[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Internet proxy server

Bill

on my RH5.1 system it's in /usr/doc/HOTO/mini/IP-Masquerade . In a nutshell, 
your configure your clients to use the linux box as it's gateway. The linux 
box masquerades as/ pretends to be the box that the client requests came 
from, by changing the pacjet headers on the way out, and routing them back 
to the client on the way back in.

RH5.1 and above have this already compiled into the kernel by default.

Read the howto so you get a feel for how it works. 
Install the ipfwadm package

The bottom line is this. you need to add a few lines to your 
/etc/rc.d/rc.local file to enable it.

# IP Masquerading
echo "ip_masq 90.0.0.3"
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/depmod -a
/sbin/modprobe ipip.o
/sbin/modprobe ip_masq_ftp.o
/sbin/modprobe ip_masq_raudio.o
/sbin/modprobe ip_irc.o
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a m -S90.0.0.0/24 -D0.0.0.0/0
/sbin/ifconfig eth0 90.0.0.3
/sbin/route add -net 90.0.0.0

These are straight from my rc.local.  My Server's IP is 90.0.0.3, so replace 
those with yours. Read the man pages for these commands too. It's important 
that you understand what ipfwadm is doing or you will open yourself up to 
crackers. These settings denys access to everyone except in my private 
subnet.

I'm not sure if you can get that reread without rebooting. Anyone?

good luck
Charles
===== Original Message from Bill Gilmore <redhat-list redhat com> at 2/06/99 
10:35 am
>Thanks again, Charles.  I looked for the HOWTO, but I guess I missed it.
>Trouble is I can't stay in Linux for long before the rest of the users
>threaten great bodily harm if they can't get to the internet.  I'll watch
<snip>
>With linux, you can do IP masquerading which is nicer than a proxy. This is
>because you don't have to configure your clients differently to make them
>work!
>
>I don't have time to explain how right now, but there is a HOWTO, and if I
>don't see anyone else chime in later, I try help out.
>
>charles
>
>===== Original Message from Bill Gilmore <redhat-list redhat com> at 2/06/99
>8:06 am
>>I am trying to configure my linux box to be a proxy server for the
>internet.
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]