  squid ɂ铧ߌ^vLV
  Daniel Kiracofe
  v1.3, January 2001
   m(cz8cb01@linux.or.jp)
  V1.3j, 2001N0217

  ̃hLg Linux  squid œߌ^ HTTP LbVOv
  LVT[o[\z@ɂĐ܂B
  ______________________________________________________________________

  ڎ

  1. Cg_NV
     1.1 ӌ
     1.2 Copyrights and Trademarks
     1.3 #include <disclaimer.h>
     1.4 |Ҏӎ

  2. ߌ^vLV̊Tv
     2.1 gR
     2.2 ̃hLgŎ舵͈

  3. J[l̐ݒ
  4. squid ̐ݒ
  5. Netfilter(ipchains)̐ݒ
  6. ܂Ƃ
  7. ɒmɂ

  ______________________________________________________________________

  1.  Cg_NV

  1.1.  ӌ

   mini HOWTO Ɋւ邲ӌtB[hobN}܂B҂ł
  Daniel Kiracofe(drk@unxsoft.com) ɒڑĂč\܂B

  1.2.  Copyrights and Trademarks

  Copyright 2000-2001 by UnxSoft Ltd (www.unxsoft.com)

  i󒍁Fǎ҂̗ւl{𕹋L܂A Copyright D
  悵܂j

  This manual may be reproduced in whole or in part, without fee,
  subject to the following restrictions:

  ȉ̏𖞂΁Ȃ̕Ŝ܂͈ꕔ𖳏Ŕzzł܂B

  o  The copyright notice above and this permission notice must be
     preserved complete on all complete or partial copies

  o  Translation to another language is permitted, provided that the
     author is notified prior to the translation.

  o  Any derived work must be approved by the author in writing before
     distribution.

  o  If you distribute this work in part, instructions for obtaining the
     complete version of this manual must be included, and a means for
     obtaining a complete version provided.

  o  Small portions may be reproduced as illustrations for reviews or
     quotes in other works without this permission notice if proper
     citation is given.

  o  ׂĂ̊SȁA͕IȃRs[ɏL̒쌠\Ƃ̋
     mSɕۑĂȂ΂ȂȂB

  o  ̌ɖ|󂷂ۂ͎Oɒ҂ɒʒm邱ƁB

  o  ̃hLg̔hꍇAzz̑Oɒ҂ɏF𓾂邱
     ƁB

  o  ̃hLg̈ꕔzzꍇ́ASȔł肷@
     т̂߂̎菇񋟂Ȃ΂ȂȂB

  o  K؂Ȉp\ĂȂ΁A̋mȂŃhL
     g̒Z𑼂̘̕_]pŗƂĕĂǂB

  Exceptions to these rules may be granted for academic purposes: Write
  to the author and ask. These restrictions are here to protect us as
  authors, not to restrict you as learners and educators. Any source
  code (aside from the SGML this document was written in) in this
  document is placed under the GNU General Public License, available via
  anonymous FTP from the GNU archive.

  ړȈꍇ͂̃[ɗOF߂邱Ƃ܂A
  ҂ɘAĐq˂ĂB̐͒҂łX邽߂̂
  ̂ŁAwK҂ы҂݂̂Ȃ𐧌邽߂̂̂ł͂܂B
  ̃hLĝׂẴ\[XR[h (̃hLgĂ
  SGML ͏)  GNU General Public License ̉ɂ܂BGPL  GNU
  A[JCu anonymous FTP œł܂B

  1.3.  #include <disclaimer.h>

  IAÖٓIɊւ炸Aۏ؂łB

  1.4.  |Ҏӎ

  |̍ۂɂ͈ȉ̕Xɑ̗LvȃRgAZĂ܂
  B肪Ƃ܂B

  o  ΒqV

  o  앐r

  o  R`V

  o  L

  o  앐Y

  2.  ߌ^vLV̊Tv

  2.1.  gR

  ``ʏ'' vLV𗘗pɂ́Ap҂ web uEUŃvLṼzX
  gƃ|[gԍw肵܂BuEU̓vLVɃNGXgsȂA
  ɃvLV͂̃NGXgANZXꂽT[o[֓]܂Bʏ
  ͂ŖȂ܂Aɂ͈ȉ̂悤ȏʂɏo킷Ƃ
  ܂B

  o  L킳Albg[N̗p҂ɃvLVg킹悤ɂ
     B
  o  p҂ɃvLVg킹AvLV𗘗pĂƂƂ
     m点ȂB

  o  p҂ɃvLVg킹ASAƂ web uEU̐
     ύXԂȂB

  ꍇɓߌ^vLV𗧂܂Bg web ւ̃N
  GXgvLVœߓIɈƂł܂B܂藘p҂̃\tgEF
  A͑̃T[o[֒ڐڑĂ悤Ɍ܂Aۂɂ̓v
  LVT[o[ւƐڑĂ܂B

  Cisco ̃[^[͑̃XCb`Ɠlɓߌ^̃vLVT|[g
  ܂ALinux [^[Ƃėpł TCP ̃RlNV
  [J|[gփ_CNgΓߌ^vLVƂē삵܂Bł
  web vLVK؂ȑ̃T[o[ɐڑł悤ɂ邽߂ɂ́A
  _CNgĂ邱Ƃ web vLVɔFƂKvƂȂ
  Bɂ͈ʂɈȉ2 ̕@p܂B

  p web vLVߌ^vLVƂėpłȂ́Aweb v
  LV̑OɑSĂ̂₱ƂɂĂAtransproxy Ƃ
  Õf[𗘗pł܂Btransproxy  John Saunders ɂď
  ܂B  <ftp://ftp.nlc.net.au/pub/unix/transproxy/> 
  metalab ̃~[ł܂Btransproxy ɂĂ͂̃hL
  gł͏qׂ܂B

  (󒍁Ftransproxy  web TCg  <http://www.transproxy.nlc.net.au/>
  ɂ܂)

  ǂ@́Aߌ^vLVƂėpł web vLV
  邱ƂłBŐ̂ squid łBsquid ̓I[v\[X
  Unix pLbVOvLVT[o[ŁA <http://www.squid-cache.org>
  ł܂B

  2.2.  ̃hLgŎ舵͈

  ̃hLgł͎M_(2001N01)ōŐV̈łł squid o
  [W 2.3  Linux J[lo[W 2.4 ɂďqׂĂ
  A squid 2.0  Linux J[l 2.3 ł̃hLg̓e
  p͂łBȑÕ[Xłł̏񂪕Kvł
  <http://www.unxsoft.com> hLgł܂B

  (󒍁F|󎞓_(2001N02)ł̈ł squid 2.3  J[l
  2.2.18/2.4.1 ł)

  Jł̃J[l squid gꍇAg̐ӔCŎg悤ɂĂ
  B̃hLgɂȂ邩܂񂪁Aۏ؂͂ł܂B

  ̃hLgł HTTP ̃vLV܂Bߌ^ FTP vL
  VɊւ鎿 email 炢܂B_Iɂ͓ߌ^ FTP v
  LV͕s\ł͂܂ HTTP *Ȃ*łÂ
  ɂܗpłc[ɂĒm܂B@킩ꍇ́A
  Ȃg HOWTO M邱Ƃ߂܂B

  3.  J[l̐ݒ

  ܂AJ[lɓK؂ȃIvVw肳Ă邱ƂmFKv
  ܂BfBXgr[VɓĂJ[lgĂꍇ
  ɂ́Aߌ^vLVɂȂĂ邩܂B悭Ȃ
  ɂ͂̃ZNV͓ǂݔ΂Ă܂̂ǂł傤B̃ZNV
  ŎsR}hȃG[o͂ꍇA炭J[l
  ݒ肳Ă܂B

  (󒍁F Debian (potato) ̃J[lłAɂȂĂ邻ł)

  ߌ^vLVg悤ɃJ[lݒ肳ĂȂɂ͍ăRpC
  Kv܂BJ[l̍ăRpC̎葱͂₱(
  ƂA߂Ă̐lɂ)A܂̃hLg̔eł͂܂BJ
  [lRpCɊւ񂪕Kvł
  <http://metalab.unc.edu/pub/Linux/docs/HOWTO/Kernel-HOWTO> QƂ
  B

  (󒍁F {  <http://www.linux.or.jp/JF/JFdocs/Kernel-
  HOWTO.html> ɂ܂)

  ݒ肷Kv̂鍀ڂ͎̒ʂł(ǂW[ɂ邱Ƃ͂ł
  ܂)B

  o  Networking support(J[l2.4̂)

  o  Sysctl support

  o  Network packet filtering(J[l2.4̂)

  o  TCP/IP networking

  o  Connection tracking (menuconfig ``IP: Netfilter Configuration''
     ł)(J[l2.4̂)

  o  IP: firewalling(J[l2.2̂)

  o  IP tables support(J[l2.4̂)

  o  IP: always defragment(J[l2.2̂)

  o  Full NAT(J[l2.4̂)

  o  IP: transparent proxy support(J[l2.2̂)

  o  REDIRECT target support(J[l2.4̂)

  o  /proc filesystem support

     ``Fast switching'' NO ɂKv܂(J[l2.4̂)

  쐬J[lN IP tH[fBOLɂKv
  ł傤BIP tH[fBOƃ}V[^[Ƃē삵
  Bʂ̃[U[͂̋@\KvȂ߁AftHgł͂̋@\͖
  ɂȂĂ܂AsɖIɗLɂKv܂B
  fBXgr[VɂĂ͊ɗLɂȂĂ邩܂Bm
  Fɂ ``cat /proc/sys/net/ipv4/ip_forward'' s܂B``1''
  \ΗLɂȂĂ܂BłȂȂ ``echo '1' >
  /proc/sys/net/ipv4/ip_forward'' s܂B /etc/rc.d/ ɂ
  NɎsXNvgɂ̃R}hǉƗǂł傤B

  (󒍁FRedhat nł /etc/rc.d/rc.local ɋLq邩A邢
  /etc/sysconfig/network  FORWARD_IPV4=true LqĂΗǂł
  B Debian ̏ꍇApotato ȑȌꍇ͏LƓl ``echo '1' >
  /proc/sys/net/ipv4/ip_forward'' s܂Bpotato ȍ~ł
  /etc/network/options  ip_forward=no Ƃ̂̂ŁA
  ip_forward=yes ɕύX /etc/init.d/networking ƂXNvg
  ``echo '1' > /proc/sys/net/ipv4/ip_forward'' Ă܂)

  4.  squid ̐ݒ

  squid ݒ肵As܂傤BŐV tarball   <http://www.squid-
  cache.org> _E[h܂BJłł DEVEL o[Wł͂
  Ałł STABLE o[Wł邱ƂmFĂBM
  _(2001N02)̍ŐVł squid-2.3.STABLE4.tar.gz łB

  āA_E[ht@C(``tar -xzf <t@C>'' gp
  )WJ autoconf XNvg(``./configure'') sARpC
  (``make'')ăCXg[(``make install'')܂傤B

  ɃftHg squid.conf t@C(ύXȂCXg[
  /usr/local/squid/etc/squid.conf ł)ҏW܂Bsquid.conf ɂ͔
  ɑ̃Rg܂܂Ă܂BہAsquid ɊւłǂhL
  g squid.conf łBSĂ̐ݒ肪INɁAxŜ
  ǂ݂ȂǂłȀ͍ŏ̐ݒ肾sȂ܂傤B
  ̂悤ȃfBNeBuTăRg(s #)OAK؂Ȓlɕ
  X܂B

  o  httpd_accel_host virtual

  o  httpd_accel_port 80

  o  httpd_accel_with_proxy on

  o  httpd_accel_uses_host_header on

  Ō http_access fBNeBuĂ݂܂傤BftHgł͒ʏ
  ``http_access deny all'' ɂȂĂ邽 squid ւ̃ANZX͒Nł
  ȂԂƂȂĂ܂B̏͂ ``http_access allow all'' ɕ
  XĂ\܂񂪁Aۂɉ^pۂɂ ACL(Access Control List) 
  ăhLgǂ݁A[J̃lbg[N(Ȃǂ̌肳ꂽ
  )̃[U[płLbVݒ肵قǂł傤B
  ǂłƂƎv邩m܂񂪁ALbVւ̃ANZXɂ
  炩̐ǂłBtB^OsȂĂt@CA
  EH[(|m̃tB^[⌾_قǎRłȂ̃tB^[
  )̒ɂĺAxXANZX̂ȂvLV ``Ƃ'' o
  hHԂĂ܂܂B

  LbVfBNg ``squid -z'' ŏ܂(squid ̃o[W
   1.1.16 ȍ~̎łBO̔ł̎́A΂Ďs
  ȂĂ)B

  /usr/local/squid/bin/ fBNg RunCache XNvg squid N
  ܂傤Bweb uEŨvLVݒ squid ̓삵Ă}V
  IP AhXу|[g 3128(|[gԍftHgύXĂ
  ꍇ)ɐݒ肷΁Asquid 𕁒ʂ̃vLVƂĎgpł͂łB

  ݒɊւڍׂȏ  <http://www.squid-cache.org>  squid
  FAQ QƂĂB

  (󒍁F squid Internet Object Cache ֘Ãy|W
  <http://www.pa.airnet.ne.jp/~kaz/sysadm/squid/index.html> squid FAQ
  { <http://vcsel-www.pi.titech.ac.jp/cache/Squid-FAQ-j.html> 
  QlɂȂł傤B

  5.  Netfilter(ipchains)̐ݒ

  (󒍁Fipchains Ɋւ̓J[l 2.2 nΏۂłBJ[l 2.4
  n𗘗pꍇA{Iɂ netfilter(܂ iptablesR}h)gp
  ĂBJ[l 2.4 nł ipchains g
  Amodprobe ipchains.o 邱Ƃɂ ipchains 𗘗pł܂B̏
  ̓J[l 2.4 nɉĂ ipchains ɊւQƂĂ)

  ipchains ̓J[l 2.2 x[X́AقڑSẴfBXgr[VŃC
  Xg[ς݂łBCXg[ĂȂɂ
  <ftp://ftp.rustcorp.com/ipchains/> ł܂Bipchains ͔
  ptȃc[łAł͏ʂグ܂BڍׂɊւ
  Ă ipchains HOWTO
  <http://www.rustcorp.com/linux/ipchains/HOWTO.html> QƂĂ
  B
  (󒍁F  <http://www.linux.or.jp/JF/JFdocs/ipchains-mini-HOWTO.html>
  Ƃ̂܂B͖|łł͂ȂA܂ЂƂ̃I
  Wił)

  iptables  ipchains ûŁALinux kernel 2.4 蓱
  ܂Bp̃fBXgr[ṼJ[l 2.4 ̏ꍇA
  iptables ̓CXg[Ă͂ł(󒍁F2001N02݂ł͖
  mASuSE 7.1  RedHat 7.0.x ł)BCXg[Ă
  ɂ netfilter.kernelnotes.org <http://netfilter.kernelnotes.org/>
  肵ĂBM҂͒m܂񂪁AoCi RPM ǂɂ
  ͂łBnetfilter ̃TCgɂ͏ڍׂȃhLg܂B

  [ݒ肷ɂ squid 삵Ă|[gԍ(ftHg 3128
  Ƃ܂)mĂKv܂B

  ܂ ipchains ̏ꍇ LAN  IP AhX(192.168.1.1 Ƃ܂)A
  iptables ̏ꍇɂ̓vLVspPbgĂC^[tF[
  X (ł eth0 Ƃ܂)KvƂȂ܂B

  ipchains gꍇ(󒍁F܂J[l 2.2 邢̓J[l 2.4 n
  ipchains.o gꍇ)ɂ͎n߂ɁÃT[o[oRŊO web T[o
  [֏oĂSẴpPbg܂Bݒ loopback C^[tF[
  XƃC[TlbgC^[tF[X̗ōsȂǂł傤Bv
  LVT[o[ web T[o[삵ĂȂĂAł̍Ƃ͔
  ׂł͂܂Bł̃[ݒ肳ĂȂƁAvLV
  g֐ڑ悤Ƃꍇɖ[vɂȂĂ܂܂B̃R}
  hs܂傤B

  o  ipchains -A input -p TCP -d 127.0.0.1/32 www -j ACCEPT

  o  ipchains -A input -p TCP -d 192.168.1.1/32 www -j ACCEPT

  ߌ^vLV̂߂̖@̎͂łB

  o  ipchains -A input -p TCP -d any/0 www -j REDIRECT 3128

  Ȃ iptables gꍇ͉L̃R}hō\܂B

  o  iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
     --to-port 3128

  L̃R}h /etc/rc.d/ ɂK؂ȋNXNvgɒǉ܂
  BJ[l2.2ł̓tH[h̃[vh߂̃R}hKvł
  AJ[l2.4̏ꍇ͓ɉȂĂ҂̊ł̓[v͔
  ܂łBꍇɂ drk@unxsoft.com ܂Ń[łm
  B

  (󒍁F ipchains ̎Ƀ[v̂́AREDIRECT w肳Ă
  ƃ[gzXgւ̃pPbgłĂA[Jփ_CNg邩
  ł)

  6.  ܂Ƃ

  ܂ł̏SĂ܂Ã}V̐ݒsȂ܂傤BQ[
  gEFC squid ̓삵Ă}V IP ɕύXAweb Ă݂
  BOt@C /usr/local/squid/logs/access.log āAO֒ڂ
  ͂ȂA{ɃvLVoRŃNGXgtH[hĂ邩ǂ
  mF܂傤B

  (󒍁F Debian  Redhat n̏ꍇ /var/log/squid/access.log ł)

  7.  ɒmɂ

  Ȃ鏕KvȎɂ  <http://www.squid-cache.org>  squid FAQ
   squid [OXgQƂĂB܂A(drk@unxsoft.com)
  Ƀ[Ă\܂BԂ(Ȃ܂)Aɓ
  悤Ǝv܂B̏ꍇ́A``ipchains -L''邢``iptables -t nat
  -L''̏o͂ѐݒt@C̊֌W镔 email ɋLq悤ɂ
  ĂBꂪƁA炭܂葽̂Ƃ͂킩Ȃł傤
  B

