ifconfig and uname was just to see which NIC was int/external and uname to see which kernel we were dealing with.

yeah DRWS,

i have tried just using it as a test with konsole using the the /sbin/iptables command and saving it to the /etc/sysconfig/iptables.

it works now coz i can ping yahoo.com and its replying fine.

thanks very much.

what next do u suggest should i just make it simple and do it like or initiate it like a script on start-up?

and again the phone device the client is using is connected via a laptop that will be using DHCP. so i need it that laptop to have as much bandwidth as it needs and the remaining bandwidth redistributed to the systems.

and another thing to explain:

my client system is browsing already but i have not setup squid yet. how come? and do u recommend i use squid. with this present configuration, can i connect using yahoo messenger etc. men this scool pls advice.

thanks a million DRWS

debloxie

Did you make the file yourself and save it as /etc/sysconfig/iptables or did you use the "service iptables save" (or "/etc/init.d/iptables save") command?
If you type all the lines in konsole like you did before and then typed

• /etc/init.d/iptables save

that would create a file called /etc/sysconfig/iptables that will start every time the linuxbox boots.

if you did the thing above then it'll start at start-up for you.
but run

• chkconfig iptables on

to make sure it is set to run at start up.

I've never had to use phone devices / call points, so I'm probably not the best person to ask. The bandwidth limiting stuff from your first script seems to "look" right. Wish I could be more help on this one.
Is there a Linux User Group in your area that you could visit?


The linuxbox is routing all the traffic for your client PCs out onto the internet and back again. Almost any application should work (yahoo messenger, web browsing, games etc.)

Do you want to use squid?
This depends on whether you happy with the setup as it is now (the clients can browse the internet)
Squid would give you caching (storing of webpages that people visit) and content management (blocking of sites that you don't want people to visit)
If you really don't need features like that then, leave it out.
If you want these features, then its not going to be easy.

Your first long script (with the bandwidth limiting bit in it) has lines that would redirect requests through a proxy server. But it also contains lines like
$IPTABLES -t nat -A PREROUTING -i ${INTERNAL_INTERFACE} -p icmp -j DROP
This will drop icmp traffic going through the linuxbox from the clients (ping uses icmp traffic) - even if you had got it working before you wouldn't have been able to ping yahoo.com!

You really could do with someone standing there looking at the machines and setup. beacase a lot of your scripts rely on other things working to make them work.
have a look at
http://www.linux.org/groups/
http://lugww.counter.li.org/groups.cms

or even a Linux distro like Smoothwall (www.smoothwall.org) which is designed for this type of network config