fix_locale: |
@echo '============================[fixing locale]============================' |
locale-gen en_CA.utf8 |
update-locale LANG=en_CA.utf8 |
docker: |
@echo '==========================[installing docker]=========================' |
apt-get update |
apt-get install -y apt-transport-https |
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 |
echo 'deb https://get.docker.io/ubuntu docker main' > /etc/apt/sources.list.d/docker.list |
apt-get update |
apt-get install -y lxc-docker |
mods: |
@echo '==================[enabling xt_TPROXY and xt_socket]==================' |
find /lib/modules/`uname -r` | grep -q xt_TPROXY |
find /lib/modules/`uname -r` | grep -q xt_socket |
printf "xt_TPROXY\nxt_socket\n" | tee -a /etc/modules | xargs modprobe |
net_config: |
@echo '================[configuring iptables rules for TPROXY]===============' |
iptables -t mangle -N DIVERT |
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT |
iptables -t mangle -A DIVERT -j MARK --set-mark 111 |
iptables -t mangle -A DIVERT -j ACCEPT |
ip rule add fwmark 111 lookup 100 |
ip route add local dev lo table 100 |
echo 1 > /proc/sys/net/ipv4/conf/all/forwarding |
dependencies: docker mods net_config |
build_nc: |
@echo '======================[building netcat container]=====================' |
docker build -q -t amirkdv/nc . |
build_haproxy: |
@echo '================[installing HAProxy w/ TPROXY support]================' |
apt-get update |
apt-get install -y build-essential make gcc |
wget http://www.haproxy.org/download/1.5/src/devel/haproxy-1.5-dev26.tar.gz |
tar -zxf haproxy-1.5-dev26.tar.gz |
make -C haproxy-1.5-dev26 TARGET=linux26 CPU=x86_64 USE_LINUX_TPROXY=1 |
make -C haproxy-1.5-dev26 install target=linux26 |
build: fix_locale dependencies build_haproxy build_nc net_config |
start_nc: |
@echo '==============[starting netcat container (port: 9876)]================' |
docker run -i -t --expose 7000 amirkdv/nc |
start_haproxy: |
@echo '===================[starting haproxy in debug mode]===================' |
haproxy -f /vagrant/haproxy.cfg -d |
demo: |
@echo '======================[transparent proxy demo]========================' |
@echo '1. in the first tab start the netcat container:' |
@echo ' vagrant ssh -- sudo make -C /vagrant start_nc' |
@echo '2. in a second tab start HAProxy:' |
@echo ' vagrant ssh -- sudo make -C /vagrant start_haproxy' |
@echo '3. in a third tab connect to the proxied netcat container and watch logs on tab 1 and 2:' |
@echo ' nc 9000' |
@echo ' you must see (originating IP) in nc logs and not (proxy ip)' |
.PHONY: all |