -j $NET

#Speed Test / PPP1 /speedtest.bcoms.net
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 61.19.248.87/255.255.255.255 -j $GAME

#Speed Test / PPP2 /speedtest.kapook.com
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 203.150.225.166/255.255.255.255 -j $GAME1

#Speed Test / PPP3 /speedtest.adslthailand.com
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 203.107.132.134/255.255.255.255 -j $GAME

#Speed Test / PPP4 /speedtest.pantip.com
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -m tcp -d 203.151.206.227/255.255.255.255 -j $GAME
#--------

#Droping bit on All interface/Bypass to net
$IPTABLES -t filter -I FORWARD -m ipp2p --bit -j DROP
#$IPTABLES -t mangle -I MULTIWAN_MARK -m ipp2p --bit -j $NET

#PATCH CSO to 3128
$IPTABLES -t nat -A PREROUTING -i $LOCAL -d 202.43.33.122 -p tcp --dport 9898 -j REDIRECT --to-port 3128
$IPTABLES -t nat -A OUTPUT -p tcp -d 202.43.33.122 --dport 80 -j DNAT --to 202.43.33.122:9898

#PATCH L Tricksterpatch redirect from 2009,5977 to 3128
$IPTABLES -t nat -D PREROUTING -p tcp -m multiport --dport 5977 -j REDIRECT --to-port 3128
$IPTABLES -t nat -A PREROUTING -p tcp -m multiport --dport 5977 -j REDIRECT --to-port 3128

# Dns
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p tcp -d tcp --destination-port 53 -j $NET
$IPTABLES -t mangle -A MULTIWAN_MARK -s $LOCAL -p udp -d tcp --destination-port 53 -j $NET

if [ -f /var/run/frox.pid ]; then
$IPTABLES -t nat -D PREROUTING -p tcp -m multiport --dport 21,8021 -j REDIRECT --to-port 2121
$IPTABLES -t nat -A PREROUTING -p tcp -m multiport --dport 21,8021 -j REDIRECT --to-port 2121
fi

Scrip Server ( frox.conf )

Scrip Server ( frox.conf )

# TF Frox Tornado V5.5
Port 2121

ResolvLoadHack wontresolve.doesntexist.abc

User frox
Group frox

WorkingDir /var/cache/frox
DontChroot Yes

LogLevel 0
LogFile /var/log/frox.log
XferLogging no

PidFile /var/run/frox.pid

BounceDefend yes

AllowNonASCII yes

ControlPorts 50000-50199
PassivePorts 50200-50399
ActivePorts 50400-50599

CacheModule local

# CacheModule http
HTTPProxy 0.0.0.0:3128

CacheSize 35000

MinCacheSize 0

CacheAll yes

DoNTP yes
NTPAddress 0.0.0.0:2121

Timeout 300

MaxForks 60

MaxForksPerHost 10

# MaxTransferRate 4096
# CacheDlRate 8192
# MaxUploadRate 4096

ACL Allow * - *

Script Server ( squid.conf )

Script Server ( squid.conf )

http_port 0.0.0.0:3128
tcp_outgoing_address 0.0.0.0
udp_incoming_address 0.0.0.0
udp_outgoing_address 0.0.0.0
icp_port 0

# Time Out
request_timeout 1 minute
forward_timeout 1 minutes
connect_timeout 1 minute
peer_connect_timeout 1 minutes
pconn_timeout 120 second
read_timeout 2 minute
persistent_request_timeout 2 minute
shutdown_lifetime 3 second
negative_ttl 2 minute
positive_dns_ttl 120 second
negative_dns_ttl 120 second

netdb_low 900
netdb_high 1000
client_db on
client_lifetime 1 day

# Transparent

httpd_accel_host virtual
httpd_accel_port 0
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

# mark for no cache
hierarchy_stoplist cgi-bin ? localhost .asp .aspx .php .inf .dll .Xt .xtp .ini localhost php$ inf$ dll$ Xt$ xtp$ ini$ asp$ aspx$ .exe .cfg ucg
acl QUERY urlpath_regex cgi-bin \? localhost .asp .aspx .php .inf .dll .Xt .xtp .ini localhost php$ inf$ dll$ Xt$ xtp$ ini$ asp$ aspx$ updatelist$ patch_lv1 .cfg .exe ucg
no_cache deny QUERY
# OPTIONS WHICH AFFECT THE CACHE SIZE
# —————————————————————

cache_mem 6 MB
cache_swap_low 98
cache_swap_high 99
memory_pools on
# memory_pools_limit 6 MB

maximum_object_size 128 MB
maximum_object_size_in_memory 32 KB

ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 4096

cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

# LOGFILE
# —————————————————————
cache_dir aufs /var/spool/squid 4096 16 256

cache_access_log /var/log/squid/access.log
cache_log /dev/null
cache_store_log none
# mime_table /usr/share/squid/mime.conf
pid_filename /var/run/squid.pid

log_fqdn off
client_netmask 255.255.255.255
ftp_passive on
ftp_sanitycheck on
dns_nameservers 127.0.0.1

# OPTIONS FOR TUNING THE CACHE
# —————————————————————
# refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod
# refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod

quick_abort_min -1 KB
quick_abort_max 0 KB
quick_abort_pct 100

half_closed_clients off

# ACL CONTROLS
# —————————————————————
acl Manager proto cache_object
acl all src 0.0.0.0/0
acl localhost src 127.0.0.0/8
acl All_Port port 1-65535
acl CONNECT method CONNECT


http_access allow Manager all
http_access deny manager
http_access allow All_Port
http_access allow CONNECT All_Port
http_access allow localhost
http_access allow all

http_reply_access allow all
icp_access allow all

# ADMINISTRATIVE PARAMETERS
# ——————————————————————-

cache_mgr squid@oxygencafe.net
visible_hostname oxygencafe.net

# MISCELLANEOUS
# ——————————————————————
logfile_rotate 3
log_icp_queries off
query_icmp off
buffered_logs off
reload_into_ims on
nonhierarchical_direct off
prefer_direct on
strip_query_terms off
pipeline_prefetch on
ie_refresh on
forwarded_for on
vary_ignore_expire on
store_dir_select_algorithm round-robin
ignore_unknown_nameservers on

header_access Allow allow all
header_access Authorization allow all
header_access Cache-Control allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Type allow all
header_access Date allow all
header_access Expires allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Last-Modified allow all
header_access Location allow all
header_access Pragma allow all
header_access Accept allow all
header_access Accept-Charset allow all
header_access Accept-Encoding allow all
header_access Accept-Language allow all
header_access Content-Language allow all
header_access Mime-Version allow all
header_access Retry-After allow all
header_access Title allow all
header_access Connection allow all
header_access Proxy-Connection allow all
header_access All allow all

# cache_peer x.x.x.x parent xxxx 0 default no-query no-delay login=x:xxx
# never_direct allow all

error_directory /etc/squid/errors
follow_x_forwarded_for allow localhost

store_avg_object_size 50 MB
# reference_age 2 hour
# siteselect_timeout 2 hour

# ####DELAY POOLS###################################################
# This is the most important part for shaping incoming traffic with Squid
# For detailed description see squid.conf file or docs at http://www.squid-cache.org

# We don't want to limit downloads on our local network.
# acl magic_words1 url_regex -i 192.168

# We want to limit downloads of these type of files
# Put this all in one line
# .3gp .aac .ac3 .act .aif .aiff .amr .asf .au .avi .b5t .bin .bwt .cab .ccd .cdi .cue .dat .dct .div .divx .dss .exe .flac .fli .flv .gho .gsm .gz .ifo .img .iso .m4a .mp2 .mp3 .mp4 .mov .mpe .mpga .mpg .mpeg .mds .nrg .ogg .pdi .qt .ra .ram .rar .raw .rcd .rec .rm .rmvb .rmj .rpm .sea .shn .sri .swf .tar .tgz .vob .vox .vqf .wav .wmv .wma .zip

# acl magic_words2 url_regex -i ftp http .3gp .aac .ac3 .act .aif .aiff .amr .asf .au .avi .b5t .bin .bwt .cab .ccd .cdi .cue .dat .dct .div .divx .dss .exe .flac .fli .flv .gho .gsm .gz .ifo .img .iso .m4a .mp2 .mp3 .mp4 .mov .mpe .mpga .mpg .mpeg .mds .nrg .ogg .pdi .qt .ra .ram .rar .raw .rcd .rec .rm .rmvb .rmj .rpm .sea .shn .sri .swf .tar .tgz .vob .vox .vqf .wav .wmv .wma .zip

# We don't block .html, .gif, .jpg and similar files, because they
# generally don't consume much bandwidth

# We want to limit bandwidth during the day, and allow
# full bandwidth during the night
# Caution! with the acl below your downloads are likely to break
# at 23:59. Read the FAQ in this bandwidth if you want to avoid it.

# acl day time 00:00-23:59

# We have two different delay_pools
# View Squid documentation to get familiar
# with delay_pools and delay_class.

# delay_pools 2

# #####################################
# First delay pool
# We don't want to delay our local traffic.
# There are three pool classes; here we will deal only with the second.
# First delay class (1) of second type (2).

# delay_class 1 2

#-1/-1 mean that there are no limits.

# delay_parameters 1 -1/-1 -1/-1

# magic_words1: 192.168 we have set before

# delay_access 1 allow magic_words1
# #####################################

# #####################################
# Second delay pool.
# we want to delay downloading files mentioned in magic_words2.
# Second delay class (2) of second type (2).

# delay_class 2 2

# The numbers here are values in bytes;
# we must remember that Squid doesn't consider start/stop bits
# 5000/150000 are values for the whole network
# 5000/120000 are values for the single IP
# after downloaded files exceed about 150000 bytes,
# (or even twice or three times as much)
# they will continue to download at about 5000 bytes/s

# delay_parameters 2 5000/150000 5000/120000

# OLD_OK
# delay_parameters 2 640000/640000 256000/256000

# NEW_TEST
# Mbps = 1.0 1.5 2.0 2.5 3.0 3.5 4.0
# bps = 1024 1536 2048 2560 3072 3584 4096
# Byte = 128 192 256 320 384 448 512

# delay_parameters 2 384000/384000 192000/256000
# delay_parameters 2 384000/384000 192000/384000
# delay_parameters 2 512000/512000 320000/384000

# # delay_parameters 2 -1/-1 -1/-1
# # We have set day to 00:00-23:59 before.
# delay_access 2 allow day
# delay_access 2 deny !day
# delay_access 2 allow magic_words2
# #####################################

Script Server ( dnsmasq.conf )

Script Server ( dnsmasq.conf )

# The "interface" parameter is set by the network policy (LAN/DMZ interfaces)
bogus-priv
# maybe make larger
cache-size=512
#
dhcp-authoritative
dhcp-lease-max=1000
# block silly requests
domain-needed
filterwin2k
#
domain=system.lan
expand-hosts
# no-negcache
strict-order
user=nobody
# Can make specific servers here and not use resolv.conf
server=203.144.207.49 # asianet (True) 58.1
server=203.146.237.237 # csloxinfo 39
server=203.113.127.199 # TOT
server=203.144.255.72 # asianet 40.9
server=202.69.137.137 # Triple T Global Net 41
server=202.44.144.33 # KSC 41.5
server=203.146.102.231 # truefaster 42.5
server=203.144.255.71 # asianet 42.8
server=202.129.27.134 # cattelecom 43.6
server=202.69.137.138 # Triple T Global Net 45
server=203.146.237.222 # csloxinfo 48.5
server=202.57.160.129 # Issp 48.9
server=202.6.100.1 # ABAC 50
server=203.121.130.39 # Pacific 51.5
server=203.155.33.1 # KSC 51.9
server=202.44.68.3 # Sripatum 52.7
server=202.57.128.71 # SGA 62
server=203.147.0.3 # Jasmine Internet 62.4
server=61.19.245.246 # cattelecom *
server=61.19.254.134 # cattelecom *
server=202.47.249.4 # cattelecom *
server=203.148.255.70 # A-Net *
server=203.148.255.78 # A-Net *
server=203.149.0.2 # Samart *
server=203.149.0.3 # Samart *
server=203.146.222.3 # buddybb *
server=203.158.144.1 # Rmutp *
server=203.146.64.33 # Tnet *
server=202.182.0.1 # FarEast *
server=202.182.0.2 # FarEast *
server=192.150.249.11 # Thammasat *
server=208.67.222.222 # OpenDNS 277.8
server=208.67.220.220 # OpenDNS 285.1
# include another configuration
conf-file=/etc/dnsmasq/dhcp.conf

Script Server ( resolv.conf )

Script Server ( resolv.conf )

nameserver 127.0.0.1
nameserver 192.168.1.1

Script Server ( อีกตัว )

Script Server ( อีกตัว )

rc.firewall.local
# -------------------------------------------------------------
# Frox
# -------------------------------------------------------------
if [ -f /var/run/frox.pid ]; then
iptables -t nat -D PREROUTING -p tcp --destination-port 21 -j REDIRECT --to-port 2121 > /dev/null
iptables -t nat -I PREROUTING -p tcp --destination-port 21 -j REDIRECT --to-port 2121

# HipStreet for Frox
iptables -t nat -D PREROUTING -p tcp -d 58.97.46.0/24 --destination-port 8021 -j REDIRECT --to-port 2121 > /dev/null
iptables -t nat -I PREROUTING -p tcp -d 58.97.46.0/24 --destination-port 8021 -j REDIRECT --to-port 2121

fi
_____________________________________________________________________________________
Frox.conf

Port 2121

ResolvLoadHack wontresolve.doesntexist.abc

User frox
Group frox

WorkingDir /var/cache/frox
DontChroot Yes

LogLevel 0
LogFile /var/log/frox.log
XferLogging no

PidFile /var/run/frox.pid

BounceDefend yes

AllowNonASCII yes

ControlPorts 50000-50199
PassivePorts 50200-50399
ActivePorts 50400-50599

CacheModule local

# CacheModule http
HTTPProxy 127.0.0.1:3128

CacheSize 35000

MinCacheSize 0

CacheAll yes

DoNTP yes
NTPAddress 0.0.0.0:2121

# Timeout 300

MaxForks 60

MaxForksPerHost 10

ACL Allow * - *
_______________________________________________________________________________
squid.conf

shutdown_lifetime 5 second

icp_port 0

http_port 192.168.1.3:3128

tcp_outgoing_address 0.0.0.0
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
icp_query_timeout 0
maximum_icp_query_timeout 9000
mcast_icp_query_timeout 9000

ftp_sanitycheck off
ftp_user user@domain.com
ftp_passive on

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

#umask 022

cache_effective_user squid
cache_effective_group squid

pid_filename /var/run/squid.pid
mime_table /etc/squid/mime.conf

cache_access_log /dev/null
cache_log /dev/null
cache_store_log none

ipcache_size 2048
ipcache_low 98
ipcache_high 99
fqdncache_size 4096
icp_hit_stale off
query_icmp on
test_reachability off
reload_into_ims on
vary_ignore_expire on
strip_query_terms off
offline_mode off

emulate_httpd_log off
log_ip_on_direct off
log_fqdn off
buffered_logs on
log_mime_hdrs off
log_icp_queries off
log_ip_on_direct on

forwarded_for off


acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl All_Port port 1-65535
acl CONNECT method CONNECT



http_access allow All_Port
http_access allow CONNECT All_Port
http_access allow localhost
http_access allow all

icp_access allow all

maximum_object_size 50000 KB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 99
memory_pools off


cache_mem 256 MB
cache_dir ufs /var/spool/squid 1024 16 256

request_body_max_size 0 KB
reply_body_max_size 0 allow all

visible_hostname TrueFaster.com

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
httpd_accel_single_host off

#cache_peer proxy.csloxinfo.com parent 8080 8080 default no-query no-delay

memory_replacement_policy heap GDSF
cache_replacement_policy heap GDSF



ie_refresh on
balance_on_multiple_ip on
pipeline_prefetch on
dns_timeout 2 minutes
dns_nameservers 203.113.127.199 #สำหรับเน็ตทรูเท่านั้น
dns_nameservers 203.113.127.199 #สำหรับเน็ตทรูเท่านั้น
never_direct deny all
dns_retransmit_interval 5 seconds
dns_timeout 5 minutes
redirect_rewrites_host_header on

negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 5 minutes
range_offset_limit 0 KB
quick_abort_min 0
quick_abort_max 0
quick_abort_pct 98
half_closed_clients off


#refresh_pattern ^ftp: 1440 20% 1440
#refresh_pattern ^gopher: 1440 0% 1440
#refresh_pattern . 86400 1440 20% 1440
#refresh_pattern ^http: 4320 20% 43200
#refresh_pattern -i \.(gif|jpg|jpeg|png|bmp|tif|xbm|tiff)$ 604800 20% 2419200

refresh_pattern \.gif 4320 50% 43200
refresh_pattern \.jpg 4320 50% 43200
refresh_pattern \.tif 4320 50% 43200
refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod
refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod
refresh_pattern ^http://*.cabal.asiasoft.co.th/.* 720 100% 4320


-------------------------------------------------------------------------


rc.firewall.local
# -------------------------------------------------------------
# Frox
# -------------------------------------------------------------

## เพิ่มคำสั่งใต้นี้เข้าไปนะครับ ### Edit BY Dj.BOM


iptables -t nat -I PREROUTING -d 202.43.34.110 -p tcp --dport 21 -j ACCEPT

Script Server ( ClearOS 5.2 )

ข้อมูลสรุปนี้ไม่พร้อมใช้งาน โปรด คลิกที่นี่เพื่อดูโพสต์