On Sat, 26 Feb 2000, you wrote:
> Hello!
>
> I have a question on a higher level, not so much about mandrake in particular. Sorry
>if it is too "newbie".
>
> I want to build a little network in my apartment, and I would like some pointers as
>to how.
>
> NOW:
> I have two computers, going on three.
>
> 1) A windows/mandrake workstation, OC:d, so I don't want this to run all the time
> 2) A linux server, rather old and slow, but fully capable of SSH and serving files
> 3) An old compaq (486/33) with should be a terminal.
>
> I'm on a 10Mbit student housing network, and this is rather choked(tm). I have two
>IPs, so communication over this using my hub is possible, albeit slow. I'd like some
>extra bandwidth of my own, since I want to use the fileserver for my windows files
>and I want to tunnel some communication over ssh without doubling my load on the
>external network.
>
> I WANT:
> 1) The linux server to be the gate to the external net, posing as
>web/ftp/file/ssh-server.
> 2) The windows machine to be able to use ICQ etc. with it's own IP.
>
> How do I do this? I probably need another NIC, but that's ok. But will the passing
>of traffic through the linux machine pose any problems, like ICQ not beeing able to
>connect (I've seen this happen when behind firewalls).
>
> /Adam Skogman
Using the ip masquerade you can accomplish this easily.
Here's how....
The linux server needs two NICs say eth0 connected to your local hub and eth1
to ONE IP. You will not need the other. Do not make any other external
connections or you can be easily exploited.
OK here is the code for the minimal setup.... You can set up a script file,
type it in manually or put it in /etc/rc.d/rc.local
ipchains -P forward DENY
ipchains -A forward -i eth1 -j MASQ
echo 1 > /proc/sys/net/ipv4/ip_forward
ICQ, licq, everybuddy, gAIM, all work
Netscape works... kfm as an ftp works beautifully.
FTP requires "passive mode" The port commands otherwise point to the wrong
places. If you are a fan of FTP command lines, use them from the linux server
toward the outside.
www.linuxdoc.org has the ipchains-HOWTO available in a variety of formats. You
might also find it at /usr/doc/ipchains-x.y.z on your installation, but I am
told not to bother to learn it because it will be replaced in the imminent
kernel 2.4 release.
I use it all the time(the configuration of a masquerading server, and
ipchains). It is a wonderful way of closing ports, rejecting certain IPs,
port-forwarding things you want other servers to handle.... But most important
your internet IP cannot be used to reach you unless you want to be reached.
Naturally ipchains and a masquerading server and all the known virus and
exploit filters cannot make a winbox behind the masquerading firewall secure.
Perhaps secure from winnuke, but some bonehead will still find a hostile site
with MSIE or get an Excel spreadsheet in email from a trusted source and end up
toast. The takeover from Netmeeting won't work.... Aggghhh.
Some of my users have windows in dual boot situations but the NetBIOS ports are
dead locally (yep, no Samba) and onto the internet, so their windows are without
network services locally and without support as well (and for that matter,
their Network Neighborhoods aren't loaded with the info for the system) So if
they want to get beyond their boxes, they need to use the friendly linux
installations on their desktops.
Civileme
