Good day, Carric and Khurram,
On Thu, 31 Dec 1998, Carric Dooley wrote:
> MS Proxy has a socks 4 server built in, so stuff you want to use on Linux
> will need to be "socksified" to work.
Good point. Although I've never taken the time to look them up,
my understanding is that there are a number of socks compatible
applications for Linux. Linux can act as the gateway too - but read on.
> > [Khurram wrote]
> > Thanks for your reply. But I want to use the NT machine as a gateway
> > for my Linux server, not just as a proxy for browsing etc. - that is I
> > want to use ping, telnet outside via NT machine from the linux.
The real irony here is that if the _Linux_ box was the _gateway_
for the entire lan, you could do exactly what you describe. Linux
supports IP masquerading, where a single valid IP address (on the outside
interface of the gateway box) can be shared by an entire LAN. The
machines on the LAN can run any OS that supports TCP/IP (Linux, NT, 95,
etc) and don't need any special configuration or new applications - quite
nice for a large lan.
The vast majority of TCP/IP protocols (ping, telnet, http, ftp,
smtp, ssh, traceroute, pop-3, imap, and most others) work without
modification; the few that need to have a channel opened _from_ the server
_to_ the client generally have instructions available at the IP Masquerade
Resource on how to get them to work.
I certainly understand that you may have a number of reasons why
you feel NT is more appropriate as the gateway, but wanted to provide one
more option to you in case the choice of the gateway box's OS could be
reconsidered.
As you probably already knew, packet filtering is included in and
caching proxies are available for Linux. Please feel free to email me
(through the list or privately) if you'd like more details.
Cheers,
- Bill
Resources:
- the IP Masquerade mini HOWTO. Describes how to set up Masquerading in
detail. The actual masquerading is done with a single line like:
/sbin/ipfwadm -a accept -m -I eth0 -S 192.168.1.0/16
http://metalab.unc.edu/linux/HOWTO/mini/IP-Masquerade.html
- the IP Masquerade resource. Additional pointers to masquerade related
topics.
http://ipmasq.cjb.net/
- Squid web, gopher, and ftp caching proxy. Used by a number of high
volume ISP's, in an international backbone of caches, and licensed by
Novell (their "FastCache" product and the caching software in
BorderManager)
http://squid.nlanr.net
- The IP-masq mailing list. Send a message with "subscribe" in the
subject and body to [EMAIL PROTECTED] . Archives at
http://home.indyramp.com/lists/masq-list/
---------------------------------------------------------------------------
Unix _is_ user friendly. It's just very selective about who its friends
are. And sometimes even best friends have fights.
William Stearns ([EMAIL PROTECTED])
Mason, Buildkernel, and named2hosts are at: http://www.pobox.com/~wstearns
---------------------------------------------------------------------------
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
