Hi I have previously posted this sort of question but didnt receive a reply.
This is the network scenerio that I intend to build:

INTERNET CABEL MODEM ==> LINUX ROUTER MACHINE ==> FIREWALL MACHINE ==> LANs

I run dhcp on (eth0) and assign 192.168.0.1 on (eth1)on the router machine. Now I intend to have a firewall machine between my Linux router machine and LANs . But my problem is the configuration of the firewall machine. Can anyone please do give me a way to configure it or even links to some tutorials. All i want to configure on the firewall is to be able to use iptables to do the firewalling. And to be able to have all the LAN machines to pass through the firewalling machine.
This is the copy of my iptables that I copied on the net to use on the firewall machine:
But yet I dont know what to fill in the SQUID_SERVER=“″

#!/bin/sh
# squid server IP

SQUID_SERVER=“″

# Interface connected to Internet
INTERNET=“eth0″
# Interface connected to LAN
LAN_IN=“eth1″

# Squid port
SQUID_PORT=“3128″

# DO NOT MODIFY BELOW
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

# Load IPTABLES modules for NAT and IP conntrack support
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# For win xp ftp client
#modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward

# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT

# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j
ACCEPT

# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j
MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT

# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT

# DNAT port 80 request comming from LAN systems to squid 3128
($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to
$SQUID_SERVER:$SQUID_PORT

# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j
REDIRECT
--to-port $SQUID_PORT

# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP


So please if anyone could assist me.

Is there any reason you aren't just using iptables on the router machine?

Sorry I forgot to say that I am doing this on Debian Etch
Yes I am using coyote floppy router so I only know how to do port (20,21,22,80,443)forwarding to the Firewalling machine. I dont think I would have problem if the firewall configuration is properly configured.

This is just the true picture of what I am trying to accomplish.

INTERNET
|
|
|

ROUTER
|
(HUB)
|
FIREWALL
SYSTEM

|
LAN
(HUB)
|

workstation/s


On firewall System, how do I configure:
/etc/network/interfaces
/etc/dhcp3/dhcpd.conf
/etc/resolv.conf

Please I need an understanding of the firewalling configuration.
Thanks in Advcanced

Too bad no one shared this page with you...
squid...
http://www.linuxhomenetworking.com/w...ess_with_Squid
iptables...
http://www.linuxhomenetworking.com/w...Using_iptables

All from here, homepage...
http://www.linuxhomenetworking.com/

This is the network scenerio that I am trying to setup. The 3.2 Single Router Architecture on this link
http://tldp.org/HOWTO/Firewall-HOWTO-3.html
My problem is the firewall system part, how do I setup the eth0 and eth1 ?? I can handle the rest of the setup if only I know how to set the IP up.
Thanks

That's a nice diagram, but it's a bit short on details.

My setup, and suggestion for you, is 3.3, but integrating the lan/hub into the proxied firewalled internet gateway server.

WWW < - > fw-server < - > lan.

I'm not too sure how to do this with Debian, resolv.conf will gather name servers (DNS) from the router or modem.

I have trouble with that as My 3G wireless modem is preconfigured for windows, and linux (I think) can't resolve the wins addresses. (10.11.12.13 and 10.11.12.14) where the actual nameservers for my isp (vodafone australia) are 202.135.30.4, etc.

Then I disabled resolv.conf service from running at start.

with iptables, you'll have an internal interface (eth0) and an external interface (ppp0). (my network example)

squid will require the same.

My machine is the fwgw, and my lan is available to the rest of the household.

The household accesses the net and web via this machines proxy, and My browsers also loop back to the internal (eth0) through the proxy external interface (ppp0) by configuring the browsers to use the proxy (192.168.0.2:3128).

The system is pretty secure!

I strongly recommend the links I posted before, or you may need to look further for a recent Debian proxied fwgw howto.

my line from iptables...
the cache is usually found /var/spool/squid/..

See how you go, regards, Glenn

No that is not what I was talking about. Just have a look on the The 3.2 Single Router Architecture on this link
http://tldp.org/HOWTO/Firewall-HOWTO-3.html. That is the network setup I am trying to build. But like I said I have got a problem on the firewall System part. And my problem is that I dont know how to assign the IP addresses for the eth0 and eth1. This is because eth0 gets its IP from the Router Machine using dhcp. But now how to assign the eth1 IP address if anyone could help me out?
My question has nothing to do with squid or any proxy application. My question is simple how to assign and IP address for eth1 ??
Thanks

Hi, I'm really sorry for blathering on in the wrong direction.

ifconfig eth1 192.168.1.1 (substitute your desired ip)

cheers, Glenn

I am not happy that I cannot get assistance from you guys.

Posts like that won't make people want to help you. This is an entirely voluntary service, and we're giving up our time to assist. If you want someone to fix it quickly you can pay someone to visit you, examine your system and fix it for you.

sorry if my remarks sound offending.