Proxy Server / Firewall

There are some very good resources for Linux written by actual users, a collection of HOWTO's. There's probably a link off Caldera's site, but I happen to have a link off of RedHat's site bookmarked (www.redhat.com/mirrors/LDP/HOWTO). The HOWTO's aren't particulary vendor specific.

A quick check of the "Ethernet HOWTO" turned up a reference to Kingston's site, which in turn led to a set of specific instructions for Kingston cards. Without knowing which model you have I can't offer specific instructions other than to say, "do a little looking and come back and ask about something specific in the instructions you don't understand".

The Katron cards don't appear in the list of supported cards in the HOWTO, but that doesn't mean they aren't being recognized or that they won't work. Seeing the output of lsmod with both cards in the machine would help lots in knowing if Caldera is already recognizing and loading drivers for the cards.

If you send me the box, I can configure it for you.

Well, Iv'e come a long way, and can be more specific now.   I installed Caldera 2.3 from the CD ROM on a clean disk (twice, I don't exactly know why it failed the first time) and the Trident 9680 video card seemed to set up OK, except than now I can hardly read this.  Then, in accordance with Katron's insturctions, after installing the KT32/P first, the combination of Caldera and the KDE interface, let me configure the NIC.  I accepted the defaults, i.e., IP address, gateway, etc., and then, fooling around with the settings, I changed to DHCP.  

Voila!  It works, that is, I had a Win98SE machine attached, running a dial-up connection, and Netscape loaded on the Linus machine. I tried to get to the EE, but for about 10 minutes or more, the hard disk just buzzed, and some really strange things happened on the screen.  Well, you know that I just truned the damn thing off, back on, and hee I am!

Now, the specific question is how to install and recognize the KFTX/2 card, so that I can use it to connect with my DSL modem.  The instructions say if I install Linux prior to the installation of the NIC, I will have to rebuild the kernel.  What if I install the card, and re-install Caldera?  If rebuuilding the kernel is as arcane (and dangerous) as editing a Windows registry, I want to know how badly I can botch it, and how to fix it if I do. There is some logic to re-installing Caldera everytime a new device is added, if I can avoid having to follow instructions like, "change directory to usr/src/linus directory"  "Run "make menuconfig", etc.

I'm not afraid to do it, but is it necessary?

Sorry, forgot to proof read.  The second card is a Katron KF-230TX/2, 10/100 Base-TX Fast Ethernet PCI Lan adapter.  The isntuctions are old, as they mention Open Linux Version 1.3.

And freesouce, why don't you just drop by my place and show me how.  Seriously, if you want me to I'll send you a computer if you let me know  where, but I really want to know.

Richard

Okay, neither of those cards are going to work as-is. At this point you have to ask how much trouble you want to go to with a possibly uncertain outcome. The choices are to fiddle with driver software and kernels or to just go out and get a supported card. An Ne2000 is supported and would be a snap to get working. CDW shows on for $21 and I've seen them for sale as low as $15.

OK, I am two-thirds of the way home.  I now have the P166 running Caldera 2.3 on another network, where I am attached to a WinProxy server.  Changing the IP address and Gateway as per the WinProxy instructions works.  That is to say that the Katron ET32/P2 card continues to be recognized by Linux.  

I have available older ISA NE2000 compatible cards (Winbond), the Fast Katron card (above), the Kingston PCI card with a RealTek chip(the disk & instructions make no mention of Liux, but the Katron didn't need any drivers) and, incidentally, Kingston's web site provides a detailed instruction on installing its card.  That is, more arcane command-line stuff.  

Wonder again, whether putting another card in and re-installing Linux would work.  It did the first time.

Then I'll be in a position to ask another question concerning Proxy/Firewall software.

Rich

It sounds like you are having a great learning experience, Richard.  I'd recommend that you don't continuously reinstall Linux.  While this may be true about getting Windows to work, with Linux it is usually just a matter of editing some configuration files, upgrading some packages, or compiling a kernel (which is also a great learning experience), all of which you are now learning about.

I certainly can configure your box or drop by your place if your aren't in a far away location, contact me via my profile here at EE.

Having some free time, I have progressed somewhat.  In addition to using the Linux machine as a workstation on a Win98SE dial-up Internet Connection Sharing computer, and as a w/s on a WinProxy server (my trial time for this software is running out), I have been successful getting the machine on the Internet using the ADSL modem, my NIC configured properly.

The follow-up question now is, after I have recognized a second card for the Novell network, etc., what software, if any, is necessary to complete the Linux Proxy Server?  I recall that Wingate used 192.168.0.x and had to be installed on the client as well as the server.  WinProxy, on the otherhand, used 90.0.0.x and required only the software to be installed on the server.

I think you've already got all the software you'll need (ipchains) to set up the Linux box as a gateway (although it might not yet be installed from the OS distribution disk). Take a look at howto.tucows.com/LDP/HOWTO/IP-Masquerade-HOWTO.html and howto.tucows.com/LDP/HOWTO/IPCHAINS-HOWTO.html for a good discussion of what a Linux gateway can do, whats needed to do so, and how to do it.

The first thing you need to ask yourself is whether or not you really need a true Proxy Server.  Your needs may better be met by setting up IP Masquerading.

Take a look at the IP-Masquerade-HOWTO and look at the section 7.5 (v1.77) which discusses "How does IP Masquerade differ from Proxy or NAT services?".

Firewall:  ipchains
Proxy: squid (popular)  or socks

See ..
Firewall-HOWTO


It really depends on what your needs are.  Ip Masquerade is often a great way to go.

Thanks to both of you on the references to the howto files.   Certainly there is a wealth of info in there.  If I ever get a proxy server up and running,  I will no doubt use IPMasquerading as it seems to  fit the need.  

But back to the basics, after my initial successes I went to the office today (Sat) and tried to put all my new info into use.  Taking a new 500 MHz machine with new NICs I installed Caldera 2.3 and  found eth0 and eth1.  No idea which was which, and had some trouble with IRQ's, but the BIOS allowed me to select which slot which was in and the IRQ.  Nevertheless, the machine went stoned on me -- never seen anything so slow, and finally pulled eth1 and got back to something resembling a computer.  I could comment more on TCP/IP settings, but, you know, I mean . . .

Is this the KDE interface?  What do you mean, "edit some configeration files" , "upgrade packages" and "compile a kernel or two"?

Seriously, do you know what I am dealing with with Caldera?  I have learned to run lizardx and that is about it.

Ah, now you need to look at the "Ethernet HowTo" especially the section (3.2 from memory) on having two NICs in a system. My approach to getting a dual NIC system set up is to start with only one NIC, preferrably the one that will connect to the Internet. Once I've got the system working and talking to the rest of the world, I add the second NIC and make it work, then I setup Masquerading and/or firewalls.

Right, that's what I did last week.  First found out that I could connect with the SE ICS then the WinProxy.  Then I connected to the ISP with the NIC.  No problems.  But I changed computers, and tried to install Caldera 2.3 with BOTH  cards installed before I tried to put the second card in the machine that worked.  Don't know what would happen if I started the old one with a new card.  Scared?  Maybe.  But I sold the old one and had to reformat the drive, so, it's history.  Jez, why can't I do this from scratch?

Well, we live and we learn. Unix in general and Linux in particular can be a bit intimidating, but mostly the problems can be worked out with a bit of research and a systematic approach. It's the knowing where to look for information and how to approach the problem that seems only to come from experience, which you are getting... lots of.

Don't get discouraged. Each of the "experts" in this area has "been there, done that" at least once.

Well, J, I am encouraged.  My partner has already said trash that SOB, and I sold the first one, kept the HD, and am keeping the new 500  for myself.  I just wonder why the old P166 as well as the AMD 500 seemed so slow in Netscape with Linux running, as opposed to Win.  The disk seemed to grind and grind and grind.  What's up?

Is it slow only to start, or is it slow when Netscape is up? How much memory is in the system?

Linux has a true implemtation of shared libraries, unlike the windows dll mechanism. This can cause excessive swapping in a small memory system when loading a mega-sized executable, like Netscape. On my laptop, that I'm using right now (128MB), the first launch of Netscape (that causes the shared libraries to be loaded) takes a bit. Subsequent launches of Netscape are quite fast, as the shared libraries are already in memory and don't have to be re-loaded.

Not slow to start.  Starts faster than the P166, but Netscape is intolerably slow.  Couldn't get to the experts exchange on a couple of trys, finally loading the page.  But just can't seem to get around within any acceptable speed.  The machine has 32 Mb.  Giving up, for the time being, I put a Win98 disk in and here I am.  So it shouldn't be the network, even though I am using a WinProxy Server.  And I really don't know how to anything on the Novell/MS network except connect to the internet thru the WinProxy server.  

Remember, I was able to select the IP addresses so as to get it up on the DSL connection, and next, I'll actually put it up as the server with the two NICs.  More later, and thanks again for the Masquerading info.

I think it's gonna be a bit sluggish with only 32 meg. 64 meg would be about as small a system that I'd care to use and even that is probably going to have to be swapping in order to run Netscape. Memory prices have been going back down lately and it would be a big plus to add at least another 32 meg (and more is definitely better).

Right O -- I tried 96,and it was fast, and now I have 128, and it fairly screams.  Thanks.  Maybe I have time to check out the second card.

Are both NICs the same make/model? If so you have to put aliases in /etc/conf.modules in order for the kernel to know which is which (Ethernet HowTo, section 3 I think).

Been on vacation -- skiing in the Alps!  Just kidding, reallly, Wolf Creek is heaven this time of year.  No, I know better than to use two cards of the same model.  eth0 is an rtlxx (the Kingston with the realtek chip) and eth1 is an ne2kxx (a Katron card, with a realtek chipset too, I think).   AS noted, I can connect as a w/s on a WinProxy server, and can connect to the internet on the other card thru the DSL modem, but before I began to look at IPMasq, etc. the Linux box crashed -- some file administration error, and I need to start over.  This really takes time.

There's not anything wrong with using two of the same make/model cards, you just have to tell the kernel which is eth0 and which is eth1. I normally use two identical cards and have never had any problems, well not any that were caused by the duplication...

Excuse me, have you forgotten that I am working with the KDE interface, and dont understand "tell the kernel" -- as I am planning to reinstall the OS because I cant "tell the kernel".  The error I find on boot ought to be fixed by starting over.  More tomorrow if I get the time.  

Thanks again.

Sorry, I didn't mean to offend. I had a reference in a previous comment pointing to the Ethernet HowTo seciton about multiple cards of the same type. It's really simple for most cases, as follows from the HowTo:

As an example, consider a user that has two ISA NE2000 cards, one at 0x300 and one at 0x240 and what lines they would have in
their /etc/conf.modules file:

        alias eth0 ne
        alias eth1 ne
        options ne io=0x240,0x300

That's a pretty minor edit and easy to do.

What error error are you getting on boot? It might be something that's easy to fix and faster than re-installing.

Probably, but I must go back to the office tomorrow to check it out.  But for grins, tell me how to edit /etc/conf.modules.  Everyone who knows unix seems to think that everyone should know.

This is the simplest way. Log in to system as root under KDE. Start an editor (TaskBar K->Applications->Text Editor) and then File-Open and navigate to the /etc dir. (Hint: the pull-down button in the upper right of the file browser can take you directly to the "Root Directory" and from there double click on the "etc" dir icon) Open the "conf.modules" files and add the aliases lines as needed.

Okay, that would be fine if we were running KDE. Lets also consider the case of needing to edit the file from a console screen, like when booted in single user mode. Obviously we can't use the same editor, no graphics. The simplest editor that can be found on any Unix system is "vi". There are a few strange things about vi, like it's a "mode" editor with and "insert mode" and a "movement & edit" mode. Let me list just a few required commands:

  i - go to insert mode where you can insert charaters.
esc - exits insert mode
  0 - (numeric 0) go to the beginning of the line.
  $ - go to the end of the line
  a - "append" used at the end of the line to append text, auto insert mode.
  o - open a new line below the cursor
  O - open a new line at the cursor
  x - delete one character under the cursor.
 dd - delete one line
 ZZ - save and exit
:q! - quit without saving.

Vi on Linux is friendler than some others in that the arrow keys work in and out of insert mode. We open the file (vi /etc/conf.modules) and since those alias lines can go anywhere in the file, we'll just put them at the top. Type O (thats O not zero) to open a line and enter insert mode, type in the text, then exit insert mode with <esc> key. It's likely there's already an alias line that needs to be deleted, move to that line and "dd". Save the file with "ZZ".

Does that help?

My friend:

Thanks for working with me.  Obviously you have earned these points, and ultimately will receive them.  I can only afford so much time per day to work on this.  For example, it was much easier to put up a Windows SE proxy server when the trial license for WinProxy ran out, than to finish the Linux box.  But let's move forward.  Being a heavy Windows re-installer, I gave up on the machine I was working on (sold it!!) and took a new MB and HD and two Katron 32P cards, one at a time, and installed Calder 2.3.  Everything went smoothly, found the video card, and the first NIC.  Then I added the second card, and using KDE, added a device, eth1.  The message was "modules updated (or something good)" and there they were.  Next, I'll add the TCP/IP settings of both the internal and the external, and I'll be ready for IP Masquerading.

I sincerely appreciate your helping me with the KDE interface, as I trust that it will allow ME to get this puppy up more quickly.  Editing . . . maybe later in my career.

More info:

Got the Linux box (haven't actually put it in a box yet) up on:  (1) the Windows98 SE ICS server on eth0.  The TCP/IP settings are OK using DHCP; and (2) on the DSL modem on eth1.  Now I need to know how to set up the internal network (eth0) so that I can see the Linux server.  The default settings are 192.168.0.0 -- changed it to .1 like the WinGate needs, but no luck.  Looks like I need the  proper settings, but do I need IPMasq?  Caldera 2.3 seems to say that IPMasq is there, but the settings (name, etc.) seem to be wrong.  We are almost there!!

Richard

Okay, so we're starting over with the new box. Let me recap what I believe the conf to be. The eth1 interface of Linux is connected to the cable modem and is comming up properly via DHCP. From Linux you can "reach out and touch" Internet servers and other resources. Correct?

The eth0 interface is configured with a static IP of 192.168.0.1, netmask 255.255.255.0.

Both interfaces are marked as "UP" and "RUNNING" in the output of "ifconfig -a" and there are no errors ,droppped, overruns, or frame or carrier counts shown for either interface.

The win client has an IP in the 192.168.0.0 network. 192.168.0.2, netmask 255.255.255.0 seems like a good choice. And it's gateway is 192.168.0.1.
If there is not a hub in between the win client and the Linux box you've used a cross-over cable.

If we got here okay, try a ping from Linux to 192.168.0.2. If you don't get a response, look at "ifconfig eth0" you should see an increase in the "Tx" count. If you don't see an increase in the Rx count there's probably a resource conflict (IRQ most likely). You can double check by going to the win client and trying to ping 192.168.0.1. Again look at "ifconfig eth0" and check the Rx count.

Okay I'll wait for you to digest and test this...

Thanks for your patience.  In response to yours of March 2nd, and incidentally, I am on the Linux box right now, yes, i am connected, eth1 having my DSL static ip address, and eth0 is as suggested.  ifconfig -a marked both UP and RUNNING with:

eth0's Rx noting 3308 erros, and frame 63.  Tx notes 45 errors.  Run again, and the error count slightly increases, but to 3491 and frame 75.

eth1 (the external) has Rx 988 erros, and Tx, 772errors and 46 dropped.

Ping 192.168.0.2 sucsessful, and the Rx error count increases to 3568, frame: 75.  Tx to 1044 with 46 dropped.  

I have added the lines, etc. as suggested in the Caldera HowTo document suggested above to install IPMasq, etc.

On the Win Client, I can ping 192.168.0.1 and the external IP address, but in  Network Neighborhood, I do not see the Linux box, and don't know how to configure its card yet.  Any ideas?

Thanks again.  Richard

And it is slow as Christmas.  Must have taken 3 minutes to submit the comment above.  And, unfortunately, I may have pinged the WinSE Proxy server still on the Novell network, but the external seems to be there.  

NEVER MIND!!!
The default setting for eth0 (internal) was 192.168.0.0, and changing it to .1 allowed me to connect the WinClient, using .9 or whatever, to connect to the internet. !  And it appears that the EE must be extremely busy now.  Can't get to it on the client at all.  

So I think it is a DONE DEAL

So, I'll awsard the points, but I would like your final comments, and partictularly, whether Power Quest's new Drive Image 3.01 really works to clone Linux drives.  I am encouraged that this is going to be easier than I thought.  Maybe a book on Linux . . .

It was slow because of the error counts, are they still there and increasing? If so we've still got a problem that needs fixing, but it shouldn't be to hard to find.

Geez, the error counts have multiplied by a factor of about 10.  But it now seems fast again.  I had to restart a few times because we need the SE proxy server for others on the network.  I've tried downloading some large files at the WinClient, and got good speeds, that is 90 kbps on Netscape 4.72.  I got the same speed downloading Adobe Acrobat 4.0 for Linux on the Linux box.  5 Mb file downloaded in less than a minute.  Now, it should be at /root/linux-ar-40.tar.gz  -- How do I install this puppy?

Let's take a look at it from the ground up. Linux doesn't like for the bios the futz with the cards (and NT doesn't either), so to start with make sure that PnP is turned off in the bios. Then what ethernet cards are in the machine now? Better yet what is the configuration of the machine, (sound card?, modem?, etc)?

Know that in spades -- no pnp in bios.  ethernet cards are Katron ET32 10 cards, and I know the difference between the internal and the external.
Hey, this is a proxy server, remember?  Maybe later on sound cards -- forget modems.  Now, I have the whole network (Novell & NT) up on the Linux proxy server -- no problems, but I installed Caldera 2.3 on an old machine (Pentium Pro 200) as a workstation, and

hit the wrong key.  Damn -- wonder which one?  The w/s is incredibly slow.  Maybe the same problem -- only 32 Mg of RAM -- but the hype on Linux is you don't need that much memory.  Bet you do.  comments?

I got distracted, but in answer to "have you looked at /proc/interrupts, and /pci," I have found the files, but don't know how to view the files!!

And by the way, jlevie, would you look back at my other posting(s) on the installation of Acrobat.  I think I remember your comments, but they seem to have gone away.

Anyway, thanks again.

Richard

Sorry, I've had so much experience working with command line interfaces (there didn't used to be anything else) that I tend to forget that a lot of folks now got their first exposure to computers on all GUI boxes, like windows.

To look at the files, get a terminal window open and type "more /proc/pci". The man page for more (man more) will tell you about it, but basically it presents a screens worth of a file and allows you to move forward and backward through the file.

I think this is the Acrobat question you are looking for: https://www.experts-exchange.com/jsp/qShow.jsp?ta=linuxsetup&qid=10309404 . You probably ought to ask to have the duplicate of it deleted:
https://www.experts-exchange.com/jsp/qShow.jsp?ta=linuxsetup&qid=10309408 . If you go to the "Help Desk", under "Member Questions" there's a link to "How do I Delete A Question".