Buat file /usr/local/sbin/tproxy-routing.sh:
nano /usr/local/sbin/tproxy-routing.shMasukkan baris berikut:
#!/bin/bash
ip rule add fwmark 1 lookup 100 pref 1 2>/dev/null
ip route add local 0.0.0.0/0 dev lo table 100 2>/dev/nullBerikan permission execute:
chmod +x /usr/local/sbin/tproxy-routing.shBuat systemd service:
nano /etc/systemd/system/tproxy-routing.serviceMasukkan baris berikut:
[Unit]
Description=TPROXY policy routing
After=network-online.target
Wants=network-online.target
[Service]
Type=oneshot
ExecStart=/usr/local/sbin/tproxy-routing.sh
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
Reload systemd, aktifkan auto start ketika startup, dan jalankan service:
systemctl daemon-reload
systemctl enable --now tproxy-routing.service
systemctl start tproxy-routingPeriksa, pastikan service berjalan dengan baik:
systemctl status tproxy-routingCopy file original nftables:
cp /etc/nftables.conf /etc/nftables.conf.bakBuat mangle menggunakan nftables:
nano /etc/nftables.confMasukkan baris berikut:
table ip dns_tproxy {
chain prerouting {
type filter hook prerouting priority mangle; policy accept;
fib saddr type local accept
iifname "ens18" udp dport 53 tproxy to :53 meta mark set 0x00000001 accept
iifname "ens18" tcp dport 53 tproxy to :53 meta mark set 0x00000001 accept
}
}Sesuaikan nama interface yang digunakan untuk menerima traffic DNS
Aktifkan autostart nftables dan jalankan:
systemctl enable nftables
systemctl restart nftablesCek ruleset nftables yang berjalan saat ini:
nft list rulesetKonfigurasi sysctl:
nano /etc/sysctl.d/99-tproxy.confMasukkan baris berikut:
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.ens18.rp_filter=0
net.ipv4.conf.lo.rp_filter=0
net.ipv4.conf.ens18.accept_local=1
Sesuaikan nama interface yang digunakan untuk menerima traffic DNS
Apply konfigurasi sysctl:
sysctl --system
