Michael Moore wrote:
> On Sat, 26 Feb 2000, you wrote:
> > Hello!
> >
> > I have a question on a higher level, not so much about mandrake in particular.
>Sorry if it is too "newbie".
> >
> > I want to build a little network in my apartment, and I would like some pointers
>as to how.
> >
> > NOW:
> > I have two computers, going on three.
> >
> > 1) A windows/mandrake workstation, OC:d, so I don't want this to run all the time
> > 2) A linux server, rather old and slow, but fully capable of SSH and serving files
> > 3) An old compaq (486/33) with should be a terminal.
> >
> > I'm on a 10Mbit student housing network, and this is rather choked(tm). I have two
>IPs, so communication over this using my hub is possible, albeit slow. I'd like some
>extra bandwidth of my own, since I want to use the fileserver for my windows files
>and I want to tunnel some communication over ssh without doubling my load on the
>external network.
> >
> > I WANT:
> > 1) The linux server to be the gate to the external net, posing as
>web/ftp/file/ssh-server.
> > 2) The windows machine to be able to use ICQ etc. with it's own IP.
> >
> > How do I do this? I probably need another NIC, but that's ok. But will the passing
>of traffic through the linux machine pose any problems, like ICQ not beeing able to
>connect (I've seen this happen when behind firewalls).
> >
> > /Adam Skogman
>
> Using the ip masquerade you can accomplish this easily.
>
> Here's how....
>
> The linux server needs two NICs say eth0 connected to your local hub and eth1
> to ONE IP. You will not need the other. Do not make any other external
> connections or you can be easily exploited.
>
> OK here is the code for the minimal setup.... You can set up a script file,
> type it in manually or put it in /etc/rc.d/rc.local
>
> ipchains -P forward DENY
> ipchains -A forward -i eth1 -j MASQ
> echo 1 > /proc/sys/net/ipv4/ip_forward
<SNIP>
Sheesh, in my previous post I forgot to tell you what the clients look like.
my server has a local (eth0) address of 10.0.0.1 All the clients locally
have 10.0.0.1 as their gateway and are otherwise configured as one would
expect for an ethernet connection.
Naturally, your old linux server should be running something from a kernel
that supports ipchains.
If not, the old InfoMagic Workgroup Server is
hard to beat as a predefined package. I think it is no longer available from
InfoMagic, but I have a copy of 2.1 that was never loaded if you need it (NOT Open
Source). It includes an old RH distro beneath, like 4.2, and it has trouble with
many newer ethernet cards but will work great with a 3C509B.
And if you do not have a kernel that supports ipchains on your server, you can achieve
the same effect with ipfwadm.
There, now I think I have covered the main possibilities.
Civileme
