1. Read the proxy-howto to learn about options there (transparent vs.
...opaque? proxies). Another option is simple MASQ'ing (which would also be
transparent even to your internal, trusted, machines). Hmm, i don't know, but
it MAY be the case that with MASQ'ing the original ip is contained somewhere in
the packet. You could easily find that out with a little reading.
2. To get what you want (privacy) you need to have 2 NICs in your proxy. One
that faces your trusted machines and the other one that faces the untrustworthy
network outside. If you only use one nic then whatever that machine sees, all
the rest of the network on that LAN will see, including the ones that are
monitoring traffic.
3. You can set up a firewall that could, as one option, do nothing but log
packets. You can also install any number of network-monitoring applications of
your own - a few that come to mind are snort, ethereal, ngrep and tcpdump. I
have experience with etherreal, snort and tcpdump, and in my opinion they are
the most user-friendly in that order: ethereal the most, tcpdump the least.
Ethereal needs a gui, the other two will work in a console.
4. If that linux box is "supposed" to be a windows box then maybe you're
thinking about making it act like one (SMB, netbios, etc). On the other hand
you probably don't want to get nailed for actively deceiving your superiors or
colleagues (assume that you WILL be found out).
5. I"m speculating at this point, but from the sounds of it they will be
monitoring your packets for content, and if that's so then you have a few
things to consider: 1) If everything inwards from your linux box (your trusted
machines) is known to belong to you, then they're going to look at the packets
(if it's not encrypted) and know it's coming from you no matter what. 2) If not
everything behind your proxy (on the trusted side) belongs to you then how much
of the physical network are you responsible for? (ie. if someone else is
responsible for machines on either side of the proxy then they're going to
notice/want that proxy box too.) 3) If you don't want people to see the actual
data of your traffic then you will have to tunnel out of there somehow. Maybe
you will use ssh, sftp or https. Maybe you can tunnel to another safe box that
is outside of your untrustworthy LAN and then do all of your unencrypted
traffic (web browsing or whatever) from that spot (it will still look encrypted
to your LAN).
I'm guessing this rabbit hole goes pretty deep....
Good luck :-)
j
--- [EMAIL PROTECTED] wrote:
> Our network guys saw fit to install a server that monitors all of our
> internet activity on our network. I'm not happy about this (especially
> since I wasn't notified about it), but want a bit of privacy here.
>
> Ok, here's what I need to do:
>
> 1. I have a box running LM 7.02. I'd like to set this up as a proxy.
> 2. I need to be able to point to this box from my NT4, Win2000, and LM7.2
> machines for all internet browsing. The box has 1 nic in it so I guess I
> would be sending this thing packets and it would, in turn, forward them to
> our main proxy to go out to the internet. I only want this "watchdog"
> server to see the ip address of this one box instead of the 3 that I'll
> actually be using.
>
> and
>
> 3. I need to know if they've tried to access the box.
>
> Any thoughts, ideas, how-to's?
>
>
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
