When Apache executes CGI-Perl scripts they are executed as the apache user. So if you want to have some system commands which can be only executed as root (e.g. iptables commands) in your CGI scripts they will not get executed.

One solution is to use setuid mode in Perl.

For this you will need the perl-suid package (in Debian) or the special Perl program called suidperl.

# aptitude install perl-suid

Then you need to tweak the Perl scripts a little to avaoid warnings. If you are using the suidperl program you should replace #!/usr/bin/perl with the suidperl program (i.e. #!/usr/bin/suidperl) and use -U tag to execute unsafe commands.

#!/usr/bin/perl -wU

system(“/sbin/iptables”, “-L”);

And finally, you need to set the suid bit and change permissions to allow the CGI script to be executed as root.

# chown root:root <script name>
# chmod ug+s <script name>
# chmod a+x <script name>

Reference: http://www.thewireframecommunity.com/node/23

1. apt-get install pptpd

2. set username pptpd password “*” into /etc/ppp/chap-secrets

3. set the following iptables rules

iptables -A INPUT -p gre -j ACCEPT
iptables -A INPUT -p tcp –dport 1723 -j ACCEPT
iptables -t nat -A POSTROUTING -s xxx.xxx.xxx.0/24 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

ssh -NfR 2222:localhost:22 user@abc.com

iptables -t nat -A PREROUTING -p tcp -i eth0 –dport 8080 -j DNAT –to 192.168.19.198:8080

iptables -A FORWARD -p tcp -i eth0 -d 192.168.19.198 –dport 8080 -j ACCEPT #  needed only if FORWARD is set to DROP by default

Use aircrack-ng

Procedures of setting a router with cache function are as follows:

Router section:

1. install dnsmasq

2. iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

3. modify /etc/network/interfaces with following lines

auto eth0 static
iface eth0 inet static
address 192.168.18.1
netmask 255.255.255.0
network 192.168.18.0
broadcast 192.168.18.255

4. echo “1” > /proc/sys/net/ipv4/ip_forward or modify /etc/sysctl.conf

5. install pppoeconf for pppoe connection

6. install apache http://fusionstrike.com/2012/installing-apache2-raspberry-pi-debian

Cache session：

1. install squid

2. configure squid.conf

3. iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128   # http proxy transparency setting

Connecting to other proxy servers for breaking great firewall:

1. configure squid.acl.gfwed.config   # used to distinguish which websites need to other proxy servers.

2. configure squid_cache_peers.conf   # set which other proxy servers we are connecting to.

3. configure stunnel.conf   # set which other proxy servers we are connecting to.

Other proxy server side’s setting is as follows:

1. install squid

2. install stunnel4

3. configure stunnel4.conf

4. create stunnel.pem for stunnel