  squid ɂ铧ߌ^vLV
  Daniel Kiracofe
  v1.0, 01 April 2000
   m(cz8cb01@linux.or.jp)
  V1.0j, 2000N69

  ̃hLg Linux  squid œߌ^ HTTP LbVOv
  LVT[o[\z@ɂĐ܂B
  ______________________________________________________________________

  ڎ

  1. Cg_NV
     1.1 ӌ
     1.2 Copyrights and Trademarks
     1.3 #include <disclaimer.h>
     1.4 |Ҏӎ

  2. ߌ^vLV̊Tv
     2.1 gR
     2.2 ̃hLgŎ舵͈

  3. J[l̐ݒ
  4. squid ̐ݒ
  5. ipchains ̐ݒ
  6. ܂Ƃ
  7. ɒmɂ

  ______________________________________________________________________

  1.  Cg_NV

  1.1.  ӌ

   mini HOWTO Ɋւ邲ӌtB[hobN}܂B҂ł
  Daniel Kiracofe(drk@unxsoft.com) ɒڑĂč\܂B

  1.2.  Copyrights and Trademarks

  i󒍁Fǎ҂̗ւl{𕹋L܂A Copyright D
  悵܂j

  Copyright 2000 by UnxSoft Ltd (www.unxsoft.com)

  This manual may be reproduced in whole or in part, without fee,
  subject to the following restrictions:

  ȉ̏𖞂΁Ȃ̕Ŝ܂͈ꕔ𖳏Ŕzzł܂B

  o  The copyright notice above and this permission notice must be
     preserved complete on all complete or partial copies

  o  Any translation or derived work must be approved by the author in
     writing before distribution.

  o  If you distribute this work in part, instructions for obtaining the
     complete version of this manual must be included, and a means for
     obtaining a complete version provided.

  o  Small portions may be reproduced as illustrations for reviews or
     quotes in other works without this permission notice if proper
     citation is given.
  o  ׂĂ̊SȁA͕IȃRs[ɏL̒쌠\Ƃ̋
     mSɕۑĂȂ΂ȂȂB

  o  ̃hLg̖|󂨂єhꍇ́AzzOɒ҂
     ŏF𓾂Ȃ΂ȂȂB

  o  ̃hLg̈ꕔzzꍇ́ASȔł肷@
     т̂߂̎菇񋟂Ȃ΂ȂȂB

  o  K؂Ȉp\ĂȂ΁A̋mȂŃhL
     g̒Z𑼂̘̕_]pŗƂĕĂǂB

  Exceptions to these rules may be granted for academic purposes: Write
  to the author and ask. These restrictions are here to protect us as
  authors, not to restrict you as learners and educators. Any source
  code (aside from the SGML this document was written in) in this
  document is placed under the GNU General Public License, available via
  anonymous FTP from the GNU archive.

  ړȈꍇ͂̃[ɗOF߂邱Ƃ܂A
  ҂ɘAĐq˂ĂB̐͒҂łX邽߂̕
  ŁAwK҂ы҂݂̂Ȃ𐧌邽߂̕ł͂܂B
  hLĝׂẴ\[XR[h (̃hLgĂ
  SGML ͏)  GNU General Public License ̉ɂ܂BGPL  GNU
  A[JCu anonymous FTP œł܂B

  1.3.  #include <disclaimer.h>

  IAÖٓIɊւ炸Aۏ؂łB

  1.4.  |Ҏӎ

  |̍ۂɂ͈ȉ̕Xɑ̗LvȃRgAZĂ܂
  B肪Ƃ܂B

  o  ΒqV

  o  앐r

  o  R`V

  o  L

  o  앐Y

  2.  ߌ^vLV̊Tv

  2.1.  gR

  ``ʏ'' vLV𗘗pɂ́Ap҂ web uEUŃvLṼzX
  gƃ|[gԍw肵܂BuEU̓vLVɃNGXgsȂA
  ɃvLV͂̃NGXgANZXꂽT[o[֓]܂Bʏ
  ͂ŖȂ܂Aɂ͈ȉ̂悤ȏʂɏo킷Ƃ
  ܂B

  o  L킳Albg[N̗p҂ɃvLVg킹悤ɂ
     B

  o  p҂ɃvLVg킹AvLV𗘗pĂƂƂ
     m点ȂB

  o  p҂ɃvLVg킹ASAƂ web uEU̐
     ύXԂȂB
  ꍇɓߌ^vLV𗧂܂Bg web ւ̃N
  GXgvLVœߓIɈƂł܂B܂藘p҂̃\tgEF
  A͑̃T[o[֒ڐڑĂ悤Ɍ܂Aۂɂ̓v
  LVT[o[ւƐڑĂ܂B

  Cisco ̃[^[͓ߌ^̃vLVT|[gĂ܂ALinux [
  ^[Ƃėpł TCP ̃RlNV[J|[gփ_C
  NgΓߌ^vLVƂē삵܂Bł web vLVK؂
  ̃T[o[ɐڑł悤ɂ邽߂ɂ́A_CNgĂ
  Ƃ web vLVɔFƂKvƂȂ܂Bɂ͈ʂɈ
  2 ̕@p܂B

  p web vLVߌ^vLVƂėpłȂ́Aweb v
  LV̑OɑSĂ̂₱ƂɂĂAtransproxy Ƃ
  Õf[𗘗pł܂Btransproxy  John Saunders ɂď
  ܂B  <ftp://ftp.nlc.net.au/pub/unix/transproxy/> 
  metalab ̃~[ł܂Btransproxy ɂĂ͂̃hL
  gł͏qׂ܂B

  (󒍁Ftransproxy  web TCg  <http://www.transproxy.nlc.net.au/>
  ɂ܂)

  ǂ@́Aߌ^vLVƂėpł web vLV
  邱ƂłBŐ̂ squid łBsquid ̓I[v\[X
  Unix pLbVOvLVT[o[ŁA <www.squid-cache.org> 
  ł܂B

  2.2.  ̃hLgŎ舵͈

  ̃hLgł͎M_(2000N3)ōŐV̈łł squid o[
  W 2.3  Linux J[lo[W 2.2 ɂďqׂĂ܂
  A squid 2.0  Linux J[l 2.1 ł̃hLg̓eʗp
  ͂łBȑÕ[Xłł̏񂪕Kvł
  <www.unxsoft.com> hLgł܂B

  (󒍁F|󎞓_(2000N6)ł̈ł squid 2.3  J[l 2.2.14 
  )

  Linux 2.3 gɂ́Aipchains ̑ netfilter ƂgK
  v܂BłJł̃J[lgĂ悤ȕ
  Anetfilter ɊւĂ͕t̃hLgǂŎ͂ŗł
  傤BłȂ̂łΊJŃJ[l͎gׂł͂܂
  ({łBMĂ)BLinux 2.4 [Xꂽ netfilter
  ɂĂ̋Lq̃hLgɂ܂B

  3.  J[l̐ݒ

  ܂AJ[lɓK؂ȃIvVw肳Ă邱ƂmFKv
  ܂BfBXgr[VɓĂJ[lgĂꍇ
  ɂ́Aߌ^vLVɂȂĂ邩܂(̋L
  ΁A Redhat6.1 ł͗LɂȂĂƎv܂Aۏ؂͂ł܂)B
  悭Ȃɂ͂̃ZNV͓ǂݔ΂Ă܂̂ǂł
  B̃ZNVŎsR}hȃG[o͂ꍇA
  J[lݒ肳Ă܂B

  (󒍁F Debian (potato) ̃J[l 2.2.13 łAɂȂĂ邻
  )

  ߌ^vLVg悤ɃJ[lݒ肳ĂȂɂ͍ăRpC
  Kv܂BJ[l̍ăRpC̎葱͂₱(
  ƂA߂Ă̐lɂ)A܂̃hLg̔eł͂܂BJ
  [lRpCɊւ񂪕Kvł
  <http://metalab.unc.edu/pub/Linux/docs/HOWTO/Kernel-HOWTO> QƂ
  B

  (󒍁F {  <http://www.linux.or.jp/JF/JFdocs/Kernel-
  HOWTO.html> ɂ܂)

  ݒ肷Kv̂鍀ڂ͎̒ʂł(ǂW[ɂ邱Ƃ͂ł
  ܂)B

  o  Sysctl support

  o  TCP/IP networking

  o  IP: firewalling

  o  IP: always defragment

  o  IP: transparent proxy support

  o  /proc filesystem support

  쐬J[lN IP tH[fBOLɂKv
  ł傤BIP tH[fBOƃ}V[^[Ƃē삵
  Bʂ̃[U[͂̋@\KvȂ߁AftHgł͂̋@\͖
  ɂȂĂ܂AsɖIɗLɂKv܂B
  fBXgr[VɂĂ͊ɗLɂȂĂ邩܂Bm
  Fɂ ``cat /proc/sys/net/ipv4/ip_forward'' s܂B``1''
  \ΗLɂȂĂ܂BłȂȂ ``cat '1' >
  /proc/sys/net/ipv4/ip_forward'' s܂B /etc/rc.d/ ɂ
  NɎsXNvgɂ̃R}hǉƗǂł傤B

  (󒍁FRedhat nł /etc/rc.d/rc.local ɋLq邩A邢
  /etc/sysconfig/network  FORWARD_IPV4=true LqĂΗǂł
  B Debian ̏ꍇApotato ȑȌꍇ͏LƓl ``cat '1' >
  /proc/sys/net/ipv4/ip_forward'' s܂Bpotato ȍ~ł
  /etc/network/options  ip_forward=no Ƃ̂̂ŁA
  ip_forward=yes ɕύX /etc/init.d/networking ƂXNvg
  ``cat '1' > /proc/sys/net/ipv4/ip_forward'' Ă܂)

  4.  squid ̐ݒ

  squid ݒ肵As܂傤BŐV tarball   <www.squid-
  cache.org> _E[h܂BJłł DEVEL o[Wł͂
  Ałł STABLE o[Wł邱ƂmFĂBM
  _(2000N6)̍ŐVł squid-2.3.STABLE1.tar.gz łB

  āA_E[ht@C(``tar -xzf <t@C>'' gp
  )WJ autoconf XNvg(``./configure'') sARpC
  (``make'')ăCXg[(``make install'')܂傤B

  ɃftHg squid.conf t@C(ύXȂCXg[
  /usr/local/squid/etc/squid.conf ł)ҏW܂Bsquid.conf ɂ͔
  ɑ̃Rg܂܂Ă܂BہAsquid ɊւłǂhL
  g squid.conf łBSĂ̐ݒ肪INɁAxŜ
  ǂ݂ȂǂłȀ͍ŏ̐ݒ肾sȂ܂傤B
  ̂悤ȃfBNeBuTăRg(s #)OAK؂Ȓlɕ
  X܂B

  o  httpd_accel_host virtual

  o  httpd_accel_port 80

  o  httpd_accel_with_proxy on httpd_accel_uses_host_header on

  Ō http_access fBNeBuĂ݂܂傤BftHgł͒ʏ
  ``http_access deny all'' ɂȂĂ邽 squid ւ̃ANZX͒Nł
  ȂԂƂȂĂ܂B̏͂ ``http_access allow all'' ɕ
  XĂ\܂񂪁Aۂɉ^pۂɂ ACL(Access Control List) 
  ăhLgǂ݁A[J̃lbg[N(Ȃǂ̌肳ꂽ
  )̃[U[płLbVݒ肵قǂł傤B
  ǂłƂƎv邩m܂񂪁ALbVւ̃ANZXɂ
  炩̐ǂłBtB^OsȂĂt@CA
  EH[(|m̃tB^[⌾_قǎRłȂ̃tB^[
  )̒ɂĺAxXANZX̂ȂvLV ``Ƃ'' o
  hHԂĂ܂܂B

  LbVfBNg ``squid -z'' ŏ܂(squid ̃o[W
   1.1.16 ȍ~̎łBO̔ł̎́A΂Ďs
  ȂĂ)B

  /usr/local/squid/bin/ fBNg RunCache XNvg squid N
  ܂傤Bweb uEŨvLVݒ squid ̓삵Ă}V
  IP AhXу|[g 3128(|[gԍftHgύXĂ
  ꍇ)ɐݒ肷΁Asquid 𕁒ʂ̃vLVƂĎgpł͂łB

  ݒɊւڍׂȏ  <www.squid-cache.org>  squid FAQ Q
  ƂĂB

  (󒍁F squid Internet Object Cache ֘Ãy|W
  <http://www.pa.airnet.ne.jp/~kaz/sysadm/squid/index.html> squid FAQ
  { <http://vcsel-www.pi.titech.ac.jp/cache/Squid-FAQ-j.html> 
  QlɂȂł傤B

  5.  ipchains ̐ݒ

  ipchains (J[l 2.2 x[X)قڑSẴfBXgr[VŃC
  Xg[ς݂łAɂ
  <ftp://ftp.rustcorp.com/ipchains/> ł܂Bipchains ͔
  ptȃc[łAł͏ʂグ܂BڍׂɊւ
  Ă ipchains HOWTO
  <http://www.rustcorp.com/linux/ipchains/HOWTO.html> QƂĂ
  B

  (󒍁F  <http://www.linux.or.jp/JF/JFdocs/ipchains-mini-HOWTO.html>
  Ƃ܂B͖|łł͂ȂA܂ЂƂ̃IW
  ił)

  [ݒ肷ɂ́AvLVT[o[ IP AhX(ł192.168.1.1
  gp܂) squid 삵Ă|[gԍ(ł̓ftHg 3128
  ł )mĂKv܂B

  n߂ɁÃT[o[oRŊO web T[o[֏oĂSẴpPbg
  ܂Bݒ loopback C^[tF[XƃC[TlbgC^[
  tF[X̗ōsȂǂł傤BvLVT[o[ web T
  [o[삵ĂȂĂAł̍Ƃ͔΂ׂł͂܂B
  ł̃[ݒ肳ĂȂƁAvLVg֐ڑ悤Ƃꍇ
  ɖ[vɂȂĂ܂܂B̃R}hs܂傤B

  o  ipchains -A input -p TCP -d 127.0.0.1/32 www -j ACCEPT

  o  ipchains -A input -p TCP -d 192.168.1.1/32 www -j ACCEPT

  ēߌ^vLV̂߂̖@̎͂łB

  o  ipchains -A input -p TCP -d any/0 www -j REDIRECT 3128

  L 3 ̃R}h /etc/rc.d/ ɂK؂ȋNXNvgɒǉ
  傤B

  (󒍁F REDIRECT w肳Ăƃ[gzXgւ̃pPbgł
  A[Jփ_CNg܂)

  6.  ܂Ƃ

  ܂ł̏SĂ܂Ã}V̐ݒsȂ܂傤BQ[
  gEFC squid ̓삵Ă}V IP ɕύXAweb Ă݂
  BOt@C /usr/local/squid/logs/access.log āAO֒ڂ
  ͂ȂA{ɃvLVoRŃNGXgtH[hĂ邩ǂ
  mF܂傤B

  (󒍁F Debian  Redhat n̏ꍇ /var/log/squid/access.log ł)

  7.  ɒmɂ

  Ȃ鏕KvȎɂ  <www.squid-cache.org>  squid FAQ 
  squid [OXgQƂĂB܂A(drk@unxsoft.com) 
  [Ă\܂BԂ(Ȃ܂)Aɓ
  悤Ǝv܂B

