Site Firewall/Proxy
I would like to setup my system as a transparent proxy and firewall for the rest of my PC's. Is this possible as I already have a router that all of the systems use to connect to the internet(which is also my cable modem, so I can't take it out of the loop)? If so, how would I go about doing it? Thanks! NeoFax
Am Dienstag, 27. Juli 2004 19:52 schrieb Terry E. Milnes Jr.:
I would like to setup my system as a transparent proxy and firewall for the rest of my PC's. Is this possible as I already have a router that all of the systems use to connect to the internet(which is also my cable modem, so I can't take it out of the loop)? If so, how would I go about doing it?
as far as i understand cable modem setups (which is not very far due to the fact that its virtually impossible to get cable internet in germany), all you need to do is buy a second small hub, and some cheapass old box off ebay, with two network cards. then, connect one of those two to the hub which is either built into or connected to the cable modem, and the other one to a hub which is your home network with all other pcs. then, run susefirewall2 on the cheap box, and a dhcp server on the interface connected to your home lan. hope those pointers are enough to get you going in the right direction. bye, MH
oh, i forgot a few steps... after you done all that, install squid (comes with suse) and squidguard on said box, configure squid as a transparent proxy (google should help), and configure the suse firewall to forward all outgoing traffic to *:80 to thje squid port on your firewall instead. you might want to chain a privoxy banner filter behind that squid (behind as seen from the inside of your lan). bye, MH
Am Dienstag, 27. Juli 2004 19:52 schrieb Terry E. Milnes Jr.:
I would like to setup my system as a transparent proxy and firewall for the rest of my PC's. Is this possible as I already have a router that all of the systems use to connect to the internet(which is also my cable modem, so I can't take it out of the loop)? If so, how would I go about doing it?
as far as i understand cable modem setups (which is not very far due to the fact that its virtually impossible to get cable internet in germany), all you need to do is buy a second small hub, and some cheapass old box off ebay, with two network cards. then, connect one of those two to the hub which is either built into or connected to the cable modem, and the other one to a hub which is your home network with all other pcs. then, run susefirewall2 on the cheap box, and a dhcp server on the interface connected to your home lan.
hope those pointers are enough to get you going in the right direction.
bye, MH OK, thanks for the help, but that would work for the CAT5 connected systems not for the wireless systems. To do that I would have to buy a new Access Point as that is already included in my router. I had this setup before I went wireless but was using smoothwall. I don't want to buy anymore equipment, I just would like to possibly create(I know this is probably not correct) a loop where all incoming traffic is sent to the SuSE box and then from their NATed to where it needs to go or dropped by the firewall. Same goes for outgoing traffic and the proxy. Hope that clarifies what I was
On Tuesday 27 July 2004 11:02 am, Mathias Homann wrote: thinking. Thanks again! NeoFax
Terry E. Milnes Jr. wrote:
On Tuesday 27 July 2004 11:02 am, Mathias Homann wrote:
Am Dienstag, 27. Juli 2004 19:52 schrieb Terry E. Milnes Jr.:
I would like to setup my system as a transparent proxy and firewall for the rest of my PC's. Is this possible as I already have a router that all of the systems use to connect to the internet(which is also my cable modem, so I can't take it out of the loop)?
Can't you put your suse box between your cable modem and your router?
OK, thanks for the help, but that would work for the CAT5 connected systems not for the wireless systems.
If your LAN connected to your router (i assume wireless plus cat 5), then you connected the WAN port of your router to your suse box running squid and SuSEfirewall2, that would work for all clients.
To do that I would have to buy a new Access Point as that is already included in my router. I had this setup before I went wireless but was using smoothwall. I don't want to buy anymore equipment,
You just need to adjust which machine connects to the internet. BTW, the suse box would need 2 NICs, and both the router and the suse box would need to NAT. HTH -- Joe Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Registered Linux user 231871
You just need to adjust which machine connects to the internet. BTW, the suse box would need 2 NICs, and both the router and the suse box would need to NAT. HTH
One option is to turn the Linksys router into, well, a router. By default, they NAT (gateway mode). Most of the newer models will just route (i.e. not NAT). Of course you would need to add a static route on your SuSE box, but that shouldn't be too big an obstacle.
On Tuesday 27 July 2004 05:13 pm, suse@tremor.com wrote:
You just need to adjust which machine connects to the internet. BTW, the suse box would need 2 NICs, and both the router and the suse box would need to NAT. HTH
One option is to turn the Linksys router into, well, a router. By default, they NAT (gateway mode). Most of the newer models will just route (i.e. not NAT). Of course you would need to add a static route on your SuSE box, but that shouldn't be too big an obstacle. I do not have a LinkSys router it is a Motorola SBG1000. Which I am just waiting to find a different router that provides the same features as the Motorola, but with better built in Firewall. It has a built in 4 port hub/switch, Print server, 802.11B Access Point and a cable modem. The cable modem is great as it never drops, but the rest is mediocre to crap. If anyone knows of a reasonable replacement I would appreciate it. Thanks!
NeoFax
I would like to setup my system as a transparent proxy and firewall for the rest of my PC's. Is this possible as I already have a router that all of the systems use to connect to the internet(which is also my cable modem, so I can't take it out of the loop)? If so, how would I go about doing it? Thanks!
Install SuSE on a box with two nics. Plug one into cablemodem, the other into internal network Configure the firewall to NAT Install and configure Squid web proxy. Make squid transparent: http://www.squid-cache.org/Doc/FAQ/FAQ-17.html Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/
Quoting Kurt Seifried <suse@seifried.org>:
I would like to setup my system as a transparent proxy and firewall for the rest of my PC's. Is this possible as I already have a router that all of the systems use to connect to the internet(which is also my cable modem, so I can't take it out of the loop)? If so, how would I go about doing it? Thanks!
Install SuSE on a box with two nics. Plug one into cablemodem, the other into internal network Configure the firewall to NAT Install and configure Squid web proxy. Make squid transparent: http://www.squid-cache.org/Doc/FAQ/FAQ-17.html
A transparent DNS cache also improves how the user feels the speed of browsing. Regards, Muralito. ------------------------------------------------------------ 0909 2468 El acceso telefonico a Internet del Portal Hay 3 maneras de cambiarte http://www.montevideo.com.uy/0909
participants (6)
-
Joe Morris (NTM) -
Kurt Seifried -
Mathias Homann -
muralito@montevideo.com.uy -
suse@tremor.com -
Terry E. Milnes Jr.