Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am trying to set up my 800Mhz box to be a proxy server using DansGuardian to filter internet traffic from the rest of my home network. I have 2 NIC's and I have confirmed that both work by enabling their respective modules and rebooting, I can connect to my DSL modem and the internet through a cat5 cable just fine through either one. The problem is that I don;t know what is next.
When I try to enable the two modules needed for both cards (3com and linksys) eth0 comes up and eth1 does not.
I want one card to talk to the DSL modem from the Linux box. I want the other card to accept connections from a linksys wireless/wired switch and my XP/Mac machines at home. I want those to be filtered with DansGuardian trough a proxy server.
I just don't know enough to know what I don't know. Where do I start? What are the steps in general terms so I can research them and get things working one at a time?
There are lots of options in these kinds of setups, here are a couple. I'll call the DSL->Linux connection the external connection and the Linux->LAN connection the internal connection. I'll assume the PCs/Macs/Wireless connections will all plug into the linksys unit.
If you currently have the internal Linux NIC connected to the Internet/WAN port of the Linksys, then the reason your internal Linux NIC is not coming up is due to the fact that the linksys does not provide DHCP service to the its Internet/WAN port. Therefore, the internal Linux NIC is not get ting an IP Address.
You have some decisions to make.
The setup you use is determined by which port on the Linksys the internal Linux NIC is connected to. This decision is based on whether or not you want a DMZ. A DMZ is normally only used when you have server(s) that need to be accessed from both the Internet and the LAN. i.e. Mail, http, ftp servers, etc.
The simplest method is to not have a DMZ.
Here are 2 possible configs:
1) No DMZ. Connect the Linux box to a regular hub port on the Linksys. Connect the external Linux NIC to the DSL.
Decide if the Linksys or the Linux box will provide DHCP services to the PCs/Macs/Wireless clients.
If using the Linux box as the DHCP server, configure a static IP Address on the linux box for the internal Linux NIC. Disable DHCP on the Linksys unit.
If using the linksys unit as the DHCP server, configure the Linksys to always give the same IP address to internal Linux NIC using the linksys' Hardware Address (MAC) to IP Address table.
NOTE: The IP Address assigned to Linux NIC should not be within the range given out by the DHCP server.
Which ever unit is serving DHCP, configure DHCP to give the internal Linux NIC's IP Address as the default gateway/proxy to the clients.
Don't allow both the Linux and Linksys to be running dhcp or the 2 units will compete with each other when a client requests an address.
Configure your proxy on the Linux box.
2) With DMZ: Connect the internal Linux NIC to the Internet/WAN port on the linksys unit:
You will have to configure the internal Linux NIC with a static IP address in a different address range than the LAN will use. By default the Linksys LAN will use either 192.168.0.x or 192.168.1.x. You will need to use another range for the link between the Linux Box and Linksys. (192.168.2.x for example)
Either configure the Linux box to give an address to the Linksys Internet/WAN port by DHCP or assign a Static Address on the Linksys for the linksys Internet/WAN port (in the same net used for the internal Linux NIC)
The rest of the linksys config will be the same as if the linksys' Internet/WAN port was connected directly to the DSL.
Configure your Proxy on the Linux box.
Note: In this setup, the Linux proxy server will see all internal traffic as if it originates from the address assigned to the linksys' Internet/WAN port, so no special handling can be assigned to individual clients. (i.e. proxy server time of day and port restrictions will be applied to all clients equally)
1 clarification: by "a different address range" do you mean "on a different subnet"? Your examples look like that is what you mean & that is what I think is the right way to do it.
A Third Way
There is a 3rd way: put the Linksys between the proxy & the 'Net. This:
Requires a 2nd separate switch.
Costs $$.
Will completely isolate the wireless net from the LAN
-- possibly a Very Good Thing (tm).
Will isolate the DMZ even further from the LAN
-- possibly another Good Thing (tm).
Provide the inherent anti-cracking protection of NAT'ing to the proxy
-- belt & suspenders, so to speak.
Allows those individualized proxy settings & logs.
Does not "waste" the DHCP & NAT'ing capabilities of the Linksys.
"Wastes" the the Linksys' built-in switch, except for the DMZ connection.
If you're 1 of those who consider wireless insecure & untrustworthy, then this is a very safe set-up.
Granted, it requires another piece of equipment & is a little more complicated.
You would still have to worry about separating your sub-nets & making sure that they each either have exactly 1 DHCP server, or use static IP.
A Cabling Note
I hope your equipment is modern enough that it auto-detects the difference between "uplink" & "downlink" wiring. If not, remember that you must use a cross-over cable to connect like wired ports & that the NIC counts as "uplink". (The one on the modem is normally "downlink", so there is usually no problem there.)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.