Re: Proxy config...

From: Pete Nesbitt (pete_at_linux1.ca)
Date: 11/28/03

  • Next message: Ashley M. Kirchner: "Re: DNS not responding"
    To: redhat-list@redhat.com
    Date: Thu, 27 Nov 2003 20:29:52 -0800
    
    

    On November 27, 2003 01:28 am, Paula Fernandes wrote:
    > Hi,
    >
    > I have a small network with ADSL Internet service provided with a
    > router. I have this machine (RedHat 9.0) and another machine (windows98)
    > in the network. I just want to provide Internet access to the windows98
    > machine via some proxy intaled in my RedHat PC.
    >
    > This is all I want!!
    >
    > Thanks for help
    >

    Hi Paula,
    A few questions, presuming you want to 'protect' the win98 box with a
    firewall, because as Roger points out most broadband connectins allow 2 IP's
    (at least around here). So you either need to protect the 98 box or you only
    get 1 IP and need to mask the 98 box. As far as the firewall protecting a 98
    box, unless you have file sharing, or some web server, there should be
    nothing 'listening' on the 98 box so nothing to attack (although I am really
    not up on windows issues).

    Either way, for the best performance you want to have 2 network cards in the
    Linux box. It can be done with one using a virtual interface and a hub but it
    doubles the load and buffer requirements on the nic which will likely impact
    performance, and provides questionable security.

    If you are going to connect the two systems (98 & linux) directly you need a
    "crossover cable", if you use a hub/switch between them use regular cat5
    cables.

    You will need to set your 98 box and the inside nic on Linux with non-routable
    IP's. Most typical are 192.168.1.0/24 network.
    win98
      IP: 192.168.1.5
      Netmask: 255.255.255.0
      Default Gateway: 192.168.1.1

    linux eth1: (internal network)
      IP: 192.168.1.1
      Netmask: 255.255.255.0
      Default Gateway: eth0

    linux eth0:
      all setings from dhcp

    You will also want to copy the info from the Linux /etc/resolv.conf to the
    windows machine (don't know where) for dns lookup info.
    Does anyone know a better way to populate nat'd clients with nameserver info?

    You should now be able to ping between the two 192. IP's but not thru the
    firewall from the LAN. The Linux box should have Internet access.

    Now the network is ready, time for a firewall...

    Set the firewall to run NAT (to hide the inside IP's) then decide what
    services you want to allow inbound, which will likely be nothing "new" (just
    established or related). You will probably want to allow all outbound
    traffic.

    Sasa suggested a gui based firewall admin tool at
    http://firestarter.sourceforge.net it is probably all you need to set up and
    maintain a basic firewall (once the networking is in place).

    Please reply with what aspects you need help with.

    -- 
    Pete Nesbitt, rhce
    -- 
    redhat-list mailing list
    unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
    https://www.redhat.com/mailman/listinfo/redhat-list
    

  • Next message: Ashley M. Kirchner: "Re: DNS not responding"

    Relevant Pages

    • RE: can ping but not browse
      ... I have stopped the firewall. ... # are safed from all (security) hazards. ... firewall/bastion host to the internet ... # internet and to an internal network, ...
      (Fedora)
    • Re: Using a Linksys router, should I also use Zonealarm?
      ... public internet to access corporate network. ... In the "old days" when people used to use Dial-In instead of VPN you ware ... protected by corporate Firewall -- since there was no public Internet ...
      (microsoft.public.security)
    • RE: Hidden Ports
      ... this is done by the firewalls to prevent authenticated files from being replaced by trojans and connecting to the internet. ... kerio firewall ... or a program that already had network access attempted to ... > Depending on the Access setting for a component, ZoneAlarm Pro ...
      (Security-Basics)
    • Re: Internet Sharing - Security
      ... > router had to stay in A's computer room. ... > Now that we successfully have gained the desired internet connection, ... replace the router with a good firewall; ... >>inexpensive Linux 2.4.x firewall with Netfilter and ISC DHCP is fine. ...
      (comp.security.firewalls)
    • Re: Entire Network
      ... Internet access is different and just because a firewall isn't ... Second, if it isn't the firewall, then often it is a case of the system ... any way a network guru. ... > The network connection works just fine from both computers for internet ...
      (microsoft.public.windowsxp.basics)