Operating Systems > Linux and UNIX
Networking Help!
voidmain:
Regarding your question about if it is better to use two network cards of the same model. Sometimes it's actually easier to use two different network cards. I have had problems running multiple 3com 3c905 cards but have never had a problem running cards of different types. You define which interface name (eth0,eth1,eth2 etc) is assigned to which card in the /etc/conf.modules. Normally "kudzu" will set this up for you at boot time with no problems. But when you have:
alias eth0 3c59x
alias eth1 3c59x
Instead of:
alias eth0 3c59x
alias eth1 eepro100
in your conf.modules you can see where different types of NICs can be less confusing (which card is eth0 when using the same driver?). And you usually have to pass other parameters "io_addr" etc to the driver when using two of the same type to distinguish them. Having said this, there is nothing wrong with using the same card types, in fact many may argue that it is better that way. And if kudzu does it's job you should not have to mess with this file.
On to IP Masq. This is extremely easy to configure. First you need to make sure it's compiled into the kernel and most if not all distros ship that way by default. But rather than going into detail I just found a HOWTO for you:
http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/
If you have any questions after going through this DOC let me know and I'll help you out.
On to Proxy Servers. Squid is a VERY powerful and configurable caching proxy server. Install the Squid RPM. You will find the configuration file in /etc/squid/squid.conf, however if you are fairly new to Linux and are new to Squid you might install the "Webmin" RPM (http://www.webmin.com) to help you configure it graphically. It might help you undstand the concepts more quickly. And the Squid web site is:
http://www.squid-cache.org/
I use both IP Masq and Squid and IP Chains for firewalling. I do not allow any port 80 traffic out of my house without authentication. The proxy server does the authentication and I can restrict what users are allowed to go where on the internet. For instance, my wife and I are allowed to browse anywhere but my kids are restricted. I use ipchains in my firewall script to allow no outbound port 80 traffic, except from my proxy server. This forces any machine on my internal network to go through my proxy server if they want to browse the net. Squid does the authentication and browsing rules. In addition Squid blocks specific sites for me so those specific sites will never be accessed by a machine at my house (.microsoft.com, .msn.com, .goosencherryclock.com, zombie.somefreehost.com, etc).
In addition to this basic authentication and blocking, Squid caches content so if multiple machines on my network go to the same site, the content only comes off the internet the first time on the first machine. The second machine pulls it from the proxy cache.
And one of the best additions I've made to my Squid proxy is a 3rd party redirector script called "squid_redirect". This script filters out all the banner adds, graphics, and popup advertizements. I update the script automatically once a week from cron. You can find out more information about this redirector at:
http://www.zip.com.au/~cs/adzap/index.html
I have also written a custom web based utility to modify my squid blocked sites, manage squid users and groups, etc. When I say "custom", I mean it's tailored to me and it would take some work to make it generic enough for public consumption. I actually wrote it for work to manage several squid servers and around 2000 users.
Good luck and feel free to ask any questions, after reading the HOWTOs of course.
Master of Reality:
so, i need/should use a proxy and ip masquerading.
I think i just need to enter:
--- Code: ---
--- End code ---
to get the masquerading.(eth0 is my internet adapter)
I do have two different ethernet cards now.
I cant use webmin due to lack of browser (i am running strictly from console with very little free space left), the only broswer i have is lynx.
I setup my server as a gateway by doing this:
--- Code: ---
--- End code ---
where eth0 is my internet adapter, eth1 is my local network adapter.
whats a good port to run a proxy on? the default is 3128, i heard somewhere to use 8080. Does it really matter what port?
voidmain:
Your MASQ stuff looks like it should work although it's not exactly the params I use. And you may need to add another line right under where you set your "ip_forward" to "1" if your internet card is configured via DHCP from your provider:
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
As far as your "ifconfig" commands, I can't imagine that would work. It looks like you are trying to use "ifconfig" to add routes and you should be using the "route" command. Actually you normally don't configure the cards manually like you are doing although you certainly can do that. Normally your interface settings would go in:
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-eth1
/etc/sysconfig/network
and for you they might look like this:
ifcfg-eth0:
DEVICE=eth0
BOOTPROTO=dhcp
IPADDR=0.0.0.0
NETMASK=0.0.0.0
BROADCAST=0.255.255.255
NETWORK=0.0.0.0
USRCTL=no
ONBOOT=yes
ifcfg-eth1
DEVICE=eth1
BOOTPROTO=none
IPADDR=192.168.0.1
NETMASK=255.255.255.0
BROADCAST=192.168.0.255
NETWORK=192.168.0.0
USERCTL=no
ONBOOT=yes
network
NETWORKING=yes
FORWARD_IPV4=yes
HOSTNAME=yourhostname.yourdomain.org
GATEWAYDEV=
GATEWAY=
Then you should be able to bring each interface up or down by issuing these commands:
ifup eth0
ifup eth1
or
ifdown eth0
ifdown eth1
Then type "/sbin/ifconfig" to see if they are configured properly. With the configs I gave you above they should be automatically configured at boot time. The "ifup/ifdown" scripts will take care of setting up the proper routes. You can look at your routes by typing "netstat -nr" or "/sbin/route".
[ April 15, 2002: Message edited by: VoidMain ]
Master of Reality:
do i need/should to use iptables instead of ipchains? something like this perhaps:?
--- Code: ---
--- End code ---
[ i could also replace $EXTIF with eth0 and $INTIF with eth1.
I wonder if it'll work?
[ April 15, 2002: Message edited by: Master of Reality ]
[ April 16, 2002: Message edited by: Master of Reality ]
voidmain:
Whoops, I changed my message since you quoted it, might want to reread it (added /etc/sysconfig/network file and explaination).
As far as ipchains vs iptables I forgot that RedHat now ships iptables as the default firewalling command rather than ipchains. I'm still using ipchains but iptables configuration should be similar. I have not done MASQ with iptables so I can't give you for sure instructions. I just checked my Laptop and it appears ipchains is installed on my machine but support is not compiled in to the default kernel (why install it if it's not supported RedHat? I don't remember manually installing it..). I would suggest finding the equivelant command in iptables and use it rather than recompiling. Remember, my firewall box is still running RedHat 6.1. I'll see what I can come up with on iptables.
[ April 16, 2002: Message edited by: VoidMain ]
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version