Need help configuring internet access through LAN

harnadem · 03-24-2005, 12:42 PM

I am running a home LAN with one linux machine (FC3 running Samba 3.0.10-1.FC3), and two windows machines (WinXP and Win95).

Both, the linux box and the WinXP box have separate cable access to the internet. Both also share a LAN connection which is working well. File & printer sharing and messenging is good.

I have now added a Win95 box (so that my son can play his old Win95 games on it) and I would like to have it access the internet through my linux box. At present, I can see Win95 box with samba, and he is able to see the linux box through windows.

Static address of linux box: windy: 192.168.0.1
static address of WinXP box: broca: 192.168.0.2
static address of Win95 box: fishstick: 192.168.0.3

Here is the samba configuration from my linux box:

# Global parameters
[global]
workgroup = HARNANET
server string = samba server
interfaces = eth0, lo
bind interfaces only = Yes
password server = none
guest account = michael
username map = /etc/samba/smbusers
log file = /var/log/samba/%m.log
max log size = 50
server signing = auto
paranoid server security = No
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
domain logons = Yes
os level = 33
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap ssl = no
message command = /usr/local/bin/LinPopUp "%f" "%m" %s; rm %s
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
guest ok = Yes
hosts allow = 192.168.0.1, 192.168.0.2, 192.168.0.3, 127.0.0.1
cups options = raw

[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
printer admin = @printadmins
printable = Yes
use client driver = Yes
browseable = No

[shared]
comment = global share - all users
path = /samba/shared
read only = No
create mask = 0666
directory mask = 0777

[public]
comment = public on windy
path = /home/public
valid users = michael, gloria, colin
read only = No
case sensitive = No
msdfs proxy = no

[HPLaserJ]
comment = HP LaserJet 1100 on broca
path = smb://michael:*******/@harnanet/broca/HPLaserJ
admin users = @printadmins
read only = No
printable = Yes
printer name = HPLaserJ
use client driver = Yes

[hplj5l]
comment = HP LaserJet 5L on windy
path = /var/spool/samba
admin users = @printadmins
read only = No
printable = Yes
printer name = hplj5l
use client driver = Yes

Is is possible (and safe) to allow the Win95 box to access the internet through my linux box? I would like to be able to put safeguards on where he accesses, and would like to have a log of where he actually goes when surfing.

I am not sure what to do, and do not want to mess up my samba configuration (again) trying on my own. I appreciate any help offered.

NetAX · 03-24-2005, 01:00 PM

First off, samba has nothing to do with internet access. Samba is a program that allows computers to share files. You may want to do a search on turning linux into a router.

If you don't already have 2 Network interface cards in the linux box, you should consider getting one. In order for the linux router to pass internet access onto your win95 machine you need to run software like "iptables". I'm sure there are many easy alternatives to configuring the router, I just cant think of a suitable one right now.

So do a search "turning linux into a router" and something should come up, its been answered many times. good luck.

harnadem · 03-24-2005, 01:42 PM

Thank you for educating me more about samba. I use samba to file and print share with the Win95 and WinXP boxes, and obviously made a mistake in thinking that I needed it for sharing internet access as well.

I have two nics in the linux box. One (eth1) connects to the cable internet. The other (eth0) connects to the home lan. I also have iptables running, and have put the output from iptables-save below:

# Generated by iptables-save v1.2.11 on Thu Mar 24 14:36:24 2005
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7573:743794]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -i eth0 -p tcp -m multiport --dports 139,445 -j ACCEPT
-A INPUT -i eth0 -p udp -m multiport --dports 137,138 -j ACCEPT
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.102 -p tcp -m tcp --sport 515 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

Excusing the samba part - which you set me right on - is it possible for the Win95 box to access the internet through the LAN? If so, how would I do this? Thank you for your help.

harnadem · 03-26-2005, 05:59 AM

I have managed to load and run squid 2 on my fc3 box and adjust my iptables so that my win98 box can access the internet. I used the instructions from: . www.linuxhomenetworking.com/linux-adv/squid.htm to set up squid-2

I also set up some rudimentary parental filtering on the win98 box by removing IE, downloading Firefox, and installing the blockxxx extension.

I have downloaded and installed squidGuard (squidguard-1.2.0-2.1.fc3.rf.i386.rpm) but I cannot figure out how to configure it properly so that it runs with squid 2. Can anyone help me?