Squid - squid, DNS dnsserver, ftp ftpget, . squid , dnsserver-, , DNS . DNS.
Squid ARPA Harvest. http://harvest.cs.colorado.edu/
- Harvest. Squid , .
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
, : squid-faq@nlanr.net.
% gzip -dc squid-x.y.z-src.tar.gz | tar xvf -
,
% cd squid-x.y.z
% ./configure
% make all
% make install
GNU C (gcc) . ANSI C, . GNU C ftp://prep.ai.mit.edu/pub/gnu/. . --prefix . /usr/local/squid. :
% cd squid-x.y.z
% ./configure --prefix=/some/other/directory/squid
/usr/local/squid/bin/RunCache &
% client http://www.netscape.com/ > test
HTTP - . :url_get, ftp://ftp.pasteur.fr/pub/Network/url_get/, echoping, ftp://ftp.pasteur.fr/pub/Network/echoping/. access.log cache.log.
cd squid-1.1.x
patch < /tmp/fixes.patch
'src', :
cd squid-1.1.x/src patch < /tmp/fixes.patch patch - , GNU FTP site.
, squid.conf childcache.example.com , :
# squid.conf - On the host: childcache.example.com # # Format is: hostname type http_port udp_port # cache_host parentcache.example.com parent 3128 3130 cache_host childcache2.example.com sibling 3128 3130 cache_host childcache3.example.com sibling 3128 3130cache_host_domain , :
# squid.conf - On the host: sv.cache.nlanr.net # # Format is: hostname type http_port udp_port # cache_host electraglide.geog.unsw.edu.au parent 3128 3130 cache_host cache1.nzgate.net.nz parent 3128 3130 cache_host pb.cache.nlanr.net parent 3128 3130 cache_host it.cache.nlanr.net parent 3128 3130 cache_host sd.cache.nlanr.net parent 3128 3130 cache_host uc.cache.nlanr.net sibling 3128 3130 cache_host bo.cache.nlanr.net sibling 3128 3130 cache_host_domain electraglide.geog.unsw.edu.au .au cache_host_domain cache1.nzgate.net.nz .au .aq .fj .nz cache_host_domain pb.cache.nlanr.net .uk .de .fr .no .se .it cache_host_domain it.cache.nlanr.net .uk .de .fr .no .se .it cache_host_domain sd.cache.nlanr.net .mx .za .mu .zm, pb.cache.nlanr.net it.cache.nlanr.net uk, de, fr, no, se it, sd.cache.nlanr.net mx, za, mu zm, cache1.nzgate.net.nz au, aq, fj, nz.
cache_announce 24 announce_to sd.cache.nlanr.net:3131 : NLANR. NLANR , NLANR.
(, ). HTTP . 80 ( ), , HTTP "" HTTP ( ). ( ).
web , HTTP , . ICP web .
Squid . , HTTP URL , .
" " , . , web- . , . , .
Squid Harvest CERN . httpd , web- ( 80 ), httpd ( 81 ).
web URL 81 httpd. , HTML GIF-, httpd ( 81 ) - , cgi-bin . , web-.
, squid httpd- , . . Squid httpd- , httpd_accel_with_proxy on squid.conf.
inside_firewall squid.conf . :
inside_firewall example.com
:
inside_firewall example.com example.org example.net
inside_firewall . . :
dnsserver , squid . dnsserver-, squid, . , dnsserver , . , dnsserver .
socks5, Squid. , -Dbind=SOCKSbind etc -lsocks .
Netscape Navigator. Netscape Navigator JavaScript http://home.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html
JavaScript Oskar Pearson:
//We (www.is.co.za) run a central cache for our customers that they
//access through a firewall - thus if they want to connect to their intranet
//system (or anything in their domain at all) they have to connect
//directly - hence all the "fiddling" to see if they are trying to connect
//to their local domain.
//Replace each occurrence of company.com with your domain name
//and if you have some kind of intranet system, make sure
//that you put it's name in place of "internal" below.
//We also assume that your cache is called "cache.company.com", and
//that it runs on port 8080. Change it down at the bottom.
//(C) Oskar Pearson and the Internet Solution (http://www.is.co.za)
function FindProxyForURL(url, host)
{
//If they have only specified a hostname, go directly.
if (isPlainHostName(host))
return "DIRECT";
//These connect directly if the machine they are trying to
//connect to starts with "intranet" - ie http://intranet
//Connect directly if it is intranet.*
//If you have another machine that you want them to
//access directly, replace "internal*" with that
//machine's name
if (shExpMatch( host, "intranet*")||
shExpMatch(host, "internal*"))
return "DIRECT";
//Connect directly to our domains (NB for Important News)
if (dnsDomainIs( host,"company.com")||
//If you have another domain that you wish to connect to
//directly, put it in here
dnsDomainIs(host,"sistercompany.com"))
return "DIRECT";
//So the error message "no such host" will appear through the
//normal Netscape box - less support queries :)
if (!isResolvable(host))
return "DIRECT";
//We only cache http, ftp and gopher
if (url.substring(0, 5) == "http:" ||
url.substring(0, 4) == "ftp:"||
url.substring(0, 7) == "gopher:")
//Change the ":8080" to the port that your cache
//runs on, and "cache.company.com" to the machine that
//you run the cache on
return "PROXY cache.company.com:8080; DIRECT";
//We don't cache WAIS
if (url.substring(0, 5) == "wais:")
return "DIRECT";
else
return "DIRECT";
}
% setenv http_proxy http://mycache.example.com:3128/
% setenv gopher_proxy http://mycache.example.com:3128/
% setenv ftp_proxy http://mycache.example.com:3128/
Lynx lynx.cfg. Lynx . :
http_proxy:http://mycache.example.com:3128/ ftp_proxy:http://mycache.example.com:3128/ gopher_proxy:http://mycache.example.com:3128/
Microsoft Netscape JavaScript. , MSIE 3.0a Windows 3.1 Windows NT 3.51 (, 3.01 build 1225 Windows 95 NT 4.0, ).
MSIE , Options View. Advanced Automatic Configuration. URL JavaScript. MSIE. MSIE JavaScript .
, , . .
Warning: this technique has several significant shortcomings!
# # Code maturity level options # CONFIG_EXPERIMENTAL=y # # Networking options # CONFIG_FIREWALL=y # CONFIG_NET_ALIAS is not set CONFIG_INET=y CONFIG_IP_FORWARD=y # CONFIG_IP_MULTICAST is not set CONFIG_IP_FIREWALL=y # CONFIG_IP_FIREWALL_VERBOSE is not set CONFIG_IP_MASQUERADE=y CONFIG_IP_TRANSPARENT_PROXY=y CONFIG_IP_ALWAYS_DEFRAG=y # CONFIG_IP_ACCT is not set CONFIG_IP_ROUTER=yhttp://www.xos.nl/linux/ipfwadm/ ipfwadm . Ipfwadm . /etc/rc.d/rc.inet1 (Slackware) . . , forwarding (masquerading).
/etc/rc.d/rc.firewall:
#!/bin/sh
# rc.firewall Linux kernel firewalling rules
FW=/sbin/ipfwadm
# Flush rules, for testing purposes
for i in I O F # A # If we enabled accouting too
do
${FW} -$i -f
done
# Default policies:
${FW} -I -p rej # Incoming policy: reject (quick error)
${FW} -O -p acc # Output policy: accept
${FW} -F -p den # Forwarding policy: deny
# Input Rules:
# Loopback-interface (local access, eg, to local nameserver):
${FW} -I -a acc -S localhost/32 -D localhost/32
# Local Ethernet-interface:
# Redirect to Squid proxy server:
${FW} -I -a acc -P tcp -D default/0 80 -r 80
# Accept packets from local network:
${FW} -I -a acc -P all -S localnet/8 -D default/0 -W eth0
# Only required for other types of traffic (FTP, Telnet):
# Forward localnet with masquerading (udp and tcp, no icmp!):
${FW} -F -a m -P tcp -S localnet/8 -D default/0
${FW} -F -a m -P udp -S localnet/8 -D default/0
80 . - :
IP firewall input rules, default policy: reject type prot source destination ports acc all 127.0.0.1 127.0.0.1 n/a acc/r tcp 10.0.0.0/8 0.0.0.0/0 * -> 80 => 80 acc all 10.0.0.0/8 0.0.0.0/0 n/a acc tcp 0.0.0.0/0 0.0.0.0/0 * -> *squid.conf:
http_port 80 icp_port 3130 httpd_accel virtual 80 httpd_accel_with_proxy on, virtual !
Windows 95 Microsoft Internet Explorer 3.01 Netscape Communicator .
squid 80 . :
${FW} -I -a rej -P tcp -S localnet/8 -D dec/32 80
IP firewall input rules, default policy: reject
type prot source destination ports
acc all 127.0.0.1 127.0.0.1 n/a
rej tcp 10.0.0.0/8 10.0.0.1 * -> 80
acc/r tcp 10.0.0.0/8 0.0.0.0/0 * -> 80 => 80
acc all 10.0.0.0/8 0.0.0.0/0 n/a
acc tcp 0.0.0.0/0 0.0.0.0/0 * -> *
: ,
URL , .