RE: Internet proxy server

["Bill Gilmore" <caddmasters home com>]

Thanks Charles,
I am unable to find ipfwadm for some reason.  Sorry to be so ignorant.  I am
trying really hard to make Linux the operating system of choice for me, but
it's going to take a while for sure.  I'll need lots of help and I hope I
don't wear out my welcome here.
Regards,
Bill

-----Original Message-----
From: Charles Galpin [mailto:cgalpin lighthouse-software com]
Sent: Sunday, February 07, 1999 1:14 AM
To: Bill Gilmore
Subject: RE: Internet proxy server


Bill

on my RH5.1 system it's in /usr/doc/HOTO/mini/IP-Masquerade . In a nutshell,
your configure your clients to use the linux box as it's gateway. The linux
box masquerades as/ pretends to be the box that the client requests came
from, by changing the pacjet headers on the way out, and routing them back
to the client on the way back in.

RH5.1 and above have this already compiled into the kernel by default.

Read the howto so you get a feel for how it works.
Install the ipfwadm package

The bottom line is this. you need to add a few lines to your
/etc/rc.d/rc.local file to enable it.

# IP Masquerading
echo "ip_masq 90.0.0.3"
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/depmod -a
/sbin/modprobe ipip.o
/sbin/modprobe ip_masq_ftp.o
/sbin/modprobe ip_masq_raudio.o
/sbin/modprobe ip_irc.o
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a m -S90.0.0.0/24 -D0.0.0.0/0
/sbin/ifconfig eth0 90.0.0.3
/sbin/route add -net 90.0.0.0

These are straight from my rc.local.  My Server's IP is 90.0.0.3, so replace
those with yours. Read the man pages for these commands too. It's important
that you understand what ipfwadm is doing or you will open yourself up to
crackers. These settings denys access to everyone except in my private
subnet.

I'm not sure if you can get that reread without rebooting. Anyone?

good luck
Charles
===== Original Message from Bill Gilmore <redhat-list redhat com> at 2/06/99
10:35 am
>Thanks again, Charles.  I looked for the HOWTO, but I guess I missed it.
>Trouble is I can't stay in Linux for long before the rest of the users
>threaten great bodily harm if they can't get to the internet.  I'll watch
<snip>
>With linux, you can do IP masquerading which is nicer than a proxy. This is
>because you don't have to configure your clients differently to make them
>work!
>
>I don't have time to explain how right now, but there is a HOWTO, and if I
>don't see anyone else chime in later, I try help out.
>
>charles
>
>===== Original Message from Bill Gilmore <redhat-list redhat com> at
2/06/99
>8:06 am
>>I am trying to configure my linux box to be a proxy server for the
>internet.


--
  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
		http://www.redhat.com http://archive.redhat.com
         To unsubscribe: mail redhat-list-request redhat com with
                       "unsubscribe" as the Subject.