HI, ( left lots of the original email in for clarity ) On Sun, 24 Sep 2000, Phillip Deackes wrote:
I have seen some messages on the list about setting up a web proxy server. I am ICT Coordinator in a Leicestershire High School and we are about to take delivery of a new RM PC which I would like to set up as a proxy server. I understand I would use squid. I have never set up anything like this before - I can install and configure Linux on an internet connected workstation standing on my head, but I still view networking as something of a black art!
I've been doing networking for over five years, and trust me, it *is* a Black Art, have the goat entrails handy.
We currently run an RM 2.3 Connect network - 1 Windows NT server and around 40 Windows 95 workstations, most are Pentium 100 with 16 MB RAM (and don't we know it!!). As I understand it, I need two network cards on the new machine, one connected directly to our ISDN router, the other to our current network. I configure the new machine to talk to the router and all other machines on the network to talk to the new machine, hence all requests pass through the proxy server rather than directly to our ISP.
To make this work you'll have to set up your new Linux box as a router, which means it will need two different address ranges on the end of each NIC. I *suspect* you don't have an extra range of addresses to use, and using part of your existing allocation ( a Class C? 255.255.255.0 subnet mask? ) to make up the network between the Linux box and the ISDN router would mean reconfiguring the networking on your existing 41 Windows hosts. Actually, regardless of the IP ranges used the set up you specify will mean reconfiguring the networking somewhere - I would expect this is best left alone. ( Any URLs for the networking used for RM connections appreciated ). What make is the ISDN router? Do you administer it or have any control over it? I'm thinking that you could: Leave the network routing configuration as it is. Add in the Web Proxy with a single ethernet card. Configure all hosts to use the WebProxy for http requests. Configure the ISDN router to block all Web requests for the Internet that don't come from the WebProxy, so stopping any of those imaginative students disabling the proxy server settings and getting to "unsuitable" websites. Note that "block all web requests" isn't as easy as I make it sound above, not all websites sit on port 80, so to do this properly you'd really need to implement a "everything not expressly permitted is denied" policy on the router, which depending on what traffic you send to the Internet can be a non-trivial exercise. I presume you don't have a range of "legal" Internet IP addresses for use on your network and some kind of Network Address Translation occurs either at your ISDN router or at your ISP before your traffic reaches the Internet?
I assume non-web traffic would pass through transparently.
Only if you configure the Linux box to act as a router. I *gather* this isn't that hard, but I've never done it myself. Also I'd expect the box would get hammered, so considering whether you have control over the ISDN router or not you may not want to put that much load on the new Linux box.
Excuse me if this is a little simplistic - I will have the use of a technician from another school for a few hours, although he knows very little about Linux. He is more knowledgeable about networking generally though.
Best to pick his brains first I think, and anyone else available, and then use those valuable few hours just implementing the decided network setup and troubleshooting.... and catching the goats. <snip> -- Nick Drage, helping fill up the internet since 1993. "There is no such thing as a bug in the Linux 2.1.x kernels Consider it as a request from the enlightened for you to brush up on your C programming and help improve the kernel."