From: kevin lyda (kevin at domain suberic.net)
Date: Thu 10 Feb 2000 - 12:49:37 GMT
kilmartin mark wrote:
> Can anybody point me to a simple HOWTO/guide to setting up a linux machine
> to act as a proxy server for a small network.
> The linux machine if fitted with an external modem for dialup Internet
> I have looked at a number of documents but each one seems to give a
> different method of setting this up.
add this to /etc/rc.d/rc.local (i'm assuming a redhat setup for the file
name of the rc script, but the commands should work for any 2.2.x box,
and most init scripts have something like rc.local)
ipchains -P forward DENY
ipchains -A forward -i ppp0 -j MASQ
echo 1 > /proc/sys/net/ipv4/ip_forward
there's some file in /etc/sysconfig (network?) that has a FORWARD= line
or something like it that would obviate the need for the last line. if
you have a cable modem you'd really make me depressed and you'd need to
do a s/ppp0/ethN/ where N is the interface hooked up to the cable modem.
by the way for folks drooling over cable modems i should mention the
following issues to look out for:
o they usually "key" the "modem" to your MAC address so you'll
need to always use that card.
o be very paranoid about that interface. make a conscious decision
to find automatic package update tools sexy and learn how to
them. run tripwire. strip the box of useless crap and note that a
will more than handle the load - consider using something from a
group like the lrp.
o no, really, be security aware.
o consider openbsd.
o put two interfaces in the box. don't cheat and plug the cable modem
a hub, the router in the hub, and your other machines on the hub. i
people that lost their cable modem access in the states. consider
letting the installers see: linux, any signs of a home network, or
o i'm serious about that security thing. i wouldn't be surprised if
DoS attack is being mounted from boxes on cable modem networks with
security (good morning mr. linux pr disaster, how are you today...).
-- kevin at domain suberic.net Nutrition Facts fork()'ed on 37058400 Puns: 100% RDA (% good puns: 0)
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:05:23 GMT