[plug] Proxy serving, and dial-on-demand

John Summerfield summer at os2.ami.com.au
Thu Oct 22 07:06:14 WST 1998 

On Thu, 1 Oct 1998, John Breen wrote:

Here's my five bobs' worth:

> I am in the process of setting up a linux box on my LAN at home.  Until 
> recently, I have been running WinGate as a proxy to the ISP for my wife's 
> and my internet accounts.  However, I want to move everything over to the 
> linux box.
> 
> What I need to do is set up equivalent functionality to WinGate under 
> Redhat.  That is, I need:
> 
> * Dial on demand to the ISP, preferably with scripted login

recent versions of pppd do dial on demand though I've never thought DD a
good idea so haven't explored that.

> * Caching nameserver which will lookup on the ISP DNS if it hasn't got a 
>   name

I use the full BIND installation. Not that all versions prior 8 have a bug
tyhat allows root access to one's box. Luckily 8.xx can be had as an rpm
(for redhat users) from sunsite.unc.edu ad its better mirrors. Qite likely
RedHat and mirrors too - check iinet.


> * HTTP Proxy

I use squid: it proxies and caches.

> * FTP Proxy
Squid does ftp too.

> * NNTP Proxy

I set up my own news service & run suck at my IAP's site to get the news.
> * SMTP Proxy

sendmail does this. Get the latest though (8.9.x).

> * POP3 Proxy
I use fetchmail to get the mail and feed it into my local mail service run
with cucipop: it was good enough for iiNet when I was their customer so
it's good enough here.

One reason to use home mail and news services is that I don't have to sit
around waiting for news and mail: it's here and ready when I want it. A
second id that it allows me to do most of myy internetting at low-demand
times so don't prevent others from using my IAP's service or (at other
places) get kicked by Killer D.


> 
> These are at a minimum.  I'd also like to set up a firewall.  They're not 
> in any order of preference or anything.  I'm pretty sure the first two 
> then the last 3 are most important.

ipmasq, as mentioned by others, does this. I als use Linux firewall to
block sources of www spam (ads inserted in web pages): i run these commands
every time I connect:
ipfwadm -F -a m -S 192.168.0.0/16
ipfwadm -O -a deny -P tcp -D www.burstnet.com 80
ipfwadm -O -a deny -P tcp -D ads.zdnet.com 80
ipfwadm -O -a deny -P tcp -D ads1.zdnet.com 80
ipfwadm -O -a deny -P tcp -D ads2.zdnet.com 80
ipfwadm -O -a deny -P tcp -D ad.preferences.com 80
ipfwadm -O -a deny -P tcp -D ad.doubleclick.net 80
ipfwadm -O -a deny -P tcp -D webads.fairfax.com.au 80
ipfwadm -O -a deny -P tcp -D ngserve.pcworld.com 80
ipfwadm -O -a deny -P tcp -D ads01.focalink.com 80
ipfwadm -O -a deny -P tcp -D ads-uswest.focalink.com 80
ipfwadm -O -a deny -P tcp -D ads02.focalink.com 80


Any suggested additions are welcome!!


Cheers
John Summerfield
http://os2.ami.com.au/os2/ for OS/2 support.
Configuration, networking, combined IBM ftpsites index.

More information about the plug mailing list