Using Linux as a proxy server / cable modem

Hi! I have a cable modem connected to my Linux Red Hat6.0 with alomost static IP address. (Although it is supposed to use DHCP to get an IP, I never seen it changing to a different IP. So I put the static IP and it works fine.)

Now, I installed 2 NIC cards and setup one (using IP assigned by the cable company) for the cable modem and the other(191.168.1.1) to communicate with my local network so my PCs can also share the Internet. I have tried to setup the routing table, but I may have done somthing wrong. When I do netstat -rn, it doesn't show my local network gateway (192.168.1.1) When I type, "route add -net 192.168.1.0 netmask 255.255.255.0 dev eth1), it says "SIOCADDRT: Network is down," but when I type ifconfig -a it shows both my eth0 and eth1 as active.  I can browse the net on the machine and I can telnet out so the machine sees the router from the cable modem, but the machine doesn't see any local machines.

I would like to start all over.  Would someone give me a step-by-step instruction on how to set it up correctly?

Thank you very much!
yjh123Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jlevieCommented:
Since you only have a single outside IP, there's more to it than just adding another NIC. What you need to to is to set up IP masquerading so that you local machines can "share" the single outside IP. The instructions for setting this up are in the HOW-TO's, see www.redhat.com/mirrors/LDP/HOWTO/IP-Masquerade-HOWTO.html
0
karim1Commented:
Hi,
                  I'm currently doing the same thing in a private network that I have at home. What I did was:
                  1.- Setup a router
                  so the computers can communicate to each other even if they are offline.

                  2.- Setup the IP Masq
                  so all the computers can communicate to the Internet. this included recompiling the kernel and a small shell
                  script to load the ip masq every time i reboot.

                  3.- Setup Squid
                  in one of the machines that has a private IP address.

                  4.- Configure the other computers
                  in the browsers, ftp clients, or all the other things that I want to use the proxy with.


                  What all these does (I think) is: from the computer that you are browsing goes to the proxy and asks for a
                  page, the proxy then if it does not have it goes to the ip masq host to be able to get out to the internet,
                  after that the proxy server serves the page to the first box (the one you are browsing with.)

                  visit the howto's to know how to recompile a kernel, do ip masq, setup squid, and a router.

                  I hope these information can help you.
0
jlevieCommented:
jlevie changed the proposed answer to a comment
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

yjh123Author Commented:
I tried to go to the site that talks about the IP masq, but couldn't understand. I have RedHat 6.0. Do I still need to recompile the kernel?
Could you list the files involved in IP MASQ and lines to put in the files?
Thanks much!
0
yjh123Author Commented:
Adjusted points to 100
0
yjh123Author Commented:
Adjusted points to 300
0
karim1Commented:
ok, here it goes:

I read some time ago that RedHat does not need to be recompiled in order to get IP-Masq working because the option is already built in. What you need to do, if you already have your router setup and you can communicate between the computers in your private network(you can test it by doing a ping from your windows machine to the linux box.) then what you really need to do is write a little script that is going to allow you to use ip-masq when you start up your linux and windows box.
I have a simple script that i'm using:
********************************
#! /bin/sh
route add -host 192.168.0.2 gw 165.95.17.196
route add -host 192.168.0.3 gw 165.95.17.196
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
/sbin/modprobe ip_masq_quake
/sbin/modprobe ip_masq_cuseeme
/sbin/modprobe ip_masq_vdolive
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/ipchains -M -S 7200 10 160
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ
***********************************
the first two lines (route) are the ones that setup my routing tables. 192.168.0.2 and 192.168.0.3 are the two computers that I have ip-masq using on.

165.95.17.196 is my static ip-address (the one I use to connect to the internet)

all the modeprobe lines are the ones that are going to install the loadable modules so you can be able to use software like real-audio, ftp and quake.

the echo line would enable ip forwarding

the ipchain's lines are the ones that are going to forward and masquerade your private machines.

I run this script each time i start up my linux box.
If you do not get any error whe you are doing this, then you can test your windows box to try to ping an outside server.

Tell me if you do not understand any part of what I wrote so I can geet into more detail. I know how frustrating all these can be!

After you do this I can give a few links to places where they have software so you can share your linux harddrive with your wwindows box and viceversa. It's easier that using Samba.

Write me back!





 

0
yjh123Author Commented:
Thanks for your suggestion. However I need to clarify your suggestion. Please help me understand.  As you know I have 2 NIC cards installed on my LINUX RedHat6.0 box.  One to connect to the cable modem and the other to connect to my local hub.

In your scenario, 192.168.0.2 is connected to the cable modem.
Did you have a second NIC with an IP to cover the 192.168.0.X?

In my case, I assgined 192.168.1.1 to the second NIC and assigned 192.168.1.2 to the 3rd computer and 192.168.1.3 to the fourth computer. (This is why I initially thought that it is just a matter of routing table setup...)

Do you need to setup anywhere to have 192.168.1.1 see the first NIC card? (in your case, it is 165.95.17.196 )

Thanks for your continuos help!

0
karim1Commented:
hi,
I started writting the commands you have to write on your computer (redhat) to be able to use two netcards and I really think that you do not need to have two of them in the same box, since you already have a HUB, the only thing that you need to do is to setup the routing table.

get rid of the second NIC (eth1) and configure the eth0 in the following way:

ifconfig eth0 "static-ip" netmask 255.255.255.0 broadcast "broadcast-address"

route add -host 192.168.0.1 gw "static-ip"

route add -host 192.168.0.2 gw "static-ip"

in the script that I gave you before, you can still use it, but change "165.95.17.196" for your static ip address.

and you are done.



0
yjh123Author Commented:
I followed exactly what you described here. I appreciate your continuous help.

Now I can ping my Linux box from my Windows95 machine(192.168.1.3), but I cannot ping the router(cable company router that is supposely  connected to my cable modem at home) nor the outside world.

Also, if I could ping outside computer from the Windows95 machine (192.168.1.3), how does it resolve IP? Should I put DNS server IP of the cable company in the Windows95 machine or setup resolve on the Linux box?

Thank you for your continuous help!
0
karim1Commented:
in the windows machine you put the DNS that your cable company gave you.

and the gateway is the ip that your cable company gave you and you are using in your linux box.

0
yjh123Author Commented:
I was able to get to the Linux box from a Windows  machine, but I couldn't go further.

Is this the only way to setup the Linux box to serve as a Proxy server?
0
yjh123Author Commented:
I was able to get to the Linux box from a Windows  machine, but I couldn't go further.

Is this the only way to setup the Linux box to serve as a Proxy server?
0
maxchowCommented:
1) Go to Linuxconf
2) Select firewall
3) Select forwarding
4) Select IP Masquerade
5) From <internal net no>, mask <internal net mask> Interface Any
6) To 0.0.0.0, Interface Any

Make sure you setup the network cards correctly and can ping outside from the Linux before you go for the steps

You can add the "firewall" module in linuxconf under:

Control -> Control File ans System -> Configure Linuxconf Modules

Then next time you will see it under:
Config -> networking -> server tasks



No squid is needed
0
lewisgCommented:
In the following assume this:

Linux machine with two netcards installed (IP MASQ)
eth0 1.2.3.4 connected to cable modem
eth1 192.168.1.1 connected to internal network

First - no routing is required for the internal network since it is one subnet 192.168.1.1 thru 254 with a netmask of 255.255.255.0

Second - a default route must be added to the IP MASQ machine. If the cable company gave you a "default gateway" of 1.2.3.1 (remember we are just making this number up, subsitute the real number!) Then the (root user!) command would be:
/sbin/route add default gw 1.2.3.1 eth0

Third - IP forwarding must be turned on. Check /etc/sysconfig/network and be sure FORWARD_IPV4=true. Also you may need to enter the following command:
echo 1 > /proc/sys/net/ipv4/ip_forward

Forth - you need to start masquerade. Enter the following:
/sbin/ipchains -A forward -S 192.168.1.0 -j MASQ

Fifth - if this works realize you need to strengthen the ipchains rules for security!

The following are what you should get. Remember 1.2.3.4 is NOT real!

[root@server /etc]# /sbin/ifconfig
eth0      Link encap:Ethernet  HWaddr 00:20:AF:28:2A:0D
          inet addr:172.20.1.1  Bcast:172.20.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:26020 errors:0 dropped:0 overruns:0 frame:0
          TX packets:19721 errors:0 dropped:0 overruns:0 carrier:0
          collisions:1 txqueuelen:100
          Interrupt:5 Base address:0x300

eth1      Link encap:Ethernet  HWaddr 00:20:AF:93:xx:xx          inet addr:1.2.3.4  Bcast:204.255.230.63  Mask:255.255.255.192
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:12548 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10820 errors:0 dropped:0 overruns:0 carrier:0
          collisions:2 txqueuelen:100
          Interrupt:10 Base address:0x240

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:3924  Metric:1
          RX packets:30 errors:0 dropped:0 overruns:0 frame:0
          TX packets:30 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0

[root@server /etc]# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
172.20.1.1      *               255.255.255.255 UH        0 0          0 eth0
1.2.3.4   *               255.255.255.255 UH        0 0          0 eth1
204.255.230.0   *               255.255.255.192 U         0 0          0 eth1
172.20.1.0      *               255.255.255.0   U         0 0          0 eth0
127.0.0.0       *               255.0.0.0       U         0 0          0 lo
default         1.2.3.1   0.0.0.0         UG        0 0          0 eth1  
[root@server /etc]# /sbin/ipchains -L
Chain input (policy REJECT):
Chain forward (policy ACCEPT):
MASQ       all  ------  172.20.1.0/24        anywhere              n/a
Chain output (policy ACCEPT):

Good Luck      
0
Alien Life-FormCommented:
Greetings.

For ipmasq to work, you also need to make
ip forwarding active,  along the lines of:

 echo 1 > /proc/sys/net/ipv4/ip_forward

Cheers,
      alf
0
yjh123Author Commented:
Adjusted points to 305
0
yjh123Author Commented:
Adjusted points to 350
0
c11risCommented:
Hello,

If all you are looking to do is proxy a web connection you wouldn't have to use IP masquerading.

You have:
Your linux box with 2 network cards, one has a public address and can see the internet, the other has a private address and can see the inside computers.

Install squid on the linux machine.

On your windows machine in your browser set your proxy server to the linux machines internal ip, port 3128.

Of course if you want other services that squid doesn't support you will be out of luck, but http should work :)

0
c11risCommented:
Meant that last as an answer, not a comment :)

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.