[plug] Req hints on a masq/proxy box

[The Thought Assassin]

> Does anyone have any hints and tips on setting up a masq. box (with a 
> proxy server if possible) or is this a case of following the HOWTO docs?
The HOWTOs are pretty good, but not so easy when you first read them.
A proxy is just about the easiest thing you could install. Basically, you
dpkg -i squid.deb and you will have a fully functional proxy on port 3128.

Masquerading is not a great deal harder. On a 2.0 kernel with masq built
in, and ipfwadm installed. (ipfwadm.deb :)
ipfwadm -F -a accept -m -S 192.168.1.0/255.255.255.0
(IP FireWalling ADMinistration, -F orwarding rules, -a ppend a rule: "accept,
for forwarding, but -m asquerade packets with a -S ource address of 192.168.1.0
/255.255.255.0")
will be enough to masquerade that subnet.
Some protocols will need:
insmod /lib/modules/<ker-ver>/ipv4/ip_masq_<protocol>.o
to work properly, notably ftp and irc. You might as well just do:
insmod /lib/modules/<ker-ver>/ipv4/ip_masq_*.o


> Or should I save this for the 24th (UWA plug session) so that everyone can 
> dive in and help config this box?
I think the best would be to get the basic functionality happening, then come
and tune it at UWA. What I've written above is enough for them both to work,
but there are a few other considerations, such as making squid only allow
requests from the LAN, and telling it not to eat all of your RAM, and maybe
some tweaking of your firewall/masquerade policies.


> Target machine:
> 486DX-33, 8Mb ram, HDD 230MB + 1GB, NE2000 + 3C509, Debian 2.0
Be warned that giant squids feed on vast quantities of RAM. You can run a
squid in 8M, but only with 100M or so of cache. If this is intended to only
do proxy & masq, You probably want to either buy more RAM, or take out the 1G
drive and give it to me :)

-Greg