Hi ?Temp?
The feature you desire is called Network Address translation (NAT), also
known as IP masquerading.
You have to tell your PCs on your LAN to use your linux gateway/router box
as their gateway.
Then, you have to configure the gateway to do NAT. The devil is in the
details, but basically you just use ipchains to masquerade packets for
your subnet. What happens is the gateway takes the packets from the
internal PCs, changes the headers to look like the gateway sent them, and
sends them on their way. When the respons comes back, it figures out who
the real recipeint was, changes the headers and sends it to them. It is
"transparant" to the internal PCs, although modules have to be loaded to
get some protocols to work.
So, here is what will get this working. ***WARNING*** you really need to
setup additional rules to secure your firewall, so don't stop here - read
the ip masquerading howto and the ipchains man page.
The following assumes your internal network is using 192.168.1.x - adjust
as needed.
# IP Masquerading
echo "ip_masq 192.168.1.3"
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/modprobe ipip.o
/sbin/modprobe ip_masq_ftp.o
/sbin/modprobe ip_masq_raudio.o
#/sbin/modprobe ip_irc.o
/sbin/modprobe ip_masq_pptp.o
# sets timeouts to decent values
# This sets the timeout for an open but inactive tcp connection to
# 2 hours, a "properly" closed tcp connection to 2 minutes and an
# open/inactive udp connection to 2 hours
/sbin/ipchains -M -S 7200 120 7200
# the masquerading rules
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0
hth
charles
On Tue, 3 Apr 2001, Temp wrote:
> After I have run squid in the Linux server, I want the workstations (Windows
> NT) can use the proxy server to go online without setting anything. To
> start the transparent proxy. I do the following steps:
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
