Message-ID: <00ab01c050b5$fa8385c0$0b0aa8c0@alpha>
From: "Andrew Smith"
Date: Fri, 17 Nov 2000 16:46:47 -0000
Subject: Routing Internet Traffic (ipchains?)
Hi
My school currently has a number of Winblows NT workstations and an NT
server. The server runs an authenticated proxy giving all machines access to
the internet. I have been asked to set up a network of Linux machines. Below
is the intended setup (albeit in a rather poor ASCII-art form!)
/------------\
| THE INTERNET |
\-----||-----/
||
/------||------\
| APOLLO |
| (NT proxy) |
| |
| 192.168.10.2 |
\------||------/ /--------------\
| =========== 192.168.10.x |
| =========== NT 4.0 |
| =========== Workstations |
|| \--------------/
/------||------\
| 192.168.10.5 |
| |
| ALPHA |
| Linux Server |
| |
| 192.168.11.10 |
\---||--||--||---/
|| || ||
/---||--||--||---\
| 192.168.11.x |
| Linux |
| Workstations |
\----------------/
ALPHA has two network cards, one to connect to the main school network and
one to connect to the smaller network of Linux machines. ALPHA has been set
up with NIS and NFS to act as a file and user server for the other Linux
machines. This works fine. I'm now trying to configure ALPHA to give the
other Linux machines access to the internet. Am I right in thinking
'ipchains' is the thing to use? If so, can someone give me a list of the
rules I require. All I want is to give the Linux workstations and ALPHA
access to the internet (WWW and FTP). Mail is not required. Really what I'm
after is high security and to not leave any holes open for wannabe-hackers
to get in (from the main school network and from the internet). I want the
Linux network to be _completely_ separate from the NT network, apart from
using APOLLO for internet access.
As APOLLO, the NT proxy, requires authentication, an account called 'Linux
(password 'Linux) has been created on the NT network. Authentication works
fine when using netscape/lynx from ALPHA, although on first use after logon,
both browsers always ask for a proxy username and password. I'm planning on
having the Linux workstations using ALPHA as a proxy (using squid), so that
if the local cache hasn't got the page requested, ALPHA will be checked,
then APOLLO, then the internet. How can I get ALPHA to be permanently
authenticated with APOLLO - can I supply ALPHA with the authentication
username and password, or does anyone know if MS Proxy Server can be set up
to not require authentication from a certain IP address? Or is there a
better method of allowing internet access to the Linux workstations.
Apologies for the rather long message, and many thanks in advance for any
help - it's appreciated very much! :-) Please reply directly to
linux@andrew.dabsol.co.uk. Also, if anyone knows of any ipchains tutorials
I'd be very grateful if you could send a link (I cant make head nor tail of
the howtos!) :o)
<p><p>Andrew Smith