Setting of delegated on my linux box

このサーバではIP forwardingを行わず、いわゆるapplication gateway方式の ファイヤウォールを構成しているので、内部から外部のウェブ等のアクセスは proxyを通して行う必要が有ります。

delegate9.9.13

• tar xvzf delegate9.9.13.tar.gz
• cd delegate9.9.13
• make
• cp src/delegated /usr/local/bin/delegated
• vi /etc/rc.d/rc.local
  ftp, telnet, http のプロキシを行う。192.168.0.* からの アクセスのみを許可する。`LOGFILE='と指定するとログファイルを採取しない。
• vi /etc/rc.d/rc.inet2
  アプリケーションゲートウェイとするためにルーティング機能は止めておく。

  # Turn on IPv4 packet forwarding support.
  if [ -x /etc/rc.d/rc.ip_forward ]; then
  ##  . /etc/rc.d/rc.ip_forward start
  #
  # 明示的に止める
  #
    . /etc/rc.d/rc.ip_forward stop
  fi
  

• /etc/logrotate.d/delegated

  /var/spool/delegate-nobody/log/8080.http {
          missingok
          rotate 4
          compress
          delaycompress
          notifempty
          copytruncate
          create 0644 nobody nogroup
  }
  

• ftp 接続(ftp.kuis.kyoto-u.ac.jp)の例
  linux01からlib100のdelegatedを介してftp.kuis.kyoto-u.ac.jpに アクセスする

  302 m-ito@linux01 /home/m-ito/tmp> ftp lib100 8021
  Connected to lib100.artie.or.jp.
  220- lib100.artie.or.jp PROXY-FTP server (DeleGate 9.9.13) ready.
  220--  @ @  
  220-- ( - ) { DeleGate/9.9.13 by ysato@etl.go.jp }
  220- You can connect to a SERVER by `user' or `cd' command:
  220-    ftp> user username@SERVER
  220-    ftp> cd //SERVER
  220- ** toggle CACHE by `cd .' (CACHE is enebled by default)
  220  
  Name (lib100:m-ito): anonymous
  331- Guest login ok, enter your E-mail address as password.
  331  Default value is: ?
  Password:m-ito@mbox.kyoto-inet.or.jp
  230- Guest login ok, your E-mail address is
  < m-ito@mbox.kyoto-inet.or.jp>
  230  Now you can select a FTP SERVER by cd //SERVER
  ftp> cd //ftp.kuis.kyoto-u.ac.jp
  250-- CWD for anonymous@ftp.kuis.kyoto-u.ac.jp.
  220-nylon FTP server (Version 5.60) ready.
  220-    Any comments and suggestions to:
  220-
  ftp-admin@ftp.kuis.kyoto-u.ac.jp
  220- 
  331- Guest login ok, send your E-MAIL ADDRESS as password.
  230- Guest 'm-ito@mbox.kyoto-inet.or.jp' login ok.
  250--  @ @  
  250  \( - )/ -- { connected to `ftp.kuis.kyoto-u.ac.jp' }
  ftp> bye
  221 Goodbye.
  303 m-ito@linux01 /home/m-ito/tmp> 
    

• telnet(archie.kyoto-u.ac.jp) 接続の例
  linux01からlib100のdelegatedを介してarchie.kyoto-u.ac.jpに アクセスする

  304 m-ito@linux01 /home/m-ito/tmp> telnet lib100 8023
  Trying 192.168.0.100...
  Connected to lib100.artie.or.jp.
  Escape character is '^]'.
  
  --  @ @  lib100.artie.or.jp PROXY-TELNET server / DeleGate/9.9.13 by ysato@etl.go.jp
  -- ( - ) { Hit '?' or enter `help' for help. }
  Host name: archie.kyoto-u.ac.jp
  Trying archie.kyoto-u.ac.jp [130.54.23.62] ...
  Connected to archie.kyoto-u.ac.jp.
  
  
  BSDI BSD/OS 2.0.1 (calico.imel.kyoto-u.ac.jp) (ttyp7)
  
  login: archie
  Last login: Sun Sep 28 00:55:12 from tr2241b.res.kutc.kansai-u.ac.jp
  Copyright 1992, 1993, 1994, 1995 Berkeley Software Design, Inc.
  Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
          The Regents of the University of California.  All rights
  reserved.
  
  archie> bye
  
  
  --  @ @  lib100.artie.or.jp PROXY-TELNET server / DeleGate/9.9.13 by ysato@etl.go.jp
  -- ( - ) { Hit '?' or enter `help' for help. }
  Host name: [RETURN]
  Connection closed by foreign host.
  305 m-ito@linux01 /home/m-ito/tmp>