Using IP masq or NAT and transparent proxy in the same box is not just possible but has been used by most systems admin to secure their private network.
You could install squid to run as your transparent proxy http://www.squid-cache.org and IPCHAINS as your NAT. The very effective way to make use of yor NAT is to restrict all private net to access port 80 which is your HTTP port. This is can be implemented appending this line in your IP Chain Rules. (IPCHAINS) LOCNET=192.168.0.0/24 PUBNET=your public or live IP Block eg. 203.87.141.0/24 /sbin/ipchains -A input -j REJECT -p tcp -s $LOCNET -d $OUTSIDE 80 /sbin/ipchains -A input -j REJECT -p tcp -s $PUBNET -d $OUTSIDE 80 Now that you have restircted port 80 you may now configure your squid to accept HTTP request. The default port used by squid is 3128. Also you could now restrict users who could be able to browse Internet or restrict them to the following website only. eg. www.cnn.com only. There are a lot of restriction you could implement using squid. There are countless of documentation found in the internet for reference. The documentation that comes with the installation (squid.conf) is sufficient enough to implement such restriction. I hope this helps. Darrel At 01:55 PM 2/26/02 +0800, you wrote: >hello, > >i have been using ip masquerading for quite some time now and >is very satisfied with its performance. > >just wondering how can i use transparent proxy when i'm >also running nat/masq on the same linux box. > >my box has 2 nics. my internal network is >192.168.0.0/24 and a static public ip. >the box is masq so my internal wont have problems >browsing the net. > >any sample config is greatly appreciated. > >tnx in advance. :P > >victor "jett" tayer > >_ >Philippine Linux Users Group. Web site and archives at >http://plug.linux.org.ph >To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] > >To subscribe to the Linux Newbies' List: send "subscribe" in the body to >[EMAIL PROTECTED] _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
