If Pichu is a Linux box then you can place your ISP's nameserver addresses
into "/etc/resolv.conf" so that clients getting onto the net will have name
resolution and so that your Linux box will have name resolution, (The squid
proxy server reads and caches the nameserver addresses at startup and does
not need resolv.conf thereafter). Then you should set up a ppp dialing
script (or scripts) in your Linux startup so that every time you boot you
get a connection to the internet. There are some good scripts that come with
RedHat - just do a "locate ppp" to find them. They will be "ppp-on",
"ppp-off", etc, etc. They have to be modified very slightly to have your
username and password for connecting to your ISP, as well as a few
characters from your ISP's PPP-prompt string. Then you could permit any
clients to have access to the internet via the Linux box by either using a
proxy or NAT.
To use a proxy download the latest STABLE version of the squid proxy server
from www.squid-cache.org. Also print the FAQ and manual. It takes a while to
get familiar with it. Build it, then modify the squid.conf file to contain
your own desired settings. Modify permissions to various Linux directories
as suggested in the squid manual (for security). Place a command in your
Linux startup script to start squid once the PPP connection has had time to
complete. For example:
"( sleep 30 ; /usr/local/squid/bin/squid ) &"
The above command should follow the PPP connection in the script so that
squid starts when a valid PPP connection to the ISP exists. If you use port
8080 for squid then you will want to configure Internet Explorer (or
Netscape, or whatever) at each client PC to use a "proxy server" on the LAN.
Specify the network address of the Linux box as the proxy, on port 8080.
This works fine for me and for a company I work for. If you want to have
authentication for your clients, (ie: have certain clients be able to access
everything and others only be able to access a limited number of pages) then
you need to also use PROXY_AUTH in conjunction with SMB_AUTH (uses SAMBA
client utilities). Download this at
www.hacom.nl/~richard/software/smb_auth.html. This will permit you to have
various NT clients authenticate themselves to squid before being allowed out
onto the net. Works great. Finally, if you want reports on who is using
which web pages and for how long (say once a week or so) then use sqmgrlog
from http://web.onda.com.br/orso/. Also works great. You need to set up a
sqmgrlog.conf file to control the options in it.
However, there is another way, using NAT (Network Address Translation), and
it is easier than figuring out squid. Just use the ipchains command that is
built into RedHat Linux. Using the FORWARD and MASQ options you can have the
Linux box accept all incoming requests from your clients to the internet,
replace the source address in each packet with the ISP-assigned Linux-box
internet address, and then forward the packets to the internet. Works great
for me. Very little setup required. Caution: in recent versions of the Linux
Kerneal forwarding is turned off by default, so in your script that starts
ipchains you should also place the command:
"echo 1 > /proc/sys/net/ipv4/ip_forward"
I don't know how to make the setting permanent, so putting this in your
script causes it to happen every time you start the firewall, which is
probably every time you boot.
To have a DNS server there would be no problem using the Linux box, but be
prepared, all of the above takes time to figure out and get working.
Good luck, you'll need it.
> I am new to network management and i would like to set the following
> network :
> Pichu : main server
> several clients esteban, zia, chaton running w95, w 2k and linux
> Pichu uses ppp to connect to the internet, and i would like to
> share the connection with the others clients
> I would also like to set Pichu as the DNS for my
> local network.
> Could you indicate me the corresponding howto's or
> "gpl" software i should use in order to set my network ?
> Thanks in advance.
> Jean Christophe Godefroy