github.com/coreos/goproxy@v0.0.0-20190513173959-f8dc2d7ba04e/examples/goproxy-transparent/proxy.sh (about) 1 #!/bin/sh 2 # goproxy IP 3 GOPROXY_SERVER="10.10.10.1" 4 # goproxy port 5 GOPROXY_PORT="3129" 6 GOPROXY_PORT_TLS="3128" 7 # DO NOT MODIFY BELOW 8 # Load IPTABLES modules for NAT and IP conntrack support 9 modprobe ip_conntrack 10 modprobe ip_conntrack_ftp 11 echo 1 > /proc/sys/net/ipv4/ip_forward 12 echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter 13 14 # Clean old firewall 15 iptables -t nat -F 16 iptables -t nat -X 17 iptables -t mangle -F 18 iptables -t mangle -X 19 20 # Write new rules 21 iptables -t nat -A PREROUTING -s $GOPROXY_SERVER -p tcp --dport $GOPROXY_PORT -j ACCEPT 22 iptables -t nat -A PREROUTING -s $GOPROXY_SERVER -p tcp --dport $GOPROXY_PORT_TLS -j ACCEPT 23 iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination $GOPROXY_SERVER:$GOPROXY_PORT 24 iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination $GOPROXY_SERVER:$GOPROXY_PORT_TLS 25 # The following line supports using goproxy as an explicit proxy in addition 26 iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination $GOPROXY_SERVER:$GOPROXY_PORT 27 iptables -t nat -A POSTROUTING -j MASQUERADE 28 iptables -t mangle -A PREROUTING -p tcp --dport $GOPROXY_PORT -j DROP 29 iptables -t mangle -A PREROUTING -p tcp --dport $GOPROXY_PORT_TLS -j DROP