From owner-FreeBSD-users-jp@jp.FreeBSD.org Tue Jun 17 20:06:26 2003
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id h5HB6Q684164;
	Tue, 17 Jun 2003 20:06:26 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from mailgw.brain-company.co.jp (mailgw.brain-company.co.jp [61.194.223.137])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with SMTP/inet id h5HB6PY84159
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Tue, 17 Jun 2003 20:06:26 +0900 (JST)
	(envelope-from n_okb@brain-company.co.jp)
Received: (qmail 30190 invoked from network); 17 Jun 2003 20:06:24 +0900
Received: from unknown (HELO ms.hq.brain-company.co.jp) (192.168.0.250)
  by 192.168.0.254 with SMTP; 17 Jun 2003 20:06:24 +0900
Received: (qmail 77330 invoked from network); 17 Jun 2003 20:06:23 +0900
Received: from unknown (HELO okb.brain-company.co.jp) (192.168.0.25)
  by 192.168.0.250 with SMTP; 17 Jun 2003 20:06:23 +0900
Message-Id: <200306171106.AA01308@okb.brain-company.co.jp>
From: Ookubo Nobuhiko <n_okb@brain-company.co.jp>
To: FreeBSD-users-jp@jp.FreeBSD.org
MIME-Version: 1.0
X-Mailer: AL-Mail32 Version 1.13
Content-Type: text/plain; charset=iso-2022-jp
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Tue, 17 Jun 2003 20:06:19 +0900
X-Sequence: FreeBSD-users-jp 75064
Subject: [FreeBSD-users-jp 75064] =?ISO-2022-JP?B?GyRCRikyYTc/GyhC?= squid
 =?ISO-2022-JP?B?GyRCJEckThsoQg==?= https
 =?ISO-2022-JP?B?GyRCJFglIiUvJTslOSQ5JGskPyRhJE5AX0RqJEsbKEI=?=
 =?ISO-2022-JP?B?GyRCJEQkJCRGGyhC?= 
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: n_okb@brain-company.co.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+030602

$B$O$8$a$^$7$F!"Bg5WJ]$H?=$7$^$9!#(B

$B$5$F!"(Bsquid$B!\(BIP Filter$B$r;HMQ$7$FF)2a7?(BProxy$B$r:n@.$7$h$&$H$7$F$$$k$N$G$9$,(B
http$B$G$N%"%/%;%9$O(BOK$B$H$J$C$?$N$G$9$,!"(Bhttps$B$G%"%/%;%9$7$h$&$H$9$k$H(B
5$BJ,0J>eBT$C$F$b%/%i%$%"%s%H$N%V%i%&%6$K2?$bI=<($5$l$^$;$s!#(B
$B$^$?!"%V%i%&%6$K(BProxy$B%5!<%P!<$N%"%I%l%9!u%]!<%H$r@_Dj$9$k$H(B
$BF1$8(Bhttps$B$N%5%$%H$,$9$0$KI=<($5$l$^$9!#(B

$B$3$N$h$&$J(Bsquid$B$r;HMQ$7$?F)2a7?(BProxy$B$G(Bhttp/https$BN>J}$r%-%c%C%7%e$9$k(B
$B$h$&$J$3$H$O2DG=$J$N$G$7$g$&$+!)(B

google$BEy$G(B"Proxy $BF)2a7?(B https"$B$J$I$H$7$F8!:w$7$F$_$?$N$G$9$,(B
$B;29M$K$J$j$=$&$J%5%$%H$r8+$D$1$k$3$H$,$G$-$^$;$s$G$7$?!#(B

OS$B$O(BFreeBSD 4.7-RELEASE
squid$B$O(Bsquid-2.5.STABLE3

squid$B$N(Bconfigure$B;~$N%*%W%7%g%s$O0J2<$N$h$&$K$7$^$7$?!#(B
configure \
  --enable-icmp           \
  --enable-delay-pools    \
  --enable-useragent-log  \
  --enable-referer-log    \
  --enable-ssl            \
  --enable-ipf-transparent \
  --enable-err-languages="Japanese" \
  --disable-internal-dns

$B$^$?!"(BIP Filter$B$r;HMQ$9$k$?$a$K(Bkernl$B$N%*%W%7%g%s$K(B
$B0J2<$N$b$N$r;XDj$7!"(Bmake depend && make && make install$B$7$^$7$?!#(B
options         IPFILTER
options         IPFILTER_LOG
options         IPFILTER_DEFAULT_BLOCK

$B$=$N8e!"(B/etc/rc.conf$B$K0J2<$N@_Dj$r$7(B
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
ipfilter_flags=""
ipmon_enable="YES"                      # $B%m%0$r<h$k(B
ipmon_flags="-D /var/log/ipflog"        # $B%m%0%U%!%$%k$r;XDj(B
ipnat_enable="YES"                      # NAT $B$rM-8z$K$9$k(B
ipnat_rules="/etc/ipnat.rules"          # NAT $B$N@_Dj%U%!%$%k$r;XDj(B
gateway_enable="YES"                    # $B#2$D$N%$%s%?!<%U%'%$%94V$K%Q%1%C%H$rN.$9(B
portmap_enable="NO"
tcp_restrict_rst="YES"                  # TCP_RESTRICT_RST $B$rM-8z$K$9$k(B
tcp_drop_synfin="YES"                   # TCP_DROP_SYNFIN

/etc/ipf.rules$B$O%F%9%H$H8@$&$3$H$G!"0J2<$N$h$&$K$7(B
pass    in      all
pass    out     all

/etc/ipnat.rules$B$O0J2<$N$h$&$K@_Dj$$$?$7$^$7$?(B
2$B9TL\$r%3%a%s%H%"%&%H$9$k$H!"(Bsquid$B$r7PM3$;$:$K(B
https$B$N%5%$%H$rI=<(2DG=$G$7$?!#(B
rdr tl0 0/0 port 80 -> 192.168.0.247 port 8080
rdr tl0 0/0 port 443 -> 192.168.0.247 port 8080
map fxp0 192.168.0.0/24 -> Proxy$B%5!<%P!<$N30B&%"%I%l%9(B/32    portmap tcp/udp auto
map fxp0 192.168.0.0/24 -> Proxy$B%5!<%P!<$N30B&%"%I%l%9(B/32

$B$^$?!"(B/usr/local/squid/etc/squid.conf$B$K$O0J2<$N$h$&$K$7;D$j$O(B
$B%G%U%)%k%H$N$^$^$H$J$C$F$$$^$9!#(B
http_port 8080
hierarchy_stoplist cgi-bin ?
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

$B0J>e$N$h$&$J@_Dj$G$9$,2?$+$*$+$7$JE@$J$I$4$6$$$^$7$?$i(B
$B$4;XE&$r$*4j$$$$$?$7$^$9!#(B

_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
$B3t<02q<R!!%V%l!<%s!&%+%s%Q%K!<(B   $BBg5WJ](B $B?.I'(B
                        n_okb@brain-company.co.jp

      $BK\<R!'")(B396-0011$BD9Ln8)0KFa;T0KFaIt8QEgFn(B3815$B>.NS%S%k(B
            Tel(0265)77-0301 Fax(0265)77-0302
$BEl5~1D6H=j!'")(B141-0031$BEl5~ETIJ@n6h@>8^H?ED(B2-31-1
            Tel(03)5759-0860 Fax(03)5759-0861
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
