I am not sure if this implementation will make it a "proxy" per se, but should make it a gateway if that is your goal...
I use a very basic iptables file:
Quote:
#!/bin/sh
# Configure the network interfaces
# Using variables allows for easy modification
Internet_IP="xxx.xxx.xxx.xxx"
Internet_IFACE="eth1"
LAN_IP="yyy.yyy.yyy.yyy"
LAN_IP_RANGE="yyy.yyy.0.0/16"
LAN_IFACE="eth0"
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables -t nat --flush
iptables --delete-chain
iptables -t nat --delete-chain
iptables -t nat -A POSTROUTING -o $Internet_IFACE -j SNAT --to-source $Internet_IP
|
Use the LAN_IP address as your gateway for the systems on your network. You can use fixed addresses on your private side of the network or DHCP. I use DHCP and run it on the same box where I run my gateway. Here are my basics:
Quote:
ddns-update-style none;
ignore client-updates;
authoritative;
shared-network MY-network {
subnet 192.168.0.0 netmask 255.255.255.0 {
# Using the LAN_IP address of my gateway, which matches in the iptables file
# I have a DNS server on my private network and two public ones
# You can limit your range to the addresses you want available
range 192.168.0.10 192.168.0.200;
default-lease-time 172800;
max-lease-time 1209600;
option domain-name-servers 192.168.X.X, Y.Y.Y.Y, Z.Z.Z.Z;
option routers LAN_IP;
option broadcast-address 192.168.0.255;
option subnet-mask 255.255.252.0;
option ip-forwarding off;
}
subnet 192.168.1.0 netmask 255.255.255.0 {
# I use this subnet for fixed addresses (see below) and no access to the gateway
default-lease-time 172800;
max-lease-time 1209600;
option domain-name-servers 192.168.X.X;
option broadcast-address 192.168.1.255;
option subnet-mask 255.255.252.0;
option ip-forwarding off;
}
# This system has no internet access. Unique hostnames and actual MAC address needed.
host no-internet-access {
hardware ethernet 00:00:00:00:00:00;
fixed-address 192.168.1.10;
}
}
|
Hopefully this is helpful...
