[plug] squid + ssh & mail [network newbie]

proXy davyd at iprimus.com.au
Sun Oct 13 17:08:16 WST 2002


On Tue, 2002-10-08 at 18:49, sol wrote:
> Aahh... And here I was thinking that squid did all proxying. Guess it's 
> time to visit linuxdoc.org to find out about masquerading.

Everything you wanted to know about masquarading...
in /etc/network/options:
ip_forward=yes

then cycle the interfaces `ifdown -a && ifup -a` to make everything
clean.

now, get some IP tables (these are only for masqing):
where $ex is the external address, and $in is the internal address

cat << EOF > iptables-restore
*nat
:PREROUTING ACCEPT
:POSTROUTING ACCEPT
:OUTPUT ACCEPT
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
:INPUT ACCEPT
:FORWARD DROP
:OUTPUT ACCEPT
-A FORWARD -i $ex -o $in -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i $in -o $ex -j ACCEPT
-A FORWARD -j LOG
COMMIT
EOF

save these with `/etc/init.d/iptables save active` then you will be able
to load them by starting the iptables service.

Once you have that you should have masquading, consider adding some
input rules also, lest something bad happen.
--X

Ps. I'm assuming Debian, tell us if I should have given instructions for
something else ;)

-- 
http://davyd.ucc.asn.au/
linux.conf.au Perth 2003 <http://www.linux.conf.au>

PGP Fingerprint <http://davyd.ucc.asn.au/pgp>
08B0 341A 0B9B 08BB 2118  C060 2EDD BB4F 5191 6CDA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20021013/38616f46/attachment.pgp>


More information about the plug mailing list