Hello Charles,
Thanks for your detail instructions, I guess this may solve my problem.
However, forgive me that I'm really new to Linux, I want to know where am I
going to do with the lines you type. Should I type them in terminal (I guess
not), insert them to an existing file (which file?), or type them into a new
script file (where to place the file, and how should I name it)?
And I want to know that, what is the function of the line
echo "ip_masq 192.168.1.3"
perform? It seems to me that it is just echo a string (where to echo to?).
And is this true that I can omit and ".o" in all files (and are you sure
that I have all the files you listed? I'm using Red Hat Linux 7.0)?
If I'm going to place the lines into a script file, how can it find all
these files?
In your example, I see 2 IP addresses, one is "192.168.1.3" and one is
"192.168.1.0". How should I replace them for my case? My Linux Server's IP
is "192.168.0.81", my Windows NT workstation's IP is "192.168.0.42". Is it
true that the first one is for Linux server, the second one is for Windows
NT workstation?
Thanks in advance!
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Charles Galpin
Sent: Wednesday, April 04, 2001 9:26 AM
To: [EMAIL PROTECTED]
Subject: Re: Problem starting transparent proxy (squid)
Hi ?Temp?
The feature you desire is called Network Address translation (NAT), also
known as IP masquerading.
You have to tell your PCs on your LAN to use your linux gateway/router box
as their gateway.
Then, you have to configure the gateway to do NAT. The devil is in the
details, but basically you just use ipchains to masquerade packets for
your subnet. What happens is the gateway takes the packets from the
internal PCs, changes the headers to look like the gateway sent them, and
sends them on their way. When the respons comes back, it figures out who
the real recipeint was, changes the headers and sends it to them. It is
"transparant" to the internal PCs, although modules have to be loaded to
get some protocols to work.
So, here is what will get this working. ***WARNING*** you really need to
setup additional rules to secure your firewall, so don't stop here - read
the ip masquerading howto and the ipchains man page.
The following assumes your internal network is using 192.168.1.x - adjust
as needed.
# IP Masquerading
echo "ip_masq 192.168.1.3"
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/modprobe ipip.o
/sbin/modprobe ip_masq_ftp.o
/sbin/modprobe ip_masq_raudio.o
#/sbin/modprobe ip_irc.o
/sbin/modprobe ip_masq_pptp.o
# sets timeouts to decent values
# This sets the timeout for an open but inactive tcp connection to
# 2 hours, a "properly" closed tcp connection to 2 minutes and an
# open/inactive udp connection to 2 hours
/sbin/ipchains -M -S 7200 120 7200
# the masquerading rules
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0
hth
charles
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
