[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: What proxy server is avl. under RHL6.0 ?



On Mon, 6 Dec 1999 veliath@xxxxxxxxxxxxxxxx wrote:

(quoting mks)
> u> From the  192.168.1.xxx machines how to access Internet?  How to
> u> tell my system to act as gateway for the 192.168.1.xxx machines?  Or
> u> do I need to install proxy server? What proxy is avl. under RHL6.0.

(meaningful stuff, and then)
> 	You should use a proxy to provide Net access to the machines
> 	on the 192.168

not quite correct. there is a choice of two solutions. one can use a web
proxy (like squid) or ip-forwarding with masquerading to achieve web
connectivity. if all that mks needs is web connectivity, squid will
probably do a better job. squid is available on the rhl distribution cd.
however, with ip-forwarding, the 192 ip machines can also get other
services on the net like telnet, ftp etc. rhl 5.x onwards have
ip-forwarding compiled into the default kernel, but the ifconfig at boot
time is configured to shut this off. so, a simple ip-forwarding = yes in
the boot config file will enable ip forwarding. one then needs something
like ipfwadm (also available on the rhl distribution cd) to manage the
ip-forwarding. ipfwadm allows per source ip, per port (service), per
destination configuration. in the above case, to enable web services, the
command would be something like 

ipfwadm -F -a masquerade -P tcp -S 192.168.1.0/24 1024:65535 -D 0.0.0.0 80

for the incognoscenti, the options are as follows. -F means this command
applied to the forwarding part of the rules (as opposed to the input and
output part of the rules); -a masquerade means packets are accepted and
masqueraded; -P tcp means only tcp protocol packets are processed. the -S
option gives the source ip addresses, which in this case is the local 192
subnet with the 24 bit netmask; the 1024:65535 indicates the source port
numbers which in this case means unprivileged ports. the -D of 0.0.0.0
means all destinations but to port 80 only; many of the options can be
suppressed. ipfwadm has decent documentation.

sriram

---
Send e-mail to 'ilugc-request@xxxxxxxxxxxxxxxxxx' with 'unsubscribe' 
in either the subject or the body to unsubscribe from this list.