[plug] Proxy serving, and dial-on-demand

Tue Oct 20 09:18:34 WST 1998

On Thu, 1 Oct 1998, John Breen wrote:
> What I need to do is set up equivalent functionality to WinGate under 
> Redhat.  That is, I need:
> * Dial on demand to the ISP, preferably with scripted login
The pppd program does both of these, though in some situations, one might
use "diald" for a particular feature. Configuring it to do so is not that
easy the first time, but there's a whole lot of help around, both in
HOWTOs and on the net. (like this list)
In general, what's in the HOWTOs and other doco will be the common
denominator that should work on any system. However, the "Right Way" to
set it up is very distribution specific, so I'd better let a Redhat user
give you firmer help.

> * Caching nameserver which will lookup on the ISP DNS if it hasn't got a 
>   name
The "bind" package. Should work straight out of the box.

> * HTTP Proxy
The "squid" package. Again, should work straight off, but you will want to
tweak it for security and for desired memory/disk usage. You probably want
to see if it works straight off, then ask for help when you've done
what you can.

> * FTP Proxy
Squid does this also, but an FTP proxy is not often useful on a small
LAN. If you use IP masquerading and the "ip_masq_ftp.o" module, clients
can do a normal (non-proxied) FTP.

> * NNTP Proxy
Are you sure you want to proxy NNTP? It is very rare to need the same news
article twice, so you are almost certainly better off using
IP-masquerading to let the client machine connect to your ISP's NNTP
server directly. 

> * SMTP Proxy
AFAIK, there is no such thing. To access your ISP's SMTP server, again,
use masquerading. If you have a static IP address, you can set up an mail
server on your own machine, and have as many *@yourdomain.com.au as will
suit you, but not all ISP will give static IPs, and (most) domain names
cost.

> * POP3 Proxy
I have grave doubts that this would exist either... once again,
masquerading is almost certainly the way.

OK, so it seems like masquerading is definitely on the cards somewhere :)
So now I'd like to give you a nice long lesson on masquerading, and some
example scripts to set your network up.........
Unfortunately, there are two very different schemes for masquerading in
use in current kernels, so the information you need is almost completely
dependent on your kernel version (as in, 2.0.35 or 2.1.125)

cat /proc/version

should tell you your kernel version. Of course, you will need to have a
kernel with masquerading ability built into it, which might mean building
a new kernel anyway if yours doesn't have support.

> These are at a minimum.  I'd also like to set up a firewall.  

Firewalling is actually very closely related to masquerading, so you will
be covering most of the info on how to set up a firewall when you read up
on masquerading. Deciding what you want your firewall to accept and reject
is up to you, but you'll probably find at least 300 different versions of
the "perfect firewall" out there for you to steal from, and many list
members will also have (wildly conflicting :) particular views and
recommendations on what is best.
In short, look up "bind", "squid", and "masquerading" to get a grounding,
then ask around for specifics once you've started to implement them, or
when the doco trail runs out.
HTH,

-Greg Mildenhall