http://metalab.unc.edu/LDP/HOWTO/IPCHAINS-HOWTO-3.html
If you want to be REALLY fancy, try this.... But first try the above to test
whether you are connected properly.
http://www.vu.union.edu/~pants/
Now proxy server is a nice buzzword, but most people don't realize there are
alternatives to SQUID. One is the ancient IP masquerade, which allows better
connectivity in some cases. That is what IPCHAINS is about.
I make the following assumptions:
1. Your Windows boxes and your linux box have ethernet interfaces.
2. All your boxes are either connected by properly terminated daisy-chain of
Coax cable and BNC T-connectors or by 8 wire twisted pair cable through RJ-45
connectors plugged into a hub.
3. You have an addressing scheme that uses one of the sets of IP numbers
reserved for LANs for your TCP/IP connections. For Class A, it's 10.x.y.z
with a netmask of 255.0.0.0, for class C it is 256 networks back to back
(192.168.n.x) with netmasks of 255.255.255.0 (or use it all as one with
192.168.x.y and a netmaskof 255.255.0.0) Someone else on the list is sure to
remember what the numbers are for a B network reserved for LANs.
OK, pick addresses on the SAME network )this is an interplay of netmask and
addressing scheme, each bit in the netmask, looked at as a 32-bit binary
number, which is a 1, says that if the addresses are different at that
position, then the addresses are on DIFFERENT networks. an address of
10.0.0.1 and 10.1.0.1 are on the same network if the netmask is the "standard"
255.0.0.0 for class A networks, which contain up to 16777214 interfaces/hosts,
but they are on Different networks if the netmask is
255.255.anything.anything( Lets assume, to avoid a course in IP addressing
schemes,
4. Addresses are 10.0.0.1 for the ethernet interface on the linux box, and
are assigned to the windows boxes on their startup. (Yeeks, that means you
make sure you load dhcpd and use the System V init to call it in for runlevels
3 and 5)
5. On the windows boxes, the users have right-clicked Network Neighborhood,
selected TCP/IP, and set automatic address assignment for IP addresses. ALSO,
Gateway tab has been set to 10.0.0.1
WINS resolution has been disabled
NETBEUI and such have been trashed.
DNS has been Enabled and host name set to the host/domain of the
Linux box
Your ISP's DNS Server numbers have been entered
The user has run the Internet Connection Wizard and has
answered that he will connect using his LAN
[Optional but important] The network administrator has searched the
internet and downloaded ie-off.exe to all win98 boxes, and some other
form of browser has been loaded. MSIE is REALLY asking to be
cracked and smashed. On the 95 boxes, the users have agreed to not
click any icons that look like planet Earth.
[Also optional but definitely a goal for better operation] The windows
users have floppies that boot DOS and contain FDISK, and they have
Venus installation CDs and their machines are set to boot from CD
and.... <VBG>
6. On the linux box, you have a connection to the internet which may be any
of the standard methods of connection. The only difference in them is that
they have different names and some might have the same IP address all the
time. For example ISDN and DSL could have Static IPs for the internet or they
may have dynamically assigned ones. A dial-up is almost always dynamically
assigned. DSL would be an eth type connection, usually, ISDN you have a K
desktop setup for, which will work.
Your network settings on the linux box are very important.
Interfaces--lo 127.0.0.1
eth0 10.0.0.1
ppp0 #if you use ISDN
or DSL this will be
#different
Their ATBOOTs should be "Yes" for the first two, and optionally yes for the
third, especially if the third is to be a steady internet connection.
Routing
tick the Network Packet Forwarding
Gateway MUST be blank unless you have a static IP supplied by your ISP
Default Gateway Device: ppp0 if you are using a modem, or whatever if you are
using the ethernet or ISDN
7. Now, finally raise an xterm and type those three lines from the first URL
I showed you. This will suffice for testing purposes.
8. You can close some ports with IPCHAINS, and deny output to some known
annoyances like doubleclick.net by writing IPCHAINS rules .... It can do some
packet filtering, but isn't quite the firewall some of the commercial
firewalls are. It was confusing to me until recently, since I was used to
ipfwadm and there were enough changes that IPCHAINS won an award at Linuxworld
Expo this year.
9. If you want a proxy, you can load Squid and make sure your winboxes
connect to www at its input port, or you can go to the second site and
download their stuff. The mandrake Squid update should be used in preference
to theirs, but their transproxy and dhcpd are probably preferable.
Well, then, save this and share it to the next querent, OK?
Civileme
The Postman wrote:
> How can I set up my Linux box to be a proxy server for my Windows machines?
> Is there third party software for this or does Linux-Mandrake 6.0 already
> come with the tools under the hood? Please point me to a FAQ on this or
> answer what you can.
>
> Postman
> Migrating from Windows
--
Civileme Say:
"He who buys Pentium III had lots of bucks"
