[techtalk] Netstat weirdness

Malcolm Tredinnick malcolm at commsecure.com.au
Thu Aug 17 20:41:00 EST 2000


On Thu, Aug 17, 2000 at 08:49:57AM +0100, Conor Daly wrote:
> Question for you...
> 
> I'm using an old 486 as internet gateway / router / firewall.  I'm
> using a P200 as server / DNS / squid proxy (Well, I will be once I get
> around to configuring squid).  I want to set things up so that clients
> need one IP address only for gateway, DNS, proxy etc.  How do I set up
> the routing?

[...snip...]

> If I point a client to the server as it's gateway, nothing gets routed
> out through the gateway.  Only if I give the actual gateway machine as
> gateway does the routing happen but I want to use the squid proxy
> transparently and supply only one IP address to be used for gateway /
> dns .  
> 
> Is it simply a matter of using ipchains to set up forwarding from the
> server to the gateway (which, itself, uses ipchains for the firewall /
> Ip masq)?

It's even easier than that: you just need to tell the kernel to allow
forwarded packets. If you are using a recent RedHat system (I think it
needs to be 6.2 or later), then edit /etc/sysctl.conf and change the
line that say net.ipv4.ip_forward=0 to be net.ipv4.ip_forward=1.

On other distributions, there may be a similar method, but the general
solution is just to do:

	echo 1 > /proc/sys/net/ipv4/ip_forward

This simply tells the kernel that it is allowed to forward packets (you
would have had to turn this on for your firewall box, but it may have
been done magically for you by whatever you used to set up the
firewall).

Cheers,
Malcolm

-- 
Malcolm Tredinnick            email: malcolm at commsecure.com.au
CommSecure Pty Ltd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://linuxchix.org/pipermail/techtalk/attachments/20000817/25c31103/attachment.pgp


More information about the Techtalk mailing list