LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] proxy

[ILUG] proxy

kevin lyda kevin at suberic.net
Thu Feb 10 12:49:37 GMT 2000 

kilmartin mark wrote:
> Can anybody point me to a simple HOWTO/guide to setting up a linux machine
> to act as a proxy server for a small network.
> The linux machine if fitted with an external modem for dialup Internet
> connection.
> 
> I have looked at a number of documents but each one seems to give a
> different method of setting this up.

add this to /etc/rc.d/rc.local (i'm assuming a redhat setup for the file
name of the rc script, but the commands should work for any 2.2.x box,
and most init scripts have something like rc.local)

	ipchains -P forward DENY
	ipchains -A forward -i ppp0 -j MASQ
	echo 1 > /proc/sys/net/ipv4/ip_forward

there's some file in /etc/sysconfig (network?) that has a FORWARD= line
or something like it that would obviate the need for the last line.  if
you have a cable modem you'd really make me depressed and you'd need to
do a s/ppp0/ethN/ where N is the interface hooked up to the cable modem.

by the way for folks drooling over cable modems i should mention the
following issues to look out for:

  o they usually "key" the "modem" to your MAC address so you'll
    need to always use that card.
  o be very paranoid about that interface.  make a conscious decision
    to find automatic package update tools sexy and learn how to
configure
    them.  run tripwire.  strip the box of useless crap and note that a
486
    will more than handle the load - consider using something from a
mini-linux
    group like the lrp.
  o no, really, be security aware.
  o consider openbsd.
  o put two interfaces in the box.  don't cheat and plug the cable modem
into
    a hub, the router in the hub, and your other machines on the hub.  i
know
    people that lost their cable modem access in the states.  consider
not
    letting the installers see: linux, any signs of a home network, or
the
    second nic.
  o i'm serious about that security thing.  i wouldn't be surprised if
the
    DoS attack is being mounted from boxes on cable modem networks with
lax
    security (good morning mr. linux pr disaster, how are you today...).

kevin
--
kevin at suberic.net                              Nutrition Facts
fork()'ed on 37058400		       Puns: 100% RDA  (% good puns: 0)

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell