  Transparent Proxy with Squid mini-HOWTO

  Daniel Kiracofe
  v1.1, 2000 9 29
  Ȳ sj@kldp.org
  2001 1 3

      squid Ͽ ƮƮ ĳ(trans
  parent cache) ϴ HTTP Ͻ (HTTP proxy server)
  ϴ    Ѵ.
  ______________________________________________________________________

  

  1. Ұ
     1.1 ڸƮ
     1.2 ۱ǰ ȣ
     1.3 #include <disclaimer.h>

  2. ƮƮ Ͻ(Transparent Proxying) 
     2.1  ο
     2.2   

  3. Ŀ ϱ
  4. squid ϱ
  5. ipchains ϱ
  6.  Ѳ ϱ
  7. ļ ڿ

  ______________________________________________________________________

  1.  Ұ

  1.1.  ڸƮ

   ̴ Ͽ(mini HOWTO)  ڸƮ Ϲ ǵ(feedback)
  ȯϰ, drk@unxsoft.com  Daniel Kiracofe   
  ִ.

  1.2.  ۱ǰ ȣ

  ۱ 2000  UnxSoft  (www.unxsoft.com)

   ,     Ͽ, , ü Ǵ
  κ   ִ:

  o   ۱   㰡  ݵ  ϰų κ
     纻 ϰ Ǿ Ѵ.

  o    Ǵ Ļ ۹̶   ۼǴ  ݵ
     ڿ  ΰǾ Ѵ.

  o    ۹ κ Ϸ,  Ŵ  
     ϴ   ø ݵ ԽѾ ϰ,  
     ϱ   Ͽ Ѵ.

  o    ο ־ٸ  㰡    κ
     ٸ ۹ 䳪 ο  μ   ִ.

  ̷   ܰ й  ؼ ȴ: 
   Ἥ û϶.  ̷  , л  
  ϴ  ƴ϶, 츮 ڷμ ȣϰ ̴.  ( 
  ۼ  SGML )     ҽ ڵ GNU
  General Public License , GNU archiveκ ͸ FTP 
    ִ.

  1.3.  #include <disclaimer.h>

  No warranty, expressed or implied, etc, etc, etc...

  2.  ƮƮ Ͻ(Transparent Proxying) 

  2.1.   ο

  "" Ͻø Կ ־, Ŭ̾Ʈ  ¡
  Ʈ(web browsing software) Ͻ ȣƮ Ʈ ȣ
  Ѵ. ׷  Ͻÿ ûϰ, Ͻô 
  ׷ û Ѵ. ̰   پ,  
  Ȳ  ϳ ⵵ Ѵ. ,

  o  Ʈũ  Ŭ̾Ʈ, ϵ ġ ʵ , Ͻø
     ϵ ϱ⸦ Ѵ.

  o  Ŭ̾Ʈ Ͻø ϱ⸦ , ׵ Ͻø
     ϴ ˸  ʴ.

  o  Ŭ̾Ʈ Ͻø ϰ ,  õ Ȥ   
       ϴ ۾ ü  ʴ´.

  ̷ Ȳ ƮƮ Ͻ  ϴ.   û Ͻÿ
   ä  ִ. , Ŭ̾Ʈ Ʈ ˰ ֱδ,
    ϰ, δ Ͻ  ̴.

  ý ʹ ƮƮ Ͻø ϴ  Ѵ.
  ׷, ( Ե)  ͷ   ְ, TCP 
   Ʈ(local ports) ν ƮƮ Ͻ 
  ϱ⵵ Ѵ. ׷, 츮  Ͻð   ˵
   ʿ䰡  ְ, ׷      ִ.
  ̷ ۵   Ϲ  ִ:

  ù °   Ͻð ƮƮ Ͻø  ϴ
  ̴.   Ͻ ݺο ̰  ؼ °
      ƮϽ (transproxy) Ҹ
       ִ. ƮϽô John Saunders
   ۼǾ, ftp://ftp.nlc.net .au/pub/linux/www/ Ǵ metalab
  ̷ Ʈκ   ִ.  ƮϽô    ̻
    ̴.

    ַ ƮƮ Ͻ ü ˰ ִ 
  Ͻø  ̴.  ⼭ 츮    squid̴.
  squid н ý   ҽ (Open Source) ĳ Ͻ
  ̴. www.squid-cache.orgκ   ִ.

  2.2.    

    squid 2.3   Ŀ 2.2 ,   
  (2000 3)      ̴.  2.0
   ֱ 2.1  Ŀε鸸ŭ  squid  ۵Ѵ.
     ǥ   ʿϴٸ www.unxsoft.com
     ã  մ.

     2.3 ϱ Ѵٸ, ipchains ſ
  netfilter Ҹ  Ͽ Ѵ. ׷,  
  Ŀ ϰ ִٸ,  κ  ڽ 
  netfilter   ִٰ Ѵ.  ׷ ʴٸ, 
    Ŀ ؼ  ȴ.  2.4 ǥǸ  
  netfilter ٷ  ŵ ̴.

    HTTP Ͻø ϴ ͸  ٷٴ 
  ˸. ƮƮ FTP Ͻø ϴ Ϳ   ڿ
   ޴´. ϰ FTP 븮(Ͻ)ϴ  ̷
  Ұ , ݸ鿡 HTTP ξ  ư, ׷  
      ϴ   Ѵ.    ˰
  , е ڽ HOWTO ۼϵ Ѵ...

  3.  Ŀ ϱ

  ,   ɼ  Ŀο  Ǿ Ȯ
  ʿ䰡 ִ.     κ ǥ Ŀ
  ϰ ִٸ, ƮƮ Ͻ    ְ
     ִ. (IIRC, װ RH 6.1 ִ. ׷ װͿ
  ؼ  ο .)   Ȯ Ѵٸ, ϱ⿡
        ǳʶٴ ̴. ׸,  
  ǿ  ɾ    Ѵٸ, װ
  Ƹ Ŀ ϰ    ̴.

    Ŀ ƮƮ Ͻø ϵ 
  ʾ, ٽ  ʿ䰡  ̴. Ŀ ٽ  ϴ
   (  ó)  ̰,    Ѿ
  ̴.  Ŀ  Ͽ  ʿ䰡 ִٸ, The Kernel HOWTO
  <http://metalab.unc.edu/pub/Linux/docs/HOWTO/Kernel-HOWTO> .

     ʿ䰡 ִ ɼ  . (: ̰͵
    ͵ μ   ȴ.)

  o  Sysctl support

  o  TCP/IP networking

  o  IP: firewalling

  o  IP: always defragment

  o  IP: transparent proxy support

  o  /proc filesystem support

  ϴ  Ŀ ÷ ϰ ִٸ, IP forwarding  
  ʿ䰡  ̴.  IP forwarding  ǻͰ ͷ
  ϴ  Ѵ. ̰ Ϲ  ڰ ϱ⸦ ϴ
   ƴϱ  ⺻  ְ   ÿ 
  ؾ߸ Ѵ. ׷,    ̹   ̰ 
   ִ. ϱ Ͽ, "cat /proc/sys/net/ipv4/ip_forward"
  ϶.   "1"    ̴.׷ , "cat '1' >
  /proc/sys/net/ipv4/ip_forward" ϶.    /etc/rc.d/
   õ(bootup) ũƮ  ɾ ߰ϱ⸦  ̴.

  4.  squid ϱ

  츮 squid غϰ ų ʿ䰡 ִ. www.squid-
  cache.orgκ ֽ ҽ Ÿ(tarball) ٿε Ѵ.  
  ƴ, (STABLE)   Ȯ϶.    
  ֽ  squid-2.3.STABLE4.tar.gz.

  , ī̺(archive) Ǯ(untar)  (gunzip) ϶ ("tar
  -xzf <filename>" ϶) ڵ(autoconfiguration) ũƮ
  ϰ("./configure"), ("make") ϰ,  Ŀ ġ϶("make
  install").

  , (⺻  ٲ ʾҴٸ,
  /usr/local/squid/etc/squid.conf  ġ) ⺻ squid.conf 
   ʿ䰡 ִ. squid.conf   ּ ޷ ִ. ǻ,
  squid      ϳ squid.conf   ִ.
     غϰ  Ŀ ǵ    ٽ
  о Ѵ. , 켱 ּ  û .  ڸ
  ãƼ ּ ְ(uncomment),    ϶:

  o  httpd_accel_host virtual

  o  httpd_accel_port 80

  o  httpd_accel_with_proxy on httpd_accel_uses_host_header on

  , http_access ڸ . ⺻δ 밳 "http_access deny
  all"̴. ̰   squid ϴ   ̴.
  켱,  "http_access allow all"   ְ, ϴ
  ۵ϰ  Ƹ ACL (Access Control List)  а  
  Ʈũ ִ ׸ ĳ(cache)   ֵ ĳ
   ʿ䰡  ̴. ̰   , 
  ĳ ϴ  ־    ݵ ξ Ѵ. (
   Ǵ ߾ ſ      
  (filtering) ȭ      Ͻø
  "Żϰ"  뿪  Ѵ .

  "squid -z" ĳ 丮 ʱȭ ϶. ( ̰ squid 
  ġϴ  ƴϸ  ܰ踦 ǳʶپ Ѵ.)

  , /usr/local/squid/bin/ 丮 ִ RunCache ũƮ
  Ͽ squid ϶.  ۵Ѵٸ,   Ͻ
   ش ڽ IP (⺻ Ʈȣ  ʾҴٸ) Ʈ
  3128 ߰,  Ͻ÷μ squid   ־ Ѵ.

  ϴ   ߰  ʿϴٸ www.squid-cache.org
  FAQ .

  5.  ipchains ϱ

  ipchains   ֱ  (Ŀ 2.2  ) Բ
  ġǾ.  ׷,  ipchains  ʾҴٸ
  ftp://ftp.rustcorp.com/ipchains/κ   ִ. ipchains ſ
   ̰, ⼭  ӱ⿡ Ұ ̴.    
  ϸ ipchains HOWTO 
  http://www.rustcorp.com/linux/ipchains/HOWTO.html .

  Ģ ϱ Ͽ   ˾ƾ  ʿ䰡 ִ. ڽ IP
  ּ(ϳ μ  192.168.1.1  ̴) squid 
   Ʈ װ͵̴.

  ù °, 츮  ڽ   ϴ Ŷ 
   ʿ䰡 ִ.  츮 (loopback) ̽
  ̴(ethernet) ̽   Ͽ Ѵ.   ڽ
    ٰ ϴ  ܰ踦 ǳʶپ  ȴ.
  ̷ Ģ  Ͻð  ڽ  õϴ 
  (forwarding) ݺ   ֱ ̴.   ɾ
  ϶:

  o  ipchains -A input -p TCP -d 127.0.0.1/32 www -j ACCEPT

  o  ipchains -A input -p TCP -d 192.168.1.1/32 www -j ACCEPT

  , ƮƮ Ͻø ϱ  ֹ(magic words)̴:

  o  ipchains -A input -p TCP -d any/0 www -j REDIRECT 3128

   /etc/rc.d/ Ʒ  õ ũƮ  ɾ
  ߰ ʿ䰡  ̴.
  6.   Ѳ ϱ

     ݱ  Ǿٸ, ٸ   Ʈ̸
  ο squid ڽ IP ٲٰ ͳ  . ׷ û 
     ſ δ  Ͻø  ޵Ǵ
   ȮϷ, /usr/local/squid/logs/access.log α 
  ϶.

  7.  ļ ڿ

     ʿϴٸ, www.squid-cache.org squid FAQ
  Ǵ squid ϸƮ Ȯ϶. , drk@unxsoft.com 
  ڿ   ִ. ð ϸ   ϵ
   ̴. ( ϱ⵵ ϰ,  ׷   ̴)
  , , , "ipchains -L"    õ κ
  Ϸ  ޶.  Ȥ, ׷  쿡, Ƹ   
   ϰ  ̴...

