Very Computer

--
Frank Sweetser rasmusin at wpi.edu fsweetser at blee.net | PGP key available
paramount.res.wpi.net RedHat 4.9.1 Linux 2.0.31 i586     | at public servers
"If the future navigation system [for interactive networked services on
the NII] looks like something from Microsoft, it will never work."
(Chairman of Walt Disney Television & Telecommunications)

Hi all.

Been up and running with linux for a few months now and I would like
to use linux as a firewall/proxy for my home lan.

I have 3 machines, a dedicated linux box, a winnt server, and a win95
workstation.
I currently run the proxy service from a winnt server machine, using
wingate, a proxy server.

When I initially wanted to set up a system to put all my machines on
my home lan on the net thru one modem, I was remember being told by my
isp that a proxy server was the only way to to accomplish this, as
they were not prepared to update thier routing tables to forward
packets to my second and third machines, without a cost being
incurred.

I would like to know if this is still the case, if I now use linux
instead of nt4, to forward packets to my second and third machines. I
know linux can act as a firewall/proxy and do ip forwarding?  But if I
choose ip forwarding will my  my isp strill need to upgrade thier
routing tables?

Or is ip masquerading a better option?

Can someone please clarify for me?

Reply via email would be appreciated, and I will forward to usenet if
you haven't already done so.

                                                        Rossco

Brisbane
Australia

Quote:>I would like to know if this is still the case, if I now use linux
>instead of nt4, to forward packets to my second and third machines. I
>know linux can act as a firewall/proxy and do ip forwarding?  But if I
>choose ip forwarding will my  my isp strill need to upgrade thier
>routing tables?
>Or is ip masquerading a better option?

Nick.
--
Kralizec / Zeta Microcomputer Software  Fax: +61-2-9233-6545 Voice: 9837-1397
G.P.O. Box 3400, Sydney NSW 1043        http://www.zeta.org.au/

Quote:>Been up and running with linux for a few months now and I would like
>to use linux as a firewall/proxy for my home lan.
>I have 3 machines, a dedicated linux box, a winnt server, and a win95
>workstation.
>I currently run the proxy service from a winnt server machine, using
>wingate, a proxy server.

Your ISP does not need to do anything - the setup is invisible to the
outside (it seems as if all traffic is coming from your Linux box).

Check out the masquerading docs - http://www.indyramp.com/masq/  

--
Henrik Storner                               http://www.image.dk/~storner/
"The POP3 server service depends on the SMTP server service, which
 failed to start because of the following error:
 The operation completed successfully." -Windows NT Server v3.51

Quote:

> Or is ip masquerading a better option?

With "IP masquerading" (or NAT if you talk BSD/CISCO) you simply set
the "IP masquerading" host as the default route on all your clients.
Packets will transparently pass through the NAT machine and out onto
the 'net.

With WinGate/WinProxy (etc etc) you need to configure each client
program that will talk via the proxy to use the proxy. i.e. configure
SMTP, HTTP, FTP, etc.

Note that firewalls like TIS Gauntlet use a proxy in combination with
a "transparent proxy" feature to provide transparency.

Both Linux and FreeBSD provide good "IP masquerading" support. Linux
uses an "in kernel" method for speed at the expense of a larger kernel
memory footprint. FreeBSD uses a "user land" daemon. Also NetBSD and
OpenBSD can use the IP filter kernel module to provide "IP masquerading".

Cheers.
--        +------------------------------------------------------------+


 /  Oz  \ |                 http://www.nlc.net.au/~john/               |
 \_,--\_/ | SCITEC LIMITED  Phone +61 2 9428 9563  Fax +61 2 9428 9933 |
       v  |    "By the time you make ends meet, they move the ends."   |
          +------------------------------------------------------------+

Quote:>You'll be amazed at how much better IP masquerading is than WinGate -
>former WinGate user and now on with IP masq-much better.

Nick.
--
Kralizec / Zeta Microcomputer Software  Fax: +61-2-9233-6545 Voice: 9837-1397
G.P.O. Box 3400, Sydney NSW 1043        http://www.zeta.org.au/