LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-23-2003, 07:55 AM   #1
suraj
LQ Newbie
 
Registered: Nov 2001
Posts: 2

Rep: Reputation: 0
Natting


Hi,

I am using a private IP range on my LAN. I want that all the users when they connect to internet go through one public IP through the proxy server that I have.

What changes and in which file I have to make for this to happen.

Thanks,
Suraj.
 
Old 01-23-2003, 10:25 AM   #2
rioguia
Member
 
Registered: Jun 2002
Posts: 411

Rep: Reputation: 30
No one else is answering your question so i'll give it a shot. first, we need to know what kind of proxy you are using (Squid?). If you are using squid, you might want to consider an integrated firewall solution that is build to use it like shore wall.

regarding your natting, you haven't provided a lot of information so I am going to make some assumptions.

I assume that you have a redhat linux box and that you have IP chains disabled and have iptables installed. check this by typing at a terminal
whereis iptables

I assume you have not installed a firewall. the linux box has two network cards. one network card is dedicated to your internet connection (eth0) with a public IP address of xxx.xxx.xxx.xxx

1. check this by opening a terminal as root and typing ifconfig -a

You have another NIC dedicated to your local network (eth1).

2. The address assigned to eth1 is 10.0.0.1 and netmask of 255.255.255.0. Check this by typing ifconfig eth1 10.0.0.1 netmask 255.255.255.0 and typing /sbin/route add default gw xxx.xxx.xxx.xxx (ip address of eth0).

3. You can check your work above by typing by using your favorite editor (in this case vi) and typing
vi /etc/sysconfig/devices/ifcfg-eth0

4. do the same for ifcfg-eth1.

5. All your client boxes have IP addresses like 10.0.0.2, 10.0.0.3, etc. Your private network is 10.0.0.0/8 and gateway is 10.0.0.1. check this by opening a terminal as root and typing
vi /etc/sysconfig/network

6. type:
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

7. type:
/sbin/iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -o eth0 -j MASQUERADE

8. type:
echo 1 > /proc/sys/net/ipv4/ip_forward

9. you should now configure all your clients to use 10.0.0.1 as their gateway (for linux boxes use Step #2 as an example to follow).

10. if you have a problem, check your ip tables rules by typing:
/sbin/iptables -L -t filter -t nat

you should see something like:
/sbin/iptables -L -t filter -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all

if you had a prior set of rules you will have to delete them by typing something like
/sbin/iptables --flush
/sbin/iptables --table nat --flush
/sbin/iptables --delete-chain
/sbin/iptables --table nat --delete-chain

11. as fast as you can, get a real firewall in place. see
http://www.linuxguruz.org/iptables/

12. if you have to post back with errors, give us the output of
route -n > iptableroute.txt (provide a copy of a text file of that name from your root directory)

Last edited by rioguia; 01-23-2003 at 04:10 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
natting issue mozilla Linux - Security 1 11-30-2005 11:08 AM
natting twice zsoltrenyi Linux - Networking 9 01-26-2005 04:39 AM
natting in Linux suvajit Linux - General 2 05-15-2003 02:19 PM
Natting / Routing suvajit Linux - Networking 2 05-15-2003 10:23 AM
Natting suvajit Linux - Software 1 05-15-2003 05:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration