mirror of https://github.com/tLDP/LDP
Slowly getting there.... :) Removed Text-Terminal.xml, Thin-Client.xml. Do not publish under any circumstances!!!!
Binh.
This commit is contained in:
parent
2f1e3b150b
commit
76ba43c60a
|
@ -42,7 +42,8 @@
|
|||
<para>
|
||||
Two of his technical documents have been incorporated into the
|
||||
Linux Documentation Project ("Linux Dictionary" and "Linux Filesystem
|
||||
Hierarchy", www.tldp.org/guides.html). Furthermore, they are being
|
||||
Hierarchy", <ulink url="www.tldp.org/guides.html">
|
||||
www.tldp.org/guides.html</ulink>). Furthermore, they are being
|
||||
used as reference books in at least nine universities around the world
|
||||
(University of Southern Queensland (Australia),
|
||||
Universidad Michoacana (Mexico),
|
||||
|
@ -53,7 +54,11 @@
|
|||
University of Ulster (Ireland),
|
||||
Universität Duisburg-Essen (Germany),
|
||||
Universidad Rey Juan Carlos (Spain),
|
||||
and Universiti Sains Malaysia (Malaysia)).
|
||||
and Universiti Sains Malaysia (Malaysia)). As well as this, he is also a
|
||||
Development Lead and Project Administrator of the "Computer Dictionary
|
||||
Project" <ulink url="http://computerdictionary.tsf.org.za/dictionary/index.html">
|
||||
http://computerdictionary.tsf.org.za/dictionary/index.html</ulink>
|
||||
which is being supported by the Shuttleworth Foundation.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
|
|
|
@ -12,786 +12,7 @@ is slow or our LAN users download tons of mp3s and the newest Linux
|
|||
distro's *.iso files.
|
||||
</para>
|
||||
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
2. Before We Start
|
||||
|
||||
Let's imagine the following situation:
|
||||
|
||||
* We have 115,2 kbits/s ppp (modem) internet link (115,2/10 = 11,5 kbytes/
|
||||
s). Note: with eth connections (network card) we would divide 115,2 by 8;
|
||||
with ppp we divide by 10, because of start/stop bits (8 + 1 + 1 = 10).
|
||||
* We have some LAN stations and their users are doing bulk downloads all
|
||||
the time.
|
||||
* We want web pages to open fast, no matter how many dowloads are
|
||||
happening.
|
||||
* Our internet interface is ppp0.
|
||||
* Our LAN interface is eth0.
|
||||
* Our network is 192.168.1.0/24
|
||||
|
||||
|
||||
-----------------------------------------------------------------------------
|
||||
2.1. What do we need
|
||||
|
||||
<para>
|
||||
Believe it or not, shaping the incoming traffic is an easy task and you don't
|
||||
have to read tons of books about routing or queuing algorithms. To make it
|
||||
work, we need at least Squid proxy; if we want to fine tune it, we will have
|
||||
to get familiar with ipchains or iptables and CBQ. To test our efforts,
|
||||
we can install IPTraf.
|
||||
</para>
|
||||
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
2.2. How does it work?
|
||||
|
||||
<para>
|
||||
Squid is probably the most advanced HTTP proxy server available for Linux. It
|
||||
can help us save bandwidth in two ways:
|
||||
</para>
|
||||
|
||||
* The first is a main characteristic of proxy servers -- they keep
|
||||
downloaded web pages, pictures, and other objects in memory or on a disk.
|
||||
So, if two people are requesting the same web page, it isn't downloaded
|
||||
from the internet, but from the local proxy.
|
||||
|
||||
* Apart from normal caching, Squid has a special feature called delay
|
||||
pools. Thanks to delay pools, it is possible to limit internet traffic in
|
||||
a reasonable way, depending on so-called 'magic words', existing in any
|
||||
given URL. For example, a magic word could be '.mp3', '.exe' or '.avi',
|
||||
etc. Any distinct part of a URL (such as .avi) can be defined as a magic
|
||||
word.
|
||||
|
||||
<para>
|
||||
With that, we can tell the Squid to download these kinds of files at a
|
||||
specified speed (in our example, it will be about 5 kbytes/s). If our LAN
|
||||
users download files at the same time, they will be downloaded at about 5
|
||||
kbytes/s altogether, leaving remaining bandwidth for web pages, e-mail, news,
|
||||
irc, etc.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Of course, the Internet is not only used for downloading files via web pages
|
||||
(http or ftp). Later on, we will deal with limiting bandwidth for Napster,
|
||||
Realaudio, and other possibilities.
|
||||
</para>
|
||||
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
3. Installing and Configuring Necessary Software
|
||||
|
||||
<para>
|
||||
Here, I will explain how to install the necessary software so that we can
|
||||
limit and test the bandwidth usage.
|
||||
</para>
|
||||
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
3.1. Installing Squid with the delay pools feature
|
||||
|
||||
<para>
|
||||
As I mentioned before, Squid has a feature called delay pools, which allows
|
||||
us to control download bandwidth. Unfortunately, in most distributions, Squid
|
||||
is shipped without that feature.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
So if you have Squid already installed, I must disappoint you -- you need to
|
||||
uninstall it and do it once again with delay pools enabled in the way I
|
||||
explain below.
|
||||
</para>
|
||||
|
||||
1. To get maximum performance from our Squid proxy, it's best to create a
|
||||
separate partition for its cache, called /cache/. Its size should be
|
||||
about 300 megabytes, depending on our needs.
|
||||
|
||||
If you don't know how to make a separate partition, you can create the /
|
||||
cache/ directory on a main partition, but Squid performance can suffer a
|
||||
bit.
|
||||
|
||||
2. We add a safe 'squid' user:
|
||||
|
||||
# useradd -d /cache/ -r -s /dev/null squid >/dev/null 2>&1
|
||||
|
||||
No one can log in as squid, including root.
|
||||
|
||||
3. We download Squid sources from http://www.squid-cache.org
|
||||
|
||||
When I was writing this HOWTO, the latest version was Squid 2.4 stable 1:
|
||||
|
||||
[http://www.squid-cache.org/Versions/v2/2.4/squid-2.4.STABLE1-src.tar.gz]
|
||||
http://www.squid-cache.org/Versions/v2/2.4/squid-2.4.STABLE1-src.tar.gz
|
||||
|
||||
4. We unpack everything to /var/tmp:
|
||||
|
||||
5. # tar xzpf squid-2.4.STABLE1-src.tar.gz
|
||||
|
||||
6. We compile and install Squid (everthing is in one line):
|
||||
|
||||
# ./configure --prefix=/opt/squid --exec-prefix=/opt/squid
|
||||
--enable-delay-pools --enable-cache-digests --enable-poll
|
||||
--disable-ident-lookups --enable-truncate --enable-removal-policies
|
||||
|
||||
# make all
|
||||
|
||||
# make install
|
||||
|
||||
|
||||
-----------------------------------------------------------------------------
|
||||
3.2. Configuring Squid to use the delay pools feature
|
||||
|
||||
1. Configure our squid.conf file (located under /opt/squid/etc/squid.conf):
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
#squid.conf
|
||||
#Every option in this file is very well documented in the original squid.conf file
|
||||
#and on http://www.visolve.com/squidman/Configuration%20Guide.html
|
||||
|
||||
#
|
||||
#The ports our Squid will listen on.
|
||||
http_port 8080
|
||||
icp_port 3130
|
||||
#cgi-bins will not be cached.
|
||||
acl QUERY urlpath_regex cgi-bin \?
|
||||
no_cache deny QUERY
|
||||
#Memory the Squid will use. Well, Squid will use far more than that.
|
||||
cache_mem 16 MB
|
||||
#250 means that Squid will use 250 megabytes of disk space.
|
||||
cache_dir ufs /cache 250 16 256
|
||||
|
||||
#Places where Squid's logs will go to.
|
||||
cache_log /var/log/squid/cache.log
|
||||
cache_access_log /var/log/squid/access.log
|
||||
cache_store_log /var/log/squid/store.log
|
||||
cache_swap_log /var/log/squid/swap.log
|
||||
#How many times to rotate the logs before deleting them.
|
||||
#See the FAQ for more info.
|
||||
logfile_rotate 10
|
||||
|
||||
redirect_rewrites_host_header off
|
||||
cache_replacement_policy GDSF
|
||||
acl localnet src 192.168.1.0/255.255.255.0
|
||||
acl localhost src 127.0.0.1/255.255.255.255
|
||||
acl Safe_ports port 80 443 210 119 70 20 21 1025-65535
|
||||
acl CONNECT method CONNECT
|
||||
acl all src 0.0.0.0/0.0.0.0
|
||||
http_access allow localnet
|
||||
http_access allow localhost
|
||||
http_access deny !Safe_ports
|
||||
http_access deny CONNECT
|
||||
http_access deny all
|
||||
maximum_object_size 3000 KB
|
||||
store_avg_object_size 50 KB
|
||||
|
||||
#Set these if you want your proxy to work in a transparent way.
|
||||
#Transparent proxy means you generally don't have to configure all
|
||||
#your client's browsers, but hase some drawbacks too.
|
||||
#Leaving these uncommented won't do any harm.
|
||||
httpd_accel_host virtual
|
||||
httpd_accel_port 80
|
||||
httpd_accel_with_proxy on
|
||||
httpd_accel_uses_host_header on
|
||||
|
||||
#all our LAN users will be seen by external web servers
|
||||
#as if they all used Mozilla on Linux. :)
|
||||
anonymize_headers deny User-Agent
|
||||
fake_user_agent Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6+) Gecko/20011122
|
||||
|
||||
#To make our connection even faster, we put two lines similar
|
||||
#to the ones below. They will point a parent proxy server our own Squid
|
||||
#will use. Don't forget to change the server to the one that will
|
||||
#be fastest for you!
|
||||
#Measure pings, traceroutes and so on.
|
||||
#Make sure that http and icp ports are correct.
|
||||
|
||||
#Uncomment lines beginning with "cache_peer" if necessary.
|
||||
#This is the proxy you are going to use for all connections...
|
||||
#cache_peer w3cache.icm.edu.pl parent 8080 3130 no-digest default
|
||||
|
||||
#...except for the connections to addresses and IPs beginning with "!".
|
||||
#It's a good idea not to use a higher
|
||||
#cache_peer_domain w3cache.icm.edu.pl !.pl !7thguard.net !192.168.1.1
|
||||
|
||||
#This is useful when we want to use the Cache Manager.
|
||||
#Copy cachemgr.cgi to cgi-bin of your www server.
|
||||
#You can reach it then via a web browser typing
|
||||
#the address http://your-web-server/cgi-bin/cachemgr.cgi
|
||||
cache_mgr your@email
|
||||
cachemgr_passwd secret_password all
|
||||
|
||||
#This is a name of a user our Squid will work as.
|
||||
cache_effective_user squid
|
||||
cache_effective_group squid
|
||||
|
||||
log_icp_queries off
|
||||
buffered_logs on
|
||||
|
||||
|
||||
#####DELAY POOLS
|
||||
#This is the most important part for shaping incoming traffic with Squid
|
||||
#For detailed description see squid.conf file or docs at http://www.squid-cache.org
|
||||
|
||||
#We don't want to limit downloads on our local network.
|
||||
acl magic_words1 url_regex -i 192.168
|
||||
|
||||
#We want to limit downloads of these type of files
|
||||
#Put this all in one line
|
||||
acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .qt
|
||||
.ram .rm .iso .raw .wav .mov
|
||||
#We don't block .html, .gif, .jpg and similar files, because they
|
||||
#generally don't consume much bandwidth
|
||||
|
||||
#We want to limit bandwidth during the day, and allow
|
||||
#full bandwidth during the night
|
||||
#Caution! with the acl below your downloads are likely to break
|
||||
#at 23:59. Read the FAQ in this bandwidth if you want to avoid it.
|
||||
acl day time 09:00-23:59
|
||||
|
||||
#We have two different delay_pools
|
||||
#View Squid documentation to get familiar
|
||||
#with delay_pools and delay_class.
|
||||
delay_pools 2
|
||||
|
||||
#First delay pool
|
||||
#We don't want to delay our local traffic.
|
||||
#There are three pool classes; here we will deal only with the second.
|
||||
#First delay class (1) of second type (2).
|
||||
delay_class 1 2
|
||||
|
||||
#-1/-1 mean that there are no limits.
|
||||
delay_parameters 1 -1/-1 -1/-1
|
||||
|
||||
#magic_words1: 192.168 we have set before
|
||||
delay_access 1 allow magic_words1
|
||||
|
||||
|
||||
#Second delay pool.
|
||||
#we want to delay downloading files mentioned in magic_words2.
|
||||
#Second delay class (2) of second type (2).
|
||||
delay_class 2 2
|
||||
|
||||
#The numbers here are values in bytes;
|
||||
#we must remember that Squid doesn't consider start/stop bits
|
||||
#5000/150000 are values for the whole network
|
||||
#5000/120000 are values for the single IP
|
||||
#after downloaded files exceed about 150000 bytes,
|
||||
#(or even twice or three times as much)
|
||||
#they will continue to download at about 5000 bytes/s
|
||||
|
||||
delay_parameters 2 5000/150000 5000/120000
|
||||
#We have set day to 09:00-23:59 before.
|
||||
delay_access 2 allow day
|
||||
delay_access 2 deny !day
|
||||
delay_access 2 allow magic_words2
|
||||
|
||||
|
||||
#EOF
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
|
||||
OK, when we have configured everything, we must make sure everything
|
||||
under /opt/squid and /cache directories belongs to user 'squid'.
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
# mkdir /var/log/squid/
|
||||
|
||||
# chown squid:squid /var/log/squid/
|
||||
|
||||
# chmod 770 /var/log/squid/
|
||||
|
||||
# chown -R squid:squid /opt/squid/
|
||||
|
||||
# chown -R squid:squid /cache/
|
||||
|
||||
Now everything is ready to run Squid. When we do it for the first time,
|
||||
we have to create its cache directories:
|
||||
|
||||
# /opt/squid/bin/squid -z
|
||||
|
||||
We run Squid and check if everything is working. A good tool to do that
|
||||
is IPTraf; you can find it on [http://freshmeat.net] http://
|
||||
freshmeat.net. Make sure you have set the appropriate proxy in your web
|
||||
browsers (192.168.1.1, port 8080 in our example):
|
||||
|
||||
# /opt/squid/bin/squid
|
||||
|
||||
If everything is working, we add /opt/squid/bin/squid line to the end of
|
||||
our initializing scripts. Usually, it can be /etc/rc.d/rc.local.
|
||||
|
||||
Other helpful options in Squid may be:
|
||||
|
||||
# /opt/squid/bin/squid -k reconfigure (it reconfigures Squid if we made
|
||||
any changes in its squid.conf file)
|
||||
|
||||
# /opt/squid/bin/squid -help :) self-explanatory
|
||||
|
||||
You can also copy cachemgr.cgi to the cgi-bin directory of your WWW
|
||||
server, to make use of a useful Cache Manager.
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
-----------------------------------------------------------------------------
|
||||
3.3. Solving remaining problems
|
||||
|
||||
<para>
|
||||
OK, we have installed Squid and configured it to use delay pools. I bet
|
||||
nobody wants to be restricted, especially our clever LAN users. They will
|
||||
likely try to avoid our limitations, just to download their favourite mp3s a
|
||||
little faster (and thus causing your headache).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
I assume that you use IP-masquerade on your LAN so that your users could use
|
||||
IRC, ICQ, e-mail, etc. That's OK, but we must make sure that our LAN users
|
||||
will use our delay pooled Squid to access web pages and use ftp.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
We can solve most of these problems by using ipchains (Linux 2.2.x kernels)
|
||||
or iptables (Linux 2.4.x kernels).
|
||||
</para>
|
||||
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
3.3.1. Linux 2.2.x kernels (ipchains)
|
||||
|
||||
We must make sure that nobody will try to cheat and use a proxy server other
|
||||
than ours. Public proxies usually run on 3128 and 8080 ports:
|
||||
|
||||
/sbin/ipchains -A input -s 192.168.1.1/24 -d ! 192.168.1.1 3128 -p TCP -j
|
||||
REJECT
|
||||
|
||||
/sbin/ipchains -A input -s 192.168.1.1/24 -d ! 192.168.1.1 8080 -p TCP -j
|
||||
REJECT
|
||||
|
||||
We must also make sure that nobody will try to cheat and connect to the
|
||||
internet directly (IP-masquerade) to download web pages:
|
||||
|
||||
/sbin/ipchains -A input -s 192.168.1.1/24 -d ! 192.168.1.1 80 -p TCP -j
|
||||
REDIRECT 8080
|
||||
|
||||
If everything is working, we add these lines to the end of our initializing
|
||||
scripts. Usually, it can be /etc/rc.d/rc.local.
|
||||
|
||||
We might think to block ftp traffic (ports 20 and 21) to force our LAN users
|
||||
to use Squid, but it's not a good idea for at least two reasons:
|
||||
|
||||
* Squid is a http proxy with ftp support, not a real ftp proxy. It can
|
||||
download from ftp, it can also upload to some ftp, but it can't delete/
|
||||
change name of files on remote ftp servers.
|
||||
|
||||
When we block ports 20 and 21, we won't be able to delete/change name of
|
||||
files on remote ftp servers.
|
||||
|
||||
* IE5.5 has a bug -- it doesn't use a proxy to retrieve the ftp directory.
|
||||
Instead it connects directly via IP-masquerade.
|
||||
|
||||
When we block ports 20 and 21, we won't be able to browse through ftp
|
||||
directories, using IE5.5.
|
||||
|
||||
|
||||
So, we will block excessive ftp downloads using other methods. We will deal
|
||||
with it in chapter 4.
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
3.3.2. Linux 2.4.x kernels (iptables)
|
||||
|
||||
We must make sure that nobody will try to cheat and use a proxy server other
|
||||
than ours. Public proxies usually run on 3128 and 8080 ports:
|
||||
|
||||
/sbin/iptables -A FORWARD -s 192.168.1.1/24 -d ! 192.168.1.1 --dport 3128 -p
|
||||
TCP -j DROP
|
||||
|
||||
/sbin/iptables -A FORWARD -s 192.168.1.1/24 -d ! 192.168.1.1 --dport 8080 -p
|
||||
TCP -j DROP
|
||||
|
||||
We must also make sure that nobody will try to cheat and connect to the
|
||||
internet directly (IP-masquerade) to download web pages:
|
||||
|
||||
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
|
||||
--to-port 8080
|
||||
|
||||
If everything is working, we add these lines to the end of our initializing
|
||||
scripts. Usually, it can be /etc/rc.d/rc.local.
|
||||
|
||||
We might think to block ftp traffic (ports 20 and 21) to force our LAN users
|
||||
to use Squid, but it's not a good idea for at least two reasons:
|
||||
|
||||
* Squid is a http proxy with ftp support, not a real ftp proxy. It can
|
||||
download from ftp, it can also upload to some ftp, but it can't delete/
|
||||
change name of files on remote ftp servers.
|
||||
|
||||
When we block ports 20 and 21, we won't be able to delete/change name of
|
||||
files on remote ftp servers.
|
||||
|
||||
* IE5.5 has a bug -- it doesn't use a proxy to retrieve the ftp directory.
|
||||
Instead it connects directly via IP-masquerade.
|
||||
|
||||
When we block ports 20 and 21, our LAN users won't be able to browse
|
||||
through ftp directories, using IE5.5.
|
||||
|
||||
|
||||
So, we will block excessive ftp downloads using other methods. We will deal
|
||||
with it in chapter 4.
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
4. Dealing with Other Bandwidth-consuming Protocols Using CBQ
|
||||
|
||||
We must remember that our LAN users can spoil our efforts from chapter 3, if
|
||||
they use Napster, Kazaa or Realaudio. We must also remember that we didn't
|
||||
block ftp traffic in section 3.3.
|
||||
|
||||
We will achieve it in a different way -- not by limiting downloading
|
||||
directly, but rather, indirectly. If our internet device is ppp0 and LAN
|
||||
device is eth0, we will limit outgoing traffic on interface eth0, and thus,
|
||||
limit incoming traffic to ppp0.
|
||||
|
||||
To do it, we will get familiar with CBQ and cbq.init script. You can obtain
|
||||
it from [ftp://ftp.equinox.gu.net/pub/linux/cbq/] ftp://ftp.equinox.gu.net/
|
||||
pub/linux/cbq/. Download cbq.init-v0.6.2 and put it in /etc/rc.d/.
|
||||
|
||||
You will also need iproute2 installed. It comes with every Linux
|
||||
distribution.
|
||||
|
||||
Now look in your /etc/sysconfig/cbq/ directory. There, you should have an
|
||||
example file, which should work with cbq.init. If it isn't there, you
|
||||
probably don't have it compiled in your kernel nor it isnt't present as
|
||||
modules. Well, in any case, just make that directory, put example files
|
||||
provided below, and see if it'd work for you.
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
4.1. FTP
|
||||
|
||||
In chapter 3, we didn't block ftp for two reasons -- so that we could do
|
||||
uploads, and so that users with buggy IE5.5 could browse through ftp
|
||||
directories. In all, our web browsers and ftp programs should make downloads
|
||||
via our Squid proxy and ftp uploads/renaming/deleting should be made via
|
||||
IP-masquerade.
|
||||
|
||||
We create a file called cbq-10.ftp-network in the /etc/sysconfig/cbq/
|
||||
directory:
|
||||
|
||||
# touch /etc/sysconfig/cbq/cbq-10.ftp-network
|
||||
|
||||
We insert the following lines into it:
|
||||
DEVICE=eth0,10Mbit,1Mbit
|
||||
RATE=15Kbit
|
||||
WEIGHT=1Kbit
|
||||
PRIO=5
|
||||
RULE=:20,192.168.1.0/24
|
||||
RULE=:21,192.168.1.0/24
|
||||
|
||||
You will find the description of thses lines in cbq.init-v0.6.2 file.
|
||||
|
||||
When you start /etc/rc.d/cbq.init-v0.6.2 script, it will read your
|
||||
configuration, which is placed in /etc/sysconfig/cbq/:
|
||||
|
||||
# /etc/rc.d/cbq.init-v0.6.2 start
|
||||
|
||||
If everything is working, we add /etc/rc.d/cbq.init-v0.6.2 start to the end
|
||||
of your initializing scripts. Usually, it can be /etc/rc.d/rc.local.
|
||||
|
||||
Thanks to this command, your server will not send ftp data through eth0
|
||||
faster than about 15kbits/s, and thus will not download ftp data from the
|
||||
internet faster than 15kbits/s.Your LAN users will see that it's more
|
||||
efficient to use Squid proxy for doing ftp downloads. They will be also able
|
||||
to browse ftp directories using their buggy IE5.5.
|
||||
|
||||
There is also another bug in IE5.5 - when you right click on a file in a ftp
|
||||
directory then select 'Copy To Folder', the file is downloaded not through
|
||||
proxy, but directly through IP-masquerade, thus omitting Squid with delay
|
||||
pools.
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
4.2. Napster, Realaudio, Windows Media and other issues
|
||||
|
||||
Here, the idea is the same as with ftp; we just add another port and set a
|
||||
different speed.
|
||||
|
||||
We create file called cbq-50.napster-network in the /etc/sysconfig/cbq/
|
||||
directory:
|
||||
|
||||
# touch /etc/sysconfig/cbq/cbq-50.napsterandlive
|
||||
|
||||
Put these lines into that file:
|
||||
DEVICE=eth0,10Mbit,1Mbit
|
||||
RATE=35Kbit
|
||||
WEIGHT=3Kbit
|
||||
PRIO=5
|
||||
#Windows Media Player.
|
||||
RULE=:1755,192.168.1.0/24
|
||||
#Real Player uses TCP port 554, for UDP it uses different ports,
|
||||
#but generally RealAudio in UDP doesn't consume much bandwidth.
|
||||
RULE=:554,192.168.1.0/24
|
||||
RULE=:7070,192.169.1.0/24
|
||||
#Napster uses ports 6699 and 6700, maybe some other?
|
||||
RULE=:6699,192.168.1.0/24
|
||||
RULE=:6700,192.168.1.0/24
|
||||
#Audiogalaxy uses ports from 41000 to as high as probably 41900,
|
||||
#there are many of them, so keep in mind I didn't list all of
|
||||
#them here. Repeating 900 nearly the same lines would be of course
|
||||
#pointless. We will simply cut out ports 410031-41900 using
|
||||
#ipchains or iptables.
|
||||
RULE=:41000,192.168.1.0/24
|
||||
RULE=:41001,192.168.1.0/24
|
||||
#continue from 41001 to 41030
|
||||
RULE=:41030,192.168.1.0/24
|
||||
#Some clever users can connect to SOCKS servers when using Napster,
|
||||
#Audiogalaxy etc.; it's also a good idea to do so
|
||||
#when you run your own SOCKS proxy
|
||||
RULE=:1080,192.168.1.0/24
|
||||
#Add any other ports you want; you can easily check and track
|
||||
#ports that programs use with IPTraf
|
||||
#RULE=:port,192.168.1.0/24
|
||||
|
||||
Don't forget to cut out remaining Audiogalaxy ports (41031-41900), using
|
||||
ipchains (kernels 2.2.x or iptables (kernels 2.4.x).
|
||||
|
||||
Kernels 2.2.x.
|
||||
|
||||
/sbin/ipchains -A input -s 192.168.1.1/24 -d ! 192.168.1.1 41031:41900 -p TCP
|
||||
-j REJECT
|
||||
|
||||
Kernels 2.4.x.
|
||||
|
||||
/sbin/iptables -A FORWARD -s 192.168.1.1/24 -d ! 192.168.1.1 --dport 41031:
|
||||
41900 -p TCP -j REJECT
|
||||
|
||||
Don't forget to add a proper line to your initializing scripts.
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
5. Frequently Asked Questions
|
||||
|
||||
5.1. Is it possible to limit bandwidth on a per-user basis with delay pools?
|
||||
|
||||
Yes. Look inside the original squid.conf file and check the Squid
|
||||
documentation on [http://www.squid-cache.org] http://www.squid-cache.org
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
5.2. How do I make wget work with Squid?
|
||||
|
||||
It's simple. Create a file called .wgetrc and put it in your home directory.
|
||||
Insert the following lines in it and that's it!
|
||||
HTTP_PROXY=192.168.1.1:8080
|
||||
FTP_PROXY=192.168.1.1:8080
|
||||
|
||||
You can make it work globally for all users, type man wget to learn how.
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
5.3. I set up my own SOCKS server listening on port 1080, and now I'm not
|
||||
able to connect to any irc server.
|
||||
|
||||
There can be two issues here.
|
||||
|
||||
One is when your SOCKS proxy is open relay, that means everyone can use it
|
||||
from any place in the world. It is a security issue and you should check your
|
||||
SOCKS proxy configuration again - generally irc servers don't allow open
|
||||
relay SOCKS servers to connect to them.
|
||||
|
||||
If you are sure your SOCKS server isn't open relay, you may be still
|
||||
disallowed to connect to some of the irc servers - it's because mostly they
|
||||
just check if SOCKS server is running on port 1080 of a client that is
|
||||
connecting. In that case just reconfigure your SOCKS to work on a different
|
||||
port. You will also have to reconfigure your LAN software to use a proper
|
||||
SOCKS server and port.
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
5.4. I don't like when Kazaa or Audiogalaxy is filling up all my upload
|
||||
bandwidth.
|
||||
|
||||
Indeed that can be painful, but it's simple to be solved.
|
||||
|
||||
Create a file called for example /etc/sysconfig/cbq/cbq-15.ppp.
|
||||
|
||||
Insert the following lines into it, and Kazaa or Audiogalaxy will upload not
|
||||
faster than about 15 kbits/s. I assume that your outgoing internet interface
|
||||
is ppp0.
|
||||
DEVICE=ppp0,115Kbit,11Kbit
|
||||
RATE=15Kbit
|
||||
WEIGHT=2Kbit
|
||||
PRIO=5
|
||||
TIME=01:00-07:59;110Kbit/11Kbit
|
||||
RULE=,:21
|
||||
RULE=,213.25.25.101
|
||||
RULE=,:1214
|
||||
RULE=,:41000
|
||||
RULE=,:41001
|
||||
#And so on till :41030
|
||||
RULE=,:41030
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
5.5. My outgoing mail server is eating up all my bandwidth.
|
||||
|
||||
You can limit your SMTP, Postfix, Sendmail, or whatever, in a way similar to
|
||||
the question above. Just change or add one rule:
|
||||
RULE=,:25
|
||||
|
||||
Moreover, if you have an SMTP server, you can force your local LAN users to
|
||||
use it, even though they have set up their own SMTP servers to
|
||||
smtp.some.server! We'll do it in a transparent way we did before with Squid.
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
5.6. Can I limit my own FTP or WWW server in a manner similar it is shown in
|
||||
the question above?
|
||||
|
||||
Generally you can, but usually these servers have got their own bandwidth
|
||||
limiting configurations, so you will probably want to look into their
|
||||
documentation.
|
||||
|
||||
2.2.x Kernels
|
||||
|
||||
/sbin/ipchains -A input -s 192.168.1.1/24 -d ! 192.168.1.1 25 -p TCP -j
|
||||
REDIRECT 25
|
||||
|
||||
2.4.x Kernels
|
||||
|
||||
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j REDIRECT
|
||||
--to-port 25
|
||||
|
||||
Don't forget to add a proper line to your initializing scripts.
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
5.7. Is it possible to limit bandwidth on a per-user basis with cbq.init
|
||||
script?
|
||||
|
||||
Yes. Look inside this script; there are some examples.
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
5.8. Whenever I start cbq.init, it says sch_cbq is missing.
|
||||
|
||||
Probably you don't have CBQ as modules in your system. If you have compiled
|
||||
CBQ into your kernel, comment out the following lines in your cbq.init-v0.6.2
|
||||
script.
|
||||
### If you have cbq, tbf and u32 compiled into kernel, comment it out
|
||||
#for module in sch_cbq sch_tbf sch_sfq sch_prio cls_u32; do
|
||||
# if ! modprobe $module; then
|
||||
# echo "**CBQ: could not load module $module"
|
||||
# exit
|
||||
# fi
|
||||
#done
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
5.9. CBQ sometimes doesn't work for no reason.
|
||||
|
||||
Generally it shouldn't occur. Sometimes, you can observe mass downloads,
|
||||
though you think you have blocked all ports Napster or Audiogalaxy uses.
|
||||
Well, there is always one more port open for mass downloads. To find it, you
|
||||
can use IPTraf. As there can be possibly thousands of such ports, it can be
|
||||
really hard task for you. To make it easier, you can consider running your
|
||||
own SOCKS proxy - Napster, Audiogalaxy and many programs can use SOCKS
|
||||
proxies, so it's much easier to deal with just one port, than to do so with
|
||||
thousands of possibilites (standard SOCKS port is 1080, if you run your own
|
||||
SOCKS proxy server, you will be able to set it up differently, or run
|
||||
multiple instances of SOCKS proxy listening on different ports). Don't forget
|
||||
to close all ports for traffic, and leave open ports like 25 and 110 (SMTP
|
||||
and POP3), and other you think might be useful. You will find a link to
|
||||
awesome Nylon socks proxy server at the end of this HOWTO.
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
5.10. Delay pools are stupid; why can't I download something at full speed
|
||||
when the network is used only by me?
|
||||
|
||||
Unfortunately, you can't do much about it.
|
||||
|
||||
The only thing you can do is to use cron and reconfigure it, for example, at
|
||||
1.00 am, so that Squid won't use delay pools, then reconfigure it again,
|
||||
let's say at 7.30 am, to use delay pools.
|
||||
|
||||
To do this, create two separate config files, called for example
|
||||
squid.conf-day and squid.conf-night, and put them into /opt/squid/etc/.
|
||||
|
||||
squid.conf-day would be the exact copy of a config we created earlier
|
||||
|
||||
squid.conf-night, on the contrary, would not have any delay pool lines, so
|
||||
all you have to do is to comment them out.
|
||||
|
||||
Next thing you have to do is to set up /etc/crontab entries correctly.
|
||||
|
||||
Edit /etc/crontab and put the following lines there:
|
||||
#SQUID - night and day config change
|
||||
01 9 * * * root /bin/cp -f /opt/squid/etc/squid.conf-day /opt/squid/etc/squid.conf; /opt/squid/bin/squid -k reconfigure
|
||||
59 23 * * * root /bin/cp -f /opt/squid/etc/squid.conf-night /opt/squid/etc/squid.conf; /opt/squid/bin/squid -k reconfigure
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
5.11. My downloads break at 23:59 with "acl day time 09:00-23:59" in
|
||||
squid.conf. Can I do something about it?
|
||||
|
||||
You can achieve by removing that acl from your squid.conf, and "delay_access
|
||||
2 allow dzien delay_access 2 deny !dzien" as well.
|
||||
|
||||
Then try to do it with cron as in the question above.
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
5.12. Squid's logs grow and grow very fast, what can I do about it?
|
||||
|
||||
Indeed, the more users you have, the more - sometimes useful - information
|
||||
will be logged.
|
||||
|
||||
The best way to eradicate it would be to use logrotate, but you'd have to do
|
||||
a little trick to make it work with Squid: proper cron and logrotate entries.
|
||||
|
||||
/etc/crontab entries:
|
||||
#SQUID - logrotate
|
||||
01 4 * * * root /opt/squid/bin/squid -k rotate; /usr/sbin/logrotate /etc/logrotate.conf; /bin/rm -f /var/log/squid/*.log.0
|
||||
|
||||
Here we have caused logrotate to start daily at 04:01 am, so remove any
|
||||
remaining logrotate starting points, for example from /etc/cron.daily/.
|
||||
|
||||
/etc/logrotate.d/syslog entries:
|
||||
#SQUID logrotate - will keep logs for 40 days
|
||||
/var/log/squid/*.log.0 {
|
||||
rotate 40
|
||||
compress
|
||||
daily
|
||||
postrotate
|
||||
/usr/bin/killall -HUP syslogd
|
||||
endscript
|
||||
}
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
5.13. CBQ is stupid; why can't I download something at full speed when the
|
||||
network is used only be me?
|
||||
|
||||
Lucky you, it's possible!
|
||||
|
||||
There are to ways to achieve it.
|
||||
|
||||
The first is the easy one, similar to the solution we've made with Squid.
|
||||
Insert a line similar to the one below to your CBQ config files placed in /
|
||||
etc/sysconfig/cbq/:
|
||||
TIME=00:00-07:59;110Kbit/11Kbit
|
||||
|
||||
You can have multiple TIME parameters in your CBQ config files.
|
||||
|
||||
Be careful though, because there is a small bug in that cbq.init-v0.6.2
|
||||
script - it won't let you set certain times, for example 00:00-08:00! To make
|
||||
sure if everything is working correctly, start cbq.init-v0.6.2, and then
|
||||
within the time you set, type
|
||||
|
||||
/etc/rc.d/cbq.init-v0.6.2 timecheck
|
||||
|
||||
This is the example how the proper output should look like:
|
||||
|
||||
[root@mangoo rc.d]# ./cbq.init start; ./cbq.init timecheck **CBQ: 3:44: class
|
||||
10 on eth0 changed rate (20Kbit -> 110Kbit) **CBQ: 3:44: class 40 on ppp0
|
||||
changed rate (15Kbit -> 110Kbit) **CBQ: 3:44: class 50 on eth0 changed rate
|
||||
(35Kbit -> 110Kbit)
|
||||
|
||||
In this example something went wrong, probably in the second config file
|
||||
placed in /etc/sysconfig/cbq/; second counting from the lowest number in its
|
||||
name:
|
||||
|
||||
[root@mangoo rc.d]# ./cbq.init start; ./cbq.init timecheck **CBQ: 3:54: class
|
||||
10 on eth0 changed rate (20Kbit -> 110Kbit) ./cbq.init: 08: value too great
|
||||
for base (error token is "08")
|
||||
|
||||
The second way to make CBQ more intelligent is harder - it doesn't depend on
|
||||
time. You can read about it in the Linux 2.4 Advanced Routing HOWTO, and play
|
||||
with tc command.
|
||||
-----------------------------------------------------------------------------
|
||||
* Bandwidth Limiting HOWTO
|
||||
|
||||
6. Miscellaneous
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -29,487 +29,6 @@ servers. There are many FTP clients available. Some are graphical, and
|
|||
some are text-based.
|
||||
</para>
|
||||
|
||||
|
||||
<para>
|
||||
3. Beginner's guide to using ftp
|
||||
A quick guide to using ftp.
|
||||
|
||||
The standard ftp program is the original ftp client. It comes standard with most Linux
|
||||
distributions. It first appeared in 4.2BSD, which was developed by the University of
|
||||
California, Berkeley.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
3.1 Running the ftp program
|
||||
It's easy to use ftp. Let's say you want to connect to the anonymous ftp site
|
||||
metalab.unc.edu, to download the latest Linux kernel source.
|
||||
At the command line, type:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
$ ftp metalab.unc.edu
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The ftp program will attempt to connect to metalab.unc.edu. Another way to do this is
|
||||
to run ftp from the command line with no parameters, and use the open command, with
|
||||
the site name as an argument:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
$ ftp
|
||||
ftp> open metalab.unc.edu
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
3.2 Logging into an FTP server
|
||||
When you connect to an FTP site, it will ask you for a login (pressing enter will
|
||||
log in as your local user name, in this case, foo: We log in as anonymous or ftp,
|
||||
to get to the public archive.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
220 helios.oit.unc.edu FTP server (Version wu-2.6.0(2) Wed Nov 17 14:44:12
|
||||
EST 1999) ready.
|
||||
Name (metalab.unc.edu:foo):
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Now, we enter a complete e-mail address as the password (this is what most public
|
||||
FTP sites request).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
331 Guest login ok, send your complete e-mail address as password.
|
||||
Password:
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
After a successful login, the following information is given to us:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
Remote system type is UNIX.
|
||||
Using binary mode to transfer files.
|
||||
ftp>
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
3.3 File transfer types
|
||||
After you log in to an ftp site, ftp will print out the file transfer type. In
|
||||
our case, it is binary. Binary mode transfers the files, bit by bit, as they
|
||||
are on the FTP server. Ascii mode, however, will download the text directly.
|
||||
You can type ascii or binary to switch between the types.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
You want to download the kernel source, so you leave the file transfer type at
|
||||
binary. The binary type is also what you would use for any non-text files --
|
||||
such as graphic images, zip/gzip archives, executable programs, etc. If in
|
||||
doubt, use binary mode.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
3.4 Navigating and listing directories
|
||||
You do an ls to see a list of the files. The ls command on ftp servers is
|
||||
executed on the remote server, so the command line options that you can use
|
||||
with it vary from server to server. The most common options are generally
|
||||
available, check the manpage for ls for details.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
ftp> ls
|
||||
200 PORT command successful.
|
||||
150 Opening ASCII mode data connection for /bin/ls.
|
||||
total 33590
|
||||
-r--r--r-- 1 root other 34348506 Dec 03 03:53 IAFA-LISTINGS
|
||||
lrwxrwxrwx 1 root other 7 Jul 15 1997 README -> WELCOME
|
||||
-rw-r--r-- 1 root other 890 Nov 15 13:11 WELCOME
|
||||
dr-xr-xr-x 2 root other 512 Jul 15 1997 bin
|
||||
dr-xr-xr-x 2 root other 512 Jul 15 1997 dev
|
||||
dr-xr-xr-x 2 root other 512 Jul 18 1997 etc
|
||||
drwxrwxrwx 11 ftp 20 4608 Nov 28 16:00 incoming
|
||||
lrwxrwxrwx 1 root other 13 Jun 04 1998 ls-lR -> IAFA-LISTINGS
|
||||
dr-xr-xr-x 17 root root 512 Jun 08 11:43 pub
|
||||
dr-xr-xr-x 3 root other 512 Jul 15 1997 unc
|
||||
dr-xr-xr-x 5 root other 512 Jul 15 1997 usr
|
||||
226 Transfer complete.
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If the ls command lists so many files that they scroll off the top of the
|
||||
screen, you can use Shift-PageUp to scroll up. This works in Linux console
|
||||
mode as well as in xterm or rxvt.
|
||||
|
||||
On public FTP archives, the downloadable resources are usually held in the
|
||||
/pub directory. In this example, you already know that the kernel sources
|
||||
are in the directory /pub/Linux/kernel, so you type the following to get
|
||||
into that directory:
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
ftp> cd pub/Linux/kernel
|
||||
250-README for kernel
|
||||
250-
|
||||
250-What you'll find here: kernel sources and patches
|
||||
250-
|
||||
250-
|
||||
250 CWD command successful.
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The messages you see, which begin with "250", are information messages sent
|
||||
by the server. In this case, the ftp server is configured to automatically
|
||||
send you the README file when you cd into the directory.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
3.5 Downloading and uploading files
|
||||
Now, after doing another ls, you see that you want to cd into the v2.2
|
||||
directory. You do yet another ls, and find the file you want to download.
|
||||
It is linux-2.2.13.tar.gz. So you type this:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
ftp> get linux-2.2.13.tar.gz
|
||||
local: linux-2.2.13.tar.gz remote: linux-2.2.13.tar.gz
|
||||
200 PORT command successful.
|
||||
150 Opening BINARY mode data connection for linux-2.2.13.tar.gz (15079540
|
||||
bytes).
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The ftp program has started saving the remote file linux-2.2.13.tar.gz as
|
||||
the local file linux-2.2.13.tar.gz.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you wanted to save it as the local file foo.tar.gz, you could have
|
||||
specified it like this:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
ftp> get linux-2.2.13.tar.gz foo.tar.gz
|
||||
local: foo.tar.gz remote: linux-2.2.13.tar.gz
|
||||
200 PORT command successful.
|
||||
150 Opening BINARY mode data connection for linux-2.2.13.tar.gz (15079540
|
||||
bytes).
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you want to download more than one file at a time, you'll have to use
|
||||
the mget (multiple get) command. You can use mget together with a
|
||||
space-delimited list of filenames you want to download, or you can use
|
||||
wildcards with the mget command. For example:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
ftp> mget linux*
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Would get all files starting with the string "linux". Normally, mget will
|
||||
prompt you for each file before it downloads it. You can toggle this by
|
||||
using the prompt command.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Now let's say you've written a piece of software, and you want to upload
|
||||
it to MetaLab to be included in their Linux software archive. First,
|
||||
you'd change to the /incoming directory (most public FTP servers have a
|
||||
directory, usually called incoming or uploads, where files can be
|
||||
uploaded), then you'd use the put command:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
ftp> cd /incoming
|
||||
ftp> put foo.tar.gz
|
||||
local: foo.tar.gz remote: foo.tar.gz
|
||||
200 PORT command successful.
|
||||
150 Opening BINARY mode data connection for foo.tar.gz.
|
||||
226 Transfer complete.
|
||||
10257 bytes sent in 0.00316 secs (3.2e+03 Kbytes/sec)
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The put command works the same way as the get command, so you can use
|
||||
mput to upload multiple files at the same time. You can also upload a
|
||||
local file with a different filename on the server by specifying the
|
||||
remote filename and/or pathname as an argument.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
What if the file foo.tar.gz is not in your current local directory
|
||||
when you try to upload it? You can switch local directories by using
|
||||
the lcd (local change directory) command:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
ftp> lcd /home/foo/
|
||||
Local directory now /home/foo
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
3.6 Running shell commands
|
||||
The ftp client supports using the bang (!) to run local commands. For
|
||||
example, to get a listing of files in your current local directory, do this:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
ftp> !ls
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The way this works is that ftp calls the shell (specified in the $SHELL
|
||||
environment variable), and it is the shell which runs ls. Thus, you can
|
||||
run any command-line which works with your shell simply by prepending "!"
|
||||
to it (the default shell in most Linux distributions is bash, the Bourne
|
||||
Again SHell). Please note that !cd does not work as you would expect,
|
||||
this is why the lcd command exists.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
3.7 Hash marks and tick
|
||||
Wouldn't it be nice if you could watch the progress while you're downloading
|
||||
a file with ftp? You can use the hash command to print out hash marks as you
|
||||
download a file:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
ftp> hash
|
||||
Hash mark printing on (1024 bytes/hash mark).
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
As you can tell, ftp will print a hash mark for every 1024 bytes of data
|
||||
you download. There is also a tick option.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
ftp> tick
|
||||
Tick counter printing on (10240 bytes/tick increment).
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
This will print something to this effect as you download a file:
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<screen>
|
||||
Bytes transferred: 11680
|
||||
</screen>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
3.8 Other ftp commands
|
||||
There are many other ftp commands. If you have the permissions to do so
|
||||
(which you should, if you are connected to your own private shell account),
|
||||
you can make a directory on the remote server using the mkdir command.
|
||||
You can remove a file on the remote server using the delete command, or
|
||||
rmdir to remove a directory. You can also change file permissions using the
|
||||
chmod command.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
For more elaborate information on using ftp, please see the online help in
|
||||
the ftp program (accessible by typing help with no arguments for a list of
|
||||
commands, or help <commandname> for specific help on a command). You can
|
||||
also read the Unix man page for ftp by typing man ftp at your command prompt.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
4. Console FTP clients
|
||||
The original ftp program was the original ftp client, and it is a good
|
||||
investment to learn it. It's the only ftp client that you can be certain
|
||||
is available on most systems (even Win32 comes with the ftp command, albeit
|
||||
an archaic, braindead version of it).
|
||||
</para>
|
||||
|
||||
<para>
|
||||
There are many other console-mode (text-only) ftp clients available. The
|
||||
listing here is by no means comprehensive, but includes the most popular
|
||||
ones. Search at FreshMeat to find more.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
4.1 NcFTP
|
||||
NcFTP is the all-time favorite ftp client of many Unix users. It comes
|
||||
bundled with most Linux distributions, and offers many advanced features such
|
||||
as tab completion and bookmarks. Version 2 of NcFTP had a curses based
|
||||
full-screen mode. This was done away with in Version 3 (now in beta).
|
||||
It's not 100% compatible with the commands that standard ftp uses. For example,
|
||||
get and put in NcFTP act like mget and mput do in standard ftp. So if you want
|
||||
to save a remote file as a different local filename, you'd have to
|
||||
do get -z remotename localname. Thankfully, NcFTP has a nice online help system
|
||||
to assist you in learning the commands.
|
||||
You can get the latest version of NcFTP at http://www.ncftp.com.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
4.2 lukemftp
|
||||
A port of the NetBSD FTP client to other systems, lukemftp derives its name
|
||||
from the author of most of the enhanced features, which include:
|
||||
command-line editing, command-line fetches of FTP and HTTP URLs (including
|
||||
via proxies), context-sensitive word completion, dynamic progress bar,
|
||||
IPv6 support, modification time preservation, paging of local and remote
|
||||
files, passive mode support (with fallback to active mode), SOCKS support,
|
||||
TIS FWTK gate-ftp server support, and transfer rate throttling.
|
||||
lukemftp is espically good for users who don't want to change to anything
|
||||
drastically different from the standard ftp client, but want more advanced features.
|
||||
You can get the latest version of lukemftp at
|
||||
ftp://ftp.netbsd.org/pub/NetBSD/misc/lukemftp/.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
4.3 lftp
|
||||
lftp is a sophisticated command line based FTP client. Like bash, it has job
|
||||
control. It uses the GNU readline library for input, so you have command line
|
||||
completion and editing. lftp also has bookmarks, mirroring support, and can
|
||||
transfer several files in parellel.
|
||||
You can get the latest version of lftp at http://ftp.yars.free.net/projects/lftp/.
|
||||
Debian packages are available at ftp://ftp.freshmeat.net/pub/debs/lftp/.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
4.4 cftp
|
||||
Comfortable FTP (cftp) is a full screen mode client. What it lacks in features,
|
||||
it makes up for in ease of use. You browse through the directories using the
|
||||
arrow keys and enter.
|
||||
You should be able to get the latest version of cftp at
|
||||
http://ftp.giga.or.at/pub/nih/cftp/.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
4.5 yafc
|
||||
Yafc is a very nice ftp client, with features including directory cache,
|
||||
remote filename completion, aliases, colorized ls, recursive get/put/ls/rm,
|
||||
nohup mode transfers, tagging (queueing), multiple connections, proxy support
|
||||
and more. It has support for Kerberos4 authentication.
|
||||
You can get the latest version of yafc from
|
||||
http://www.stacken.kth.se/~mhe/yafc/.
|
||||
Debian packages are available at
|
||||
http://members.home.com/decklin/experimental/.
|
||||
Redhat packages are available at
|
||||
http://lz.freeservers.com/linux/yafc.html.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
5. X Window FTP clients
|
||||
There are several graphical FTP clients designed to run on the X Window
|
||||
system. These clients offer ease of use for users who are used to
|
||||
graphical environments, and sometimes offer versatile options that would
|
||||
be hard to implement in a text-based ftp client.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
5.1 gFTP
|
||||
gFTP is an FTP client for X Windows written using Gtk. The interface has
|
||||
some similarities to the popular WS_FTP software commonly used on a certain
|
||||
unstable operating system.
|
||||
gFTP features simultaneous downloads, resuming of interrupted file transfers,
|
||||
file transfer queues, downloading of entire directories, ftp proxy support,
|
||||
remote directory caching, passive and non-passive file transfers, drag-n-drop
|
||||
support, a very nice connection manager and more.
|
||||
If you are running Red Hat Linux and have the GNOME desktop installed, then
|
||||
you probably already have gFTP. If not, you can download gFTP from its
|
||||
homepage at http://gftp.seul.org/.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
5.2 WXftp
|
||||
WXftp is an FTP client for the X Window System designed to be used mainly
|
||||
on Linux workstations. It is written using the WXWindows toolkit, so it
|
||||
can be compiled to use either Motif or GTK+
|
||||
It includes an intuitive user interface (much like WS_FTP), a session
|
||||
manager, on-line help, a progress bar, and more
|
||||
Check out WXftp's homepage at http://www.wxftp.seul.org.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
5.3 LLNL XDIR and XFTP
|
||||
LLNL XFTP was one of the first graphical FTP clients for Linux. It supports
|
||||
FXP (file transfer between two remote hosts), and has a Motif based interface.
|
||||
More information is available at http://www.llnl.gov/ia/xdir_xftp/.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
5.4 guiftp
|
||||
Guiftp is a simple ftp client written with the GTK+ toolkit. It's good if
|
||||
you don't need many features and want a simple, clean look.
|
||||
Guiftp's homepage is at http://www.altern.org/ldufresne/guiftp/.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
6. FTP Servers
|
||||
6.1 How an FTP Server works
|
||||
A traditional FTP server is executed from inetd (the internet superserver
|
||||
daemon). The standard FTP port is port 21. When a user tries to log in, the
|
||||
FTP server uses a standard system call to check the user name and password
|
||||
against the entries in the system password file, or the NIS tables if you
|
||||
are using NIS. If the login is correct, the user is given access to the system.
|
||||
Anonymous FTP works differently. The user logs in with either the anonymous
|
||||
or the ftp username (this can be defined in the config file). He is then
|
||||
given access to a directory tree that has been chroot()'ed. This ensures
|
||||
that the user can not gain access to directory trees he is not authorized
|
||||
for. The chrooted directory tree usually contains a mock filesystem,
|
||||
with bin/, etc/, and lib/ directories. The files for download are usually
|
||||
put in the pub/ directory.
|
||||
The reason for a mock filesystem in an anonymous FTP tree is that the FTP
|
||||
daemon runs external commands for ls requests. You can also place additional
|
||||
programs in the bin directory, and a user can run them with the SITE command
|
||||
in his ftp client. For example, Red Hat's FTP includes the RPM command
|
||||
(for users to query RPM packages on the site).
|
||||
Some FTP servers work differently. For example, some will allow user accounts
|
||||
to be set up independant of the system-wide password file (FTP-only accounts).
|
||||
Some servers (ProFTPD and NcFTPd for instance) have built-in ls commands and
|
||||
do not need a special directory tree within the chroot structure. Other ftp
|
||||
servers stray altogether from the standard ftp concept. FTP4ALL, for example,
|
||||
does not use system passwords at all. It uses it's own user and group file,
|
||||
and has features such as upload/download ratio and customizable server messages.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
6.2 Help with FTP Servers
|
||||
WU-FTPD
|
||||
WU-FTPD is the ftp daemon included with many Linux distributions, including
|
||||
Red Hat and Caldera. You can learn more about WU-FTPD at http://www.wu-ftpd.org.
|
||||
The WU-FTPD FAQ can be found on the web at http://www.cetis.hvu.nl/~koos/wu-ftpd-faq.html.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
ProFTPD
|
||||
ProFTPD is a powerful FTP server that includes Apache-style configuration,
|
||||
extensive support for virtual hosts, and internal ls.
|
||||
A complete command reference and downloads can be found at http://www.proftpd.org
|
||||
</para>
|
||||
* FTP HOWTO
|
||||
|
||||
</sect1>
|
||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -15,7 +15,7 @@ term Intranet refers to the application of Internet technologies
|
|||
inside an organisation mainly for the purpose of distributing and
|
||||
making available information inside the company. Internet and Intranet
|
||||
services offered by Linux include mail, news, WWW servers and many
|
||||
more that will be outlined further on in the 'Linux-Networking' guide.
|
||||
more that will be outlined further on in this document.
|
||||
</para>
|
||||
|
||||
</sect1>
|
||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue