On Sat, 2002-04-06 at 15:39, Michael D. Crawford wrote: > I have a small home lan that is routed to the internet through a machine that > provides IP masquerading with kernel 2.4.18 iptables. The gateway machine > connects to the net with a 56k modem. There are three client machines, plus > the > gateway for a total of four machines. > > Presently I am using neither a proxy nor a DNS cache. Would it help things > to > use them? I can see how having a DNS cache would help when my ISP's > nameserver > goes down, which it seems to quite a bit. > > If I should use a proxy, which one should I get?
Yes, it will help. Especially if the different people at the different computers have similar browsing habits. A banner blocker in your web proxy can also help reduce traffic across your modem. I would recommend squid for the web proxy and sleezeball for the banner blocker. DNS is another issue. I would suggest you use djbdns ( http://cr.yp.to/djbdns.html ) rather than Bind, as it will allow you to decide what you want and only what you want to have it do, and will use significantly less resources on your gateway machine. It is easier to configure, less prone to attacks, and breaks less often :) You can implement a DNS cache, that is a forwarding only cache. It asks another DNS server (your ISP's) for all its requests and cache's the responses (dnscache). It is not a DNS server. You could however implement a full resolver (dnscache again) that actually resolves DNS names from the root-servers down. This means you won't rely on your ISP's name server and your name-server is immune to cache-poisoning. This uses more traffic though (it has to recursively resolve from the root-servers down. It caches responses of course). But I have found it works fine over a 56k dialup. You may also, while you are at it, implement your own local DNS server for internal use (tinydns) so that internal machines and their names are all resolved via an internal only DNS. These are only my suggestions of course. YMMV. Good luck. Crispin Wellington -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
