Re: [ILUG] proxy

From: kevin lyda (kevin at domain suberic.net)
Date: Thu 10 Feb 2000 - 12:49:37 GMT

• Next message: John P. Looney: "Re: [ILUG] disk to disk cd copying"
• Previous message: John P. Looney: "Re: [ILUG] Re: Limerick Intersoc"
• In reply to: kilmartin mark: "[ILUG] proxy"
• Next in thread: Philip Trickett: "RE: [ILUG] proxy"
• Reply: Philip Trickett: "RE: [ILUG] proxy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

kilmartin mark wrote:
> Can anybody point me to a simple HOWTO/guide to setting up a linux machine
> to act as a proxy server for a small network.
> The linux machine if fitted with an external modem for dialup Internet
> connection.
>
> I have looked at a number of documents but each one seems to give a
> different method of setting this up.

add this to /etc/rc.d/rc.local (i'm assuming a redhat setup for the file
name of the rc script, but the commands should work for any 2.2.x box,
and most init scripts have something like rc.local)

        ipchains -P forward DENY
        ipchains -A forward -i ppp0 -j MASQ
        echo 1 > /proc/sys/net/ipv4/ip_forward

there's some file in /etc/sysconfig (network?) that has a FORWARD= line
or something like it that would obviate the need for the last line. if
you have a cable modem you'd really make me depressed and you'd need to
do a s/ppp0/ethN/ where N is the interface hooked up to the cable modem.

by the way for folks drooling over cable modems i should mention the
following issues to look out for:

  o they usually "key" the "modem" to your MAC address so you'll
    need to always use that card.
  o be very paranoid about that interface. make a conscious decision
    to find automatic package update tools sexy and learn how to
configure
    them. run tripwire. strip the box of useless crap and note that a
486
    will more than handle the load - consider using something from a
mini-linux
    group like the lrp.
  o no, really, be security aware.
  o consider openbsd.
  o put two interfaces in the box. don't cheat and plug the cable modem
into
    a hub, the router in the hub, and your other machines on the hub. i
know
    people that lost their cable modem access in the states. consider
not
    letting the installers see: linux, any signs of a home network, or
the
    second nic.
  o i'm serious about that security thing. i wouldn't be surprised if
the
    DoS attack is being mounted from boxes on cable modem networks with
lax
    security (good morning mr. linux pr disaster, how are you today...).

kevin

--
kevin at domain suberic.net                              Nutrition Facts
fork()'ed on 37058400		       Puns: 100% RDA  (% good puns: 0)

• Next message: John P. Looney: "Re: [ILUG] disk to disk cd copying"
• Previous message: John P. Looney: "Re: [ILUG] Re: Limerick Intersoc"
• In reply to: kilmartin mark: "[ILUG] proxy"
• Next in thread: Philip Trickett: "RE: [ILUG] proxy"
• Reply: Philip Trickett: "RE: [ILUG] proxy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:05:23 GMT