Tomasz Chmielewski
tch@metalab.unc.edu
??????? ?? ???????: (C) ???? ?????.
ipesin@post.Lviv.UA
???????? ?????????:
???????? 0.9 2001-11-20 ?????????: tc
???? ???????? ????????? ????????? Linux-??????? ??? ??????????? ??????????
??????????? (????????) ?????? ??????? ? Internet. ????? ????, ???????????????
??????? ???????????? ??????????? ????????????? ??????? ? Internet.
??????????
1. ????????
1.1. ????? ?????? ????? ?????????
1.2. ????? ?? ??????????? ???????????????
1.3. ????????? ????? ? ????????
1.4. ?????? ? ???????????
1.5. ?????????????
2. ????? ???, ??? ??????
2.1. ??? ??? ?????
2.2. ??? ??? ?????????
3. ????????? ? ????????? ???????????? ???????????? ???????????
3.1. ????????? Squid ? ???????? ????? ????????
3.2. ????????? Squid ? ?????????????? ????? ????????
3.3. ??????? ?????????? ???????
4. ?????????? CBQ ??? ?????? ??????????
4.1. FTP
4.2. Napster, Realaudio, Windows Media ? ?????? ????????
5. ????? ?????????? ???????
5.1. ???????? ?? ? ??????? ????? ???????? ??????????? ???????? ??????? ??
????????? IP-?????? ????????
5.2. ??? ????????? wget ???????? ????? Squid?
5.3. ? ????????? SOCKS-?????? ?? ????? 1080 ? ?????? ?? ???? ???????????? ?
???????? IRC.
5.4. ??? ?? ????????, ????? Kazaa ? Audiogalaxy ???????? ???? ??? ?????.
5.5. ??? ???????? ????? ??? ???????? ?????? ???????? ???? ?????.
5.6. ???? ?? ? ????????, ????????? ? ?????????? ???????, ?????????? ?????? ????
FTP ? WWW ?????????
5.7. ???????? ?? ?????????? ???????? ??????? ?? ????????? IP-?????? ??????? ?
??????? ??????? cbq.init?
5.8. ??? ??????? cbq.init ???????? ????????? ?? ?????????? sch_cbq.
5.9. ?????? CBQ ?? ???????? ??? ??????? ???????.
5.10. ???? ???????? ???? ?? ??????????: ?????? ? ?? ???? ????????? ???-???? ??
?????? ????????, ???? ???? ????????? ?????? ? ????
5.11. ?????? ???????? ?????? ?????????? ? 23:59 ??-?? ??????
"acl day time 09:00-23:59" ? ????? squid.conf. ????? ?? ???-?? ? ???? ????????
5.12. ????????? (????) Squid ?????? ????? ??????, ??? ???????
5.13. CBQ ???? ?? ??????????: ?????? ? ?? ???? ????????? ???-???? ?? ??????
????????, ???? ???? ????????? ?????? ? ????
6. ??????
6.1. ???????? ???????
1. ????????
?????????? ????? ??????????? -- ?????????????????? ??????? ??????????? ?????????
???????, ??????????? ????? ?????????? ???????????? ??????????? Internet-?????.
??? ???????? ??????? ??? ????????? ??????? ? Internet ??? ????? ???????????? ???
????????? "?????" mp3-??????, ?????? ????? ????????????? Linux ? ?.?.
1.1. ????? ?????? ????? ?????????
????????? ?????? ????? ????????? ????? ????? ?? ????? Linux Documentation Project
(LDP) www.linuxdoc.org.
1.2. ????? ?? ??????????? ???????????????
?? ?????, ?? ????, ??? ??? ????? ???????????????? ???? HOWTO, ?? ????? ???????
??????????????? ?? ??????????, ??????????, ????????? ??? ?????-???? ?????? ??????,
?????????? ? ?????????? ????????????? ??????? ? ????????????, ??????????? ? ????
?????????.
1.3. ????????? ????? ? ????????
????????? ????? ?? ???? ???????? ??????????? ?????? ?????????
(Tomasz Chmielewski), 2001. ??????????? ? ???????????? ? ????????? GNU Free
Documentation License, ??????? ????????, ??? ??????.
1.4. ?????? ? ???????????
???? ? ??? ???? ??????? ??? ??????????? ? ????? ?????????, ?????????? ??
?????? ????????? -- tch@metalab.unc.edu. ? ???? ??? ??? ???????, ??? ? ???????.
???? ?? ?????????? ? ???? ????????? ?????? ??? ???????? (? ?? ?? ??????? ?
??????? ??????????, ??? ??? ?????????? -- ?? ??? ?????? ????), ????? ??? ?????
? ? ????? ????????? ?? ? ????????? ??????. ???????.
1.5. ?????????????
? ????? ?? ????????????? ??? ?. ???????? (Ami M. Echeverri) lula@pollywog.com,
???????? ??? ????????????? HOWTO ? ?????? SGML ? ????????? ????????? ??????.
??? ?? ???? ????????????? ??????? ????????? (Ryszard Prosowicz)
prosowicz@poczta.fm ?? ???????? ??????.
2. ????? ???, ??? ??????
?????????? ????????? ????????:
*
? ??? ???? ???????? ????? ?? ????????? 115,2 ????/? (115,2/10 = 11,5 ?????/?).
??????????: ??? ?????????? ??????? ???? (ethernet) ?? ?????? ???? ?? ?????????
115,2 ?? 8; ??? ???????? ?????????? (?pp), ?? ????? ?? 10 ??-?? ?????????? ?
????????? ????? (8 + 1 + 1 = 10).
*
? ??? ??????? ????????? ????? ? ????????? ????, ???????????? ??????? ?????????
????????? ?? Internet ??????? ?????.
*
?? ?????, ????? web-???????? ??????????? ?????? ??? ??????????? ?? ?????
??????????? ??????.
*
??? Internet ????????? -- ppp0.
*
??? ????????? ??????? ????????? -- eth0.
*
????? ????? ??? - 192.168.1.0/24
2.1. ??? ??? ?????
?????? ??? ???, ?? ??????????? ????????? ??????? -- ?????? ??????? ? ??? ??
????? ?????? ????? ?????????? ?? ????????????? ? ?????????? ????????.
??? ????, ????? ?????????? ???????????, ???, ??? ???????, ????? ??????-??????
Squid; ???? ?? ?? ??????? ??? ????????? ?????????? ?????, ?? ??? ????????
???????????? ??? ? ? ??????????? ipchains ??? iptables, ? ?????????? CBQ
(Class-Based Queue - ????. ???.).
? ????? ???????????? ????????, ????????? ????????? IPTraf.
2.2. ??? ??? ?????????
????????, Squid -- ????? ?????? HTTP ??????-??????, ????????? ??? ?????????
Linux. ?? ????? ?????? ??? ????????? ?????????? ??????????? ?????? ??????
????????? ???? ????? ????????:
*
?????? ???????, ??????? ???????? ???????? ??????????????? ??????-????????
-- ?????????? ??????????? web-???????, ???????? ? ?????? ???????? ? ??????
? ?? ?????. ???, ???? ??? ???????? ????????? ? ????? ? ??? ?? ????????, ???
?? ????? ???????? ????????? ?? Internet, ? ????? ????????????? ?? ??????????
????.
*
????? ???????? ???????????, Squid ???????? ????????????, ??????? ??????????
"?????? ????????" (delay pools). ????????? ???? ????? ?????????? ?????????
???????????? ?????? ??? ?????? ??? ?????????? "?????????? ????", ???????
???????????? ? URL. ????????, ?????????? ?????? ????? ???? '.mp3', '.exe'
??? '.avi'. ????? ????????????? ????? URL (????? ??? .avi) ????? ???? ??????????
??? ?????????? ?????. (??????????, ??? ?? ???????????? ????????, ?? ????????
????? ?????????? ??????. -- ????.???.)
????????? Squid, ?? ????? ????????? ??? ????? ???????, ??? ???????? ??????
????????????? ???? ????? ??????????? ?? ????????? ???????? (? ????? ??????? ???
????? ????? 5 ?????/c). ???? ???? ????????? ????? ????????? ????????????? ?????
?????????? ????? ????????????, ?? ??? ????? ?? ??? ???? ????? ???????? 5 ?????/c,
? ????????? ?????????? ??????????? ????? ?????????????? ??? ????????? web-???????
?????, ????????, irc, ? ?.?.
???????, Internet ???????????? ?? ?????? ??? ???????? ?????? ?? ??????????
http ? ftp. ????? ?? ?????????? ?????? ?? ??????????? ??????? ??? Napster,
Realaudio ? ?????? ??????????.
3. ????????? ? ????????? ???????????? ???????????? ???????????
?????? ? ???????, ??? ?????????? ?????????, ??????????? ??? ??????????? ?
???????????? ?????????? ???????????.
3.1. ????????? Squid ? ???????? ????? ????????
??? ? ??? ??????? ?????, Squid ????? ???????, ??????? ?????????? "????
????????". ??? ????????? ?????????????? ???????? ???????? ??????. ? ?????????,
? ??????????? ?????????????, Squid ???????????? ??? ???? ??????? (???
????????? ?????????? ??????????. ???????? ??????????? ???????????? ??????????
Squid ? ?????????? ???????? ????? ????????. -- ????.???.).
?????? ???? Squid ? ??? ??? ??????????, ?? ? ???? ???????? ??? ????????????:
??? ?????????? ???????. ?? ????????? ??? ??? ???, ?? ??? ? ?????????? ????????
????? ????????. ???? ? ???????, ??? ?? ????????.
1.
????? ?????????? ???????????? ?????????????????? Squid, ????? ???????? ???
???? ????????? ?????? ???????? ??????. ??? ??? ????? ??????????? ? ????????
/cache/. ??? ????? ?????????? ????? 300 ?????, ?????? ?????? ????? ????????
? ??????????? ?? ????? ????.
???? ?? ?? ??????, ??? ????????? ????????? ??????, ????? ?????????? ???????
/cache/ ?? ??????? ???????, ?? ?????????????????? Squid ??????? ????????.
2.
??????? ???????????? 'squid':
# useradd -d /cache/ -r -s /dev/null squid >/dev/null 2>&1
(?????? ????????, ??? ?? ??? ?????? ??? ????? ?????? ???????. ?? ?? ???????
??????? ?? ????????? ?? ??????????, ?? ????????? ?? ???????, ???? ???????
????????. ?????????? ???????????? ???????:
# useradd -d /cache/ -r -s /dev/null squid
-- ????. ???.)
?????, ???? root, ?? ????? ????? ? ??????? ??? ????????????? squid.
3.
????????? ???????? ?????? Squid ? ??????? www.squid-cache.org
????? ? ????? ???? ????????, ????????? ??????? ??? Squid 2.4 stable 1:
www.squid-cache.org/Versions/v2/2.4/squid-2.4.STABLE1-src.tar.gz
(?? ?????? ??????, ????????? ??????? ???????? Squid 2.5.STABLE1 -- ????.???.)
4.
????????????? ??? ? ??????? /var/tmp:
5.
# tar xzpf squid-2.4.STABLE1-src.tar.gz
6.
??????????? (? ?????????? ????? ????????. -- ????.???.) ? ????????????? Squid:
<#./configure --prefix=/opt/squid --exec-prefix=/opt/squid --enable-delay-pools
--enable-cache-digests --enable-poll --disable-ident-lookups --enable-truncate
--enable-removal-policies
# make all
# make install
3.2. ????????? Squid ??? ????????????? ????? ????????
1.
??????????? ??? ???? squid.conf (????????????? ? ???????? /opt/squid/etc/squid.conf):
#squid.conf
#?????? ???? ? ???? ????? ????? ???????? ?????? ? ????????????
#????? squid.conf
#? ?? ?????? www.visolve.com/squidman/Configuration%20Guide.html
#
#?????, ??????? Squid ????? "???????".
http_port 8080
icp_port 3130
#????? ? ????????? cgi-bins ???????????? ?? ?????.
acl QUERY urlpath_regex cgi-bin ?
no_cache deny QUERY
#????? ??????, ??????? ????? ???????????? Squid.
#???? ?? ????? ???????????? ??????? ??????.
# (????? ??????, ?????????? Squid, ?????????????? ?? ???????:
# cache_mem * 3 -- ????. ???.).
cache_mem 16 MB
#250 ????????, ??? Squid ????? ????????????
#250 ?? ????????? ????????????.
cache_dir ufs /cache 250 16 256
#?????, ??? ????? ??????????? ????? ????????.
cache_log /var/log/squid/cache.log
cache_access_log /var/log/squid/access.log
cache_store_log /var/log/squid/store.log
cache_swap_log /var/log/squid/swap.log
#??????? ?????? ???????? ????????? ?? ?? ????????.
#?????????? ? ???? ?? ????? ????????? ???????????.
logfile_rotate 10
redirect_rewrites_host_header off
cache_replacement_policy GDSF
acl localnet src 192.168.1.0/255.255.255.0
acl localhost src 127.0.0.1/255.255.255.255
acl Safe_ports port 80 443 210 119 70 20 21 1025-65535
acl CONNECT method CONNECT
acl all src 0.0.0.0/0.0.0.0
http_access allow localnet
http_access allow localhost
http_access deny !Safe_ports
http_access deny CONNECT
http_access deny all
maximum_object_size 3000 KB
store_avg_object_size 50 KB
#??? ????????? ?????, ???? ?? ?????? ???????? ? "??????????" ??????.
#?????????? ??????-?????? ????????, ??? ??? ?? ???????? ???
#??????????? ? ?????????? ?????????. ? ????, ??????, ???? ? ???? ??????.
#???? ?? ?????? ???????? ??? ?????? ?????????????????????, ?? ??? ??
#?? ??? ?? ?????????
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
#???? ??????? ???????? ????? ????????, ??? ???? ?????????
#???????????? ?????????? ??????? Mozilla, ?????????? ?? Linux. :)
anonymize_headers deny User-Agent
#????????? ??? ? ???? ??????:
fake_user_agent Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6+)
Gecko/20011122
#??? ?? ??????? ???? ?????????? ??? ???????, ????????? ????
#??? ??????, ??????????? ??????????? ????. ??? ????? ?????????
#?? ???????????? ??????-?????? ??? ?????? Squid. ?? ???????? ????????
#????? ?? ???, ??????? ????? ? ???!
#??? ????????? ??????????? ping, traceroute ? ?.?.
#?????????, ??? ????? http ? icp ??????? ?????.
#???????????????? ??????, ???????????? ? "cache_peer", ???? ??????????.
#??? ??????-??????, ??????? ?? ??????????? ???????????? ??? ???? ????????...
#cache_peer w3cache.icm.edu.pl parent 8080 3130 no-digest default
#...????? ???????? ? ???????, ???????????? ? "!".
#???????? ???? ?? ???????????? ???????????? ??????-?????? ???:
#cache_peer_domain w3cache.icm.edu.pl !.pl !7thguard.net !192.168.1.1
#??? ???????, ????? ?? ????? ???????????? ???????? ????.
#?????????? cachemgr.cgi ? ??????? cgi-bin ?????? www-???????.
#?????? ? ???? ????? ????????? ????? ???????, ????? ?????
#your-web-server/cgi-bin/cachemgr.cgi
cache_mgr your@email
cachemgr_passwd secret_password all
#??? ??? ???????????? ? ??????, ?? ??????? ???????? Squid.
cache_effective_user squid
cache_effective_group squid
log_icp_queries off
buffered_logs on
#####???? ????????
#??? ?????, ???????? ????? ?????? ??? ??????????? ?????????
#??????? ??? ?????? Squid
#??? ????? ?????????? ???????? ?????????? ? ????? squid.conf, ???
#? ???????????? ?? ?????? www.squid-cache.org
#?? ?? ????? ???????????? ???????? ?????? ????? ???.
acl magic_words1 url_regex -i 192.168
#?? ????? ?????????? ???????? ?????? ????????? ?????
#????????? ??? ? ???? ??????:
acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm
.zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov
#?? ?? ????????? .html, .gif, .jpg ? ??????????? ?????, ?????????
#?????? ??? ?? ???????? ???????????? ????? ?????? ???????????
#?? ????? ?????????? ???????? ?????? ???? ? ?????????
#?????? ???????? ?????
#????????! acl ??????????? ????, ?????? ????? ??????? ????????
#???????? ? 23:59. ???????? ?????? FAQ ????? ?????????, ????
#?????? ????? ????????.
acl day time 09:00-23:59
#?????????? ??? ???? ????????
#?????????? ? ???????????? Squid ?? ????????
#? delay_pools ? delay_class.
delay_pools 2
#?????? ???
#?? ?? ????? ???????????? ????????? ??????.
#?????????? ??? ?????? ?????; ?? ?? ????? ???????? ?????? ??
#??????. ?????? ??? (1) ??????? ?????? (2).
delay_class 1 2
#-1/-1 ????????, ??? ??????????? ???.
delay_parameters 1 -1/-1 -1/-1
#magic_words1: 192.168 ?? ?????????? ??????
delay_access 1 allow magic_words1
#?????? ???.
#?? ????? ?????????? ???????? ???????? ??? ??????,
#?????????? ? magic_words2.
#?????? ??? (2) ??????? ?????? (2).
delay_class 2 2
#????? -- ??? ???????? ? ??????;
#????? ???????, ??? Squid ?? ???????????? ???????
#?????????/???????? ?????
#5000/150000 -- ???????? ??? ???? ????
#5000/120000 -- ???????? ??? ?????? IP-??????
#????? ???????? 150 ?????,
#(??? ???? ? ??? ??? ??? ???? ???????? ??????????)
#???????? ????? ?????????? ?? 5000 ???? ? ???????.
delay_parameters 2 5000/150000 5000/120000
#?? ?????????? day ? 09:00-23:59 ????.
delay_access 2 allow day
delay_access 2 deny !day
delay_access 2 allow magic_words2
#EOF
????? ????????? ??? ????? ????????, ??? ?????????? ????????? /opt/squid ?
/cache ?????? ? ?? ?????????? ???????? ???????????? squid.
# mkdir /var/log/squid/
# chown squid:squid /var/log/squid/
# chmod 770 /var/log/squid/
# chown -R squid:squid /opt/squid/
# chown -R squid:squid /cache/
?????? ??? ?????? ? ??????? Squid. ????? ?????? ???????? ??? ??????????
??????? ???????? ????:
# /opt/squid/bin/squid -z
?????? ????????? Squid ? ?????????, ??? ?? ????????. ??????? ??????? ???
???????? - IPTraf; ?? ????? ????? ?? ?????? freshmeat.net. ?????????,
??? ?? ?????????? ?????? ???????? ??? ??????-??????? ? ????? ????????
(? ????? ??????? - 192.168.1.1, ???? 8080):
# /opt/squid/bin/squid
???? ??? ????????, ????????? ?????? /opt/squid/bin/squid ? ????? ?????
????????? ????????. ?????? ??? ???? /etc/rc.d/rc.local.
?????? ???????? ????? Squid:
# /opt/squid/bin/squid -k reconfigure (????????????????? Squid ???? ? ???
???? ???????? ???? ??????? ?????????)
# /opt/squid/bin/squid -help :) ????????
?????? ????? ??????????? ???? cachemgr.cgi ? ??????? cgi-bin ??????
WWW-???????, ????? ????? ??????????? ???????? ? ?????????? ???? (Cache Manager).
3.3. ??????? ?????????? ???????
?? ?????????? Squid ? ????????? ??? ? ?????????????? ????? ????????. ?????
????: ????? ?? ????? ???? ??????? ? ??? ????????, ???????? ???? ??????
????????? ????????????. ????????? ??? ????? ????????? ???????? ???????????
??? ????, ????? ????????? ??????? mp3 ???? ??????? (???????? ??? ?????
???????? ???? ???).
? ???????, ??? ?? ??????????? IP-???????? ????????? ???? ???, ???
???????????? ????? ???????????? IRC, ICQ, e-mail ? ?.?. ??? ?????????,
??? ????? ???? ????????, ??? ???????????? ??? ?????? ? web-??????????
? ftp-????????? ????? ???????????? ???? ????????.
??? ???????? ?????? ????????????? ????????? ipchains (???? Linux 2.2.x) ???
iptables (???? Linux 2.4.x).
????? ???????, ??????????? ??????? ? ??????? 3, ?????????? ?????? ???????
-- ???????? "?????????????" ??????????? -- ????.???.
3.3.1. ???? Linux 2.2.x (ipchains)
?? ?????? ????????, ??? ????? ?? ????? ???????? ???????????? "?????"
??????-??????. ??????-??????? ?????? ???????? ?? ?????? 3128 ? 8080:
/sbin/ipchains -A input -s 192.168.1.1/24 -d ! 192.168.1.1 3128 -p TCP -j REJECT
/sbin/ipchains -A input -s 192.168.1.1/24 -d ! 192.168.1.1 8080 -p TCP -j REJECT
????? ?? ?????? ?????????, ??? ????? ?? ??????? ?????? ?????? ? Internet
(IP-????????) :
/sbin/ipchains -A input -s 192.168.1.1/24 -d ! 192.168.1.1 80 -p TCP -j REDIRECT 8080
???? ??? ????????, ?? ????????? ????????? ?????? ? ????? ????????? ????????.
?????? ??? ???? /etc/rc.d/rc.local.
????? ????????? ????? ????????????? ftp-?????? (????? 20 ? 21), ?????
???????????? ???????? ????? Squid, ?? ??? ?????? ???? (?? ??????? ???? ??
???? ????????):
*
Squid -- ??? http-?????? ? ?????????? ftp, ? ?? ????????? ftp ??????-??????.
?? ????? ????????? ????? ?? ftp, ?? ????? ????? ????????? ????? ?? ?????????
ftp-???????, ?? ?? ?? ????? ???????/????????????? ????? ?? ?????????
ftp-???????.
???? ?? ????????? ????? 20 ? 21, ?? ?????? ??????????? ????????/??????????????
?????? ?? ftp-????????.
*
? IE5.5 ???? ?????? -- ?? ?? ?????????? proxy-?????? ??? ????????? ????????
ftp. ?????? ????? ?? ???????????? ???????? ??? ?????? IP-?????????.
????? ?? ????????? ????? 20 ? 21, ?? ?????? ??????????? ?????????????
ftp-??????? ??? ?????? IE5.5.
?????? ?? ????? ???????????? ???????? ? ftp-???????? ??????? ????????. ? ????
?? ???????????? ? ????? 4.
3.3.2. ???? Linux 2.4.x (iptables)
?? ?????? ????????, ??? ????? ?? ????? ???????? ???????????? "?? ???"
??????-??????. ??????-??????? ?????? ???????? ?? ?????? 3128 ? 8080:
/sbin/iptables -A FORWARD -s 192.168.1.1/24 -d ! 192.168.1.1 --dport 3128 -p TCP -j DROP
/sbin/iptables -A FORWARD -s 192.168.1.1/24 -d ! 192.168.1.1 --dport 8080 -p TCP -j DROP
????? ?? ?????? ???? ???????, ??? ????? ?? ????? ????? ?????? ?????? ?
Internet (IP-????????):
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
???? ??? ????????, ?? ????????? ????????? ?????? ? ????? ????????? ????????.
??????, ??? ???? /etc/rc.d/rc.local.
????? ????????? ????? ????????????? ftp-?????? (????? 20 ? 21), ?????
???????????? ???????? ????? Squid, ?? ??? ?????? ???? (?? ??????? ????
?? ???? ????????):
*
Squid -- ??? http-?????? ? ?????????? ftp, ? ?? ????????? ftp ??????-??????.
?? ????? ????????? ????? ? ftp, ?? ????? ????? ????????? ????? ?? ?????????
ftp-???????, ?? ?? ?? ????? ???????/????????????? ????? ?? ?????????
ftp-???????.
????? ?? ????????? ????? 20 ? 21, ?? ?????? ??????????? ????????/??????????????
?????? ?? ftp-????????.
*
? IE5.5 ???? ?????? -- ?? ?? ?????????? proxy-?????? ??? ????????? ???????? ftp.
?????? ????? ?? ???????????? ???????? ??? ?????? IP-?????????.
????? ?? ????????? ????? 20 ? 21, ?? ?????? ??????????? ????????????? ftp-???????
??? ?????? IE5.5.
?????? ?? ????? ???????????? ???????? ? ftp-???????? ??????? ????????. ? ???? ??
???????????? ? ????? 4.
4. ?????????? CBQ ??? ?????? ??????????
?? ????? ????????, ??? ???? ???? ????????? ???????????? ?????????? Napster,
Kazaa ??? Realaudio, ?? ??? ????? ?????? ?????????? ????? 3 ?? ???. ????? ????,
??? ?? ???????, ? ??????? 3.3 ?? ?? ??????????? ftp-??????.
?? ????? ??? ???????? ?????? ???????? -- ?? ??????, ? ?????? ???????? ????????????
????????. ???? ??? Internet ????????? ??? ppp0, ? ????????? ????????? ???? -- eth0,
?? ????????? ????????? ?????? ?? ?????????? eth0, ??? ?????, ????????? ????????
?????? ?? ?????????? ppp0.
????? ??????? ???, ???????????? ? CBQ ? ???????? cbq.init. ??? ????? ????????
?? ?????? ftp://ftp.equinox.gu.net/pub/linux/cbq/. ????????? cbq.init-v0.6.2
? ?????????? ??? ? ??????? /etc/rc.d/.
????????? ??????? ??????? cbq.init ???????? 0.7.1 - ????.???.
?????? ??? ??????????? ????? iproute2. ?? ???????????? ? ?????? ?????????????
Linux.
?????????? ? ??????? /etc/sysconfig/cbq/. ??? ?????? ????????? ???? ? ????????,
??????????????? ??? ?????? ? cbq.init. ???? ??? ??? ???, ?? ????????, ??? ????
???? ?????????????? ??? ????????? CBQ. ? ????? ?????? ???????? ???? ???????,
???????? ??? ???? ?? ???????????? ???? ??????? ? ??????????, ????? ?? ??
????????.
4.1. FTP
? ????? 3 ?? ?? ??????????? ftp-?????? ?? ???? ???????? -- ?? ?? ?????? ??
????????? ???????? ?????? ?? ftp-???????, ? ???????????? IE5.5 ?????? ?? ??????
?? ????????????? ftp-????????. ? ?????, ???????? ? ftp-??????? ?????? ?????????
???????? ????? ??? Squid ??????, ? ????????/??????????????/???????? ?????? ??
ftp ?????? ?????????? ????? IP-????????.
???????? ???? ? ???????? /etc/sysconfig/cbq/cbq-10.ftp-network:
# touch /etc/sysconfig/cbq/cbq-10.ftp-network
??????? ? ???? ????? ??????:
DEVICE=eth0,10Mbit,1Mbit
RATE=15Kbit
WEIGHT=1Kbit
PRIO=5
RULE=:20,192.168.1.0/24
RULE=:21,192.168.1.0/24
???????? ?????? ???? ????? ????? ????? ? ????? cbq.init-v0.6.2.
??? ??????? ?????? /etc/rc.d/cbq.init-v0.6.2 ?????? ????????????, ??????????? ?
???????? /etc/sysconfig/cbq/:
# /etc/rc.d/cbq.init-v0.6.2 start
???? ??? ????????, ??????? ?????? /etc/rc.d/cbq.init-v0.6.2 start ? ?????
????????? ????????. ??????, ??? ???? /etc/rc.d/rc.local.
????????? ???? ??????? ??? ?????? ?? ????? ?????????? ftp-?????? ????? eth0
???????, ??? 15 ????/?, ? ?????? ? ????????? ftp-?????? ?? Internet ???????,
??? 15 ????/?. ????????? ???????????? ????????, ??? ???????????? ??? ???????
??????-?????? ???????????. ? ???? ????? ???????????? IE5.5 ???????? ???????????
????????????? ftp-????????.
? IE5.5 ???? ? ?????? ?????? -- ????? ?? ???????? ?????? ???????? ????? ?? ?????
? ftp-????????, ? ????? ????????? '?????????? ? ?????', ?? ???? ??????????? ??
????? ??????-??????, ? ????????, ? ?????? ?? ?? ???????? ? ???? ???????? Squid.
4.2. Napster, Realaudio, Windows Media ? ?????? ????????
???? ?? ??, ??? ? ??? ftp: ?? ?????? ????????? ?????? ???? ? ?????? ????????.
??????? ? ???????? /etc/sysconfig/cbq/ ???? cbq-50.napster-network:
# touch /etc/sysconfig/cbq/cbq-50.napsterandlive
????????? ? ???? ????? ??????:
DEVICE=eth0,10Mbit,1Mbit
RATE=35Kbit
WEIGHT=3Kbit
PRIO=5
#Windows Media Player.
RULE=:1755,192.168.1.0/24
#Real Player ?????????? TCP ???? 554, ??? UDP ?? ?????????? ?????? ?????,
#??????, UDP ?????? ?? ????? ?????.
RULE=:554,192.168.1.0/24
RULE=:7070,192.169.1.0/24
#Napster ?????????? ????? 6699 ? 6700, ????? ???? ??? ?????-???
RULE=:6699,192.168.1.0/24
RULE=:6700,192.168.1.0/24
#Audiogalaxy ?????????? ????? ?? 41000 ?? 41900,
#??? ??? ?? ????? ?????, ?????????? 900 ?????, ??????????? ????????????.
#?? ?????? ???????? ????? 410031-41900 ??? ?????? ipchains ??? iptables.
RULE=:41000,192.168.1.0/24
RULE=:41001,192.168.1.0/24
#?????????? ?? 41001 ?? 41030
RULE=:41030,192.168.1.0/24
#????? ???????????? ????? ??????????? ???????? ????? SOCKS-??????
#?????? ????? ?????????? 1080-?? ????
RULE=:1080,192.168.1.0/24
#????? ?????????? ??????????? ??? ?????
#RULE=:port,192.168.1.0/24
?? ???????? ??? ?????? ipchains (???? 2.2.x) ??? iptables (???? 2.4.x) ?????????
?????????? ????? Audiogalaxy (41031-41900).
???? 2.2.x.
/sbin/ipchains -A input -s 192.168.1.1/24 -d ! 192.168.1.1 41031:41900 -p TCP -j REJECT
???? 2.4.x.
/sbin/iptables -A FORWARD -s 192.168.1.1/24 -d ! 192.168.1.1 --dport 41031:41900 -p TCP -j REJECT
?? ???????? ???????? ?????????? ?????? ? ???? ????????? ???????.
5. ????? ?????????? ???????
5.1. ???????? ?? ? ??????? ????? ???????? ??????????? ???????? ?? ?????????
?????? ????????
??. ?????????? ???????? ? ????? squid.conf. ????? ????, ?????????? ? ????????????
?? Squid ?? ????? www.squid-cache.org
5.2. ??? ????????? wget ???????? ????? Squid?
??????. ??????? ???? .wgetrc ? ????????? ??? ? ??? ???????? ???????. ???????? ?
???? ????????? ??????:
HTTP_PROXY=192.168.1.1:8080
FTP_PROXY=192.168.1.1:8080
??? ? ???!
???? ?? ?????? ?????????? ????? ????????? ????????? ??? ???? ?????????????,
?????????? ? ??????????? ????????? (man wget).
5.3.? ????????? SOCKS ?????? ?? ????? 1080 ? ?????? ?? ???? ???????????? ?
???????? IRC
???????? ??? ????????:
??????: ???? ??? SOCKS ?????? ????????????, ?.?. ??, ??? ??? ????? ????????????
??? ?????? ? ? ????? ?????? ? ????. ??? -- ???????? ???????????? ? ?????
????????? ???????????? ???????. ?????? IRC-??????? ?? ????????? ?????????? ??
????????????? SOCKS ????????.
???? ?? ???????, ??? ??? SOCKS ?????? ?? ????????????, ? ????????? IRC ???????
?????????? ?????????? ? ??????????, ?? ??? ????? ???? ??????? ???, ??? ???
?????????, ??????? ?? ? ??????? SOCKS ?????? ?? ????? 1080. ? ???? ?????? ???
???????? ????????????? ??? SOCKS ?????? ?? ?????? ????. ????? ????, ????? ?????
????????????? ? ??? ??? ?????????, ?????????????? SOCKS ??????.
5.4. ??? ?? ????????, ????? Kazaa ??? Audiogalaxy ???????? ???? ??? ?????
????? ?????? ??????????, ?? ????? ????? ????????.
???????? ????, ???????? /etc/sysconfig/cbq/cbq-15.ppp.
??????? ? ???? ????????? ??????, ? Kazaa ? Audiogalaxy ????? ????????? ????? ??
??????? 15 ????/?. ? ???????, ??? ??????? ????????? -- ??? ppp0.
DEVICE=ppp0,115Kbit,11Kbit
RATE=15Kbit
WEIGHT=2Kbit
PRIO=5
TIME=01:00-07:59;110Kbit/11Kbit
RULE=,:21
RULE=,213.25.25.101
RULE=,:1214
RULE=,:41000
RULE=,:41001
#? ??? ?? 41030
RULE=,:41030
5.5. ??? ???????? ????? ??? ???????? ?????? ???????? ???? ?????.
?? ?????? ?????????? ??? SMTP-?????? (Postfix, Sendmail ??? ??????) ?????,
??????????? ???????????? ????. ?????? ???????? ???????:
RULE=,:25
????? ????, ???? ? ??? ???? SMTP-??????, ?? ????? ????????? ????????? ?????????????
???????????? ???, ???? ???? ??? ??????? ?????? ??????? ??????. ??? ????????????????
????? ?? "??????????" ????????, ??? ? ?????????????? ?????? ????? Squid.
5.6. ???? ?? ? ????????, ????????? ? ?????????? ???????, ?????????? ?????? ????
FTP ? WWW ?????????
? ????? ??? ????????, ?????? ?????? ????? ??????? ????? ???? ??????????? ???????
??????????? ????????. ?????? ????? ???, ??? ?????????????? ????? ???????????,
????? ???????????????????? ? ?????????????.
???? 2.2.x
/sbin/ipchains -A input -s 192.168.1.1/24 -d ! 192.168.1.1 25 -p TCP -j REDIRECT 25
???? 2.4.x
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j REDIRECT --to-port 25
?? ???????? ???????? ? ???? ????????? ??????? ?????????? ??????.
5.7. ???????? ?? ? ??????? ??????? cbq.init ?????????? ???????? ??????? ?? ?????????
IP-??????? ????????
??. ?????????? ? ??????? cbq.init; ??? ????????? ???????.
5.8. ??? ??????? cbq.init ???????? ????????? ?? ?????????? sch_cbq.
????????, ?????? CBQ ??????????? ? ????? ???????. ???? ?? ??????????
"?????????????" ? ????, ??????????????? ????????? ?????? ? ??????? cbq.init-v0.6.2
### ???? cbq, tbf ? u32 ??????????????? "???????????????" ? ????, ??
### ????????? ?????? ???? ???????????????
#for module in sch_cbq sch_tbf sch_sfq sch_prio cls_u32; do
# if ! modprobe $module; then
# echo "**CBQ: could not load module $module"
# exit
# fi
#done
5.9. ?????? CBQ ?? ???????? ??? ??????? ???????.
?????? ??????, ????? ??????????? ?? ??????. ?????? ????? ????????? ???????
??????, ???? ?? ???????, ??? ????????????? ??? ?????, ???????????? Napster ?
Audiogalaxy. ?????? ??? ???????? ?????? ???????? ???? ???? ????. ????? ??????????
???, ??????????? IPTraf. ????????? ????? ?????? ????? ???? ??????, ??? ?????
????????? ??????? ???????. ??? ?? ?????????, ?? ?????? ???????????? ???? SOCKS
?????? -- Napster, Audiogalaxy ? ?????? ?????? ????????? ????? ???????? ? SOCKS
??????-?????????. ? ????????? ????? ?????? ??????? ?????, ??? ???????? (???????????
SOCKS ?????? ?????????? ???? 1080, ??, ???? ?? ?????????? ???? SOCKS ??????,
????? ????? ??? ????????. ????? ????, ????? ????????? ????????? ??????????? SOCKS,
??????? ????? ???????? ?? ?????? ??????). ?? ???????? ?????? ??????? ??? ?????,
??????? ???? ??, ??????? ????????????? ??????????, ????? ??? 25 ? 110 (SMTP ?
POP3). ?????? ?? Nylon socks ?????? ?? ??????? ? ????? ????? HOWTO.
5.10.???? ???????? ???? ?? ??????????: ?????? ? ?? ???? ????????? ???-???? ??
?????? ????????, ???? ???? ????????? ?????? ? ????
? ?????????, ? ???? ?????? ?????? ???????.
????????????, ??? ?? ?????? ??????? -- ???????????? ????? cron ??? ??????????????
?????????????, ???????? ? 1.00 ????????? ???? ???????? ? Squid, ? ? 7.30
?????????? ?? ???????.
??? ????, ????? ???????????? ???, ???????? ? ???????? /opt/squid/etc/
??? ?????: squid.conf-day ? squid.conf-night.
squid.conf-day -- ??? ?????? ????? ????????????????? ?????, ??????? ?? ???????
?????.
squid.conf-night -- ?????????, ?? ?????????? ????? ????????.
?????? ????????????? ???? /etc/crontab ? ??????? ? ???? ????? ??????:
#SQUID - ????????? ???????????? -- ????/????
#????????? ?????? ???????? ??????? ??-?? ?? ?????.
#? ???????? ???????????? ??? ?????? ???? ???? ??????
#????. ???.
01 9 * * * root /bin/cp -f /opt/squid/etc/squid.conf-day
/opt/squid/etc/squid.conf; /opt/squid/bin/squid -k reconfigure
59 23 * * * root /bin/cp -f /opt/squid/etc/squid.conf-night
/opt/squid/etc/squid.conf; /opt/squid/bin/squid -k reconfigure
5.11. ?????? ???????? ?????? ?????????? ? 23:59 ??-?? ?????? "acl day time 09:00-23:59"
? ????? squid.conf. ????? ?? ???-?? ? ???? ????????
????? ????? ???????? ????? ?? squid.conf ??????????????? acl ? ??????
"delay_access 2 allow day delay_access 2 deny !day".
????? ???? ??????????? ???????? ?? ??????????? ??????.
5.12. ????????? (????) Squid ?????? ????? ??????, ??? ???????
???????, ??? ?????? ? ??? ?????????????, ??? ?????? -- ?????? ????? ????????
-- ?????????? ???????????????.
?????? ???????? ?????? ? ???????????? ?????? ???????? ???????? logrotate,
?? ????? ?? ????????? ?? Squid, ??? ???????? ??????? ???? ????,: ????????
??????????????? ?????? ? ???????????? cron ? logrotate.
?????? ? /etc/crontab:
#SQUID - logrotate
#????????? ?????? ???????? ??????? ??-?? ?? ?????.
#? ???????? ???????????? ??? ?????? ???? ???? ??????
#????. ???.
01 4 * * * root /opt/squid/bin/squid -k rotate; /usr/sbin/logrotate
/etc/logrotate.conf; /bin/rm -f /var/log/squid/*.log.0
?? ????????? logrotate ????????? ? 04:01, ??????? ??????? ????????? ??????
??????? logrotate, ???????? ?? /etc/cron.daily/.
?????? ? /etc/logrotate.d/syslog:
#SQUID logrotate - ?????? ???? 40 ????
/var/log/squid/*.log.0 {
rotate 40
compress
daily
postrotate
/usr/bin/killall -HUP syslogd
endscript
}
5.13. CBQ ???? ?? ??????????: ?????? ? ?? ???? ????????? ???-???? ?? ??????
????????, ???? ???? ????????? ?????? ? ????
??? ????????!
???? ??? ???????.
?????? (???????) ????? ?? ???????, ??????? ?? ????????? ? Squid. ????????
?????? ??????????? ??????????? ? ?????? ???? ???????????? CBQ
/etc/sysconfig/cbq/:
TIME=00:00-07:59;110Kbit/11Kbit
? ????? ????????? CBQ ????? ???????? ????????? ?????????? TIME.
?????? ?????????, ? ??????? cbq.init-v0.6.2 ???? ?????? (? ????? ??????
??????? ??? ??? ?????????? - ????. ???.) -- ??? ?? ????????? ?????????????
????????? ????????? ??????????, ???????? 00:00-08:00!
??? ?? ????????? ??? ?? ???????? ?????????, ????????? cbq.init-v0.6.2,
? ????? ???????:
/etc/rc.d/cbq.init-v0.6.2 timecheck
???? ????????, ??? ?????? ????????? ????? ???????:
>[root@mangoo rc.d]# ./cbq.init start; ./cbq.init timecheck
>**CBQ: 3:44: class 10 on eth0 changed rate (20Kbit -> 110Kbit)
**CBQ: 3:44: class 40 on ppp0 changed rate (15Kbit -> 110Kbit)
**CBQ: 3:44: class 50 on eth0 changed rate (35Kbit -> 110Kbit)
? ??? ?????? ????????? ? ???????, ?????????, ????? ?? ?????? ????? ? ????????
/etc/sysconfig/cbq/; ?????? ????, ???? ??????? ? ??????????? ?????? ? ?????:
[root@mangoo rc.d]# ./cbq.init start; ./cbq.init timecheck
**CBQ: 3:54: class 10 on eth0 changed rate (20Kbit -> 110Kbit)
./cbq.init: 08: value too great for base (error token is "08")
?????? ?????? ????????? CBQ ???? ????? ????? ???????, ?? ?? ??????? ?? ???????.
?? ???? ????? ???????? ? Linux 2.4 Advanced Routing HOWTO, ? ???????? ? ????????
tc.
????? ?????? ??????? cbq.init ????? ??????????? ??????????? ?? ??????????
????????. ?? ????????? ????????? ??????????? ? ???????. -- ????.???.
?
6. ??????
6.1. ???????? ???????
?????????? ??????-?????? Squid
www.squid-cache.org
??????????? ?? ????????? Squid 2.4 Stable 1
www.visolve.com/squidman/Configuration%20Guide.html
www.visolve.com/squidman/Delaypool%20parameters.htm
????? ?????????? ??????? ?? Squid
www.squid-cache.org/Doc/FAQ/FAQ-19.html#ss19.8
?????? cbq-init
ftp://ftp.equinox.gu.net/pub/linux/cbq/
Linux 2.4 Advanced Routing HOWTO
(????????? ? ????????. - ????. ???.)
www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html
?????????? ???????? (?? ????????)
ceti.pl/~kravietz/cbq/
Securing and Optimizing Linux Red Hat Edition - A Hands on Guide
www.linuxdoc.org/guides.html
IPTraf
cebu.mozcom.com/riker/iptraf/
IPCHAINS
www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html
socks ??????-?????? Nylon
mesh.eecs.umich.edu/projects/nylon/
© Vadim Fedorov <fedorov@vadim.org.ua>
 |
