RobMeerman.co.uk

User Tools

Site Tools

You are here: RobMeerman.co.uk » Unixy Stuff » Linux Gateway
Trace:
unix:gateway

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
unix:gateway [2010/10/24 00:22]
robm Updated for 1x NIC gateway PCs 		unix:gateway [2013/10/13 12:32]
robm [IP Forwarding and NAT]
Line 32: Line 32:
  lan -> switch  lan -> switch
  switch -> gateway:eth0:w  switch -> gateway:eth0:w
- gateway:eth0:e -> switch 
 } }
  
Line 40: Line 39:
 ^ Device ^ Notes ^ ^ Device ^ Notes ^
 | modem | ADSL modem with 1x phone line socket and 1x ethernet socket. Tends to get clogged for some reason (high latency, but connection stays up) | | modem | ADSL modem with 1x phone line socket and 1x ethernet socket. Tends to get clogged for some reason (high latency, but connection stays up) |
-| gateway | Fast desktop PC with two network adaptorsloads of RAM and nothing much to do |+| gateway | Linux host with *one* network adaptor, and nothing much to do |
 | LAN | 4 or so PCs, Wii, Xbox, couple of Nintendo DS consoles, etc | | LAN | 4 or so PCs, Wii, Xbox, couple of Nintendo DS consoles, etc |
  
Line 228: Line 227:
  
 <code> <code>
-echo 0 /proc/sys/net/ipv4/conf/all/accept_redirects +echo 0 | sudo tee /proc/sys/net/ipv4/conf/*/accept_redirects 
-echo 0 /proc/sys/net/ipv4/conf/all/send_redirects+echo 0 | sudo tee /proc/sys/net/ipv4/conf/*/send_redirects
 </code> </code>
  
-Or permanently by adding the following to ''/etc/sysctl.conf'':+**Update 2013-10:** This guide used to update ''/proc/sys/net/ipv4/conf/all/accept_redirects'', but now uses ''*'' in place of ''all''. That was bad as the ''all'' configuration merely sets the default, but won't alter any existing interfaces. Thanks to [[http://unix.stackexchange.com/a/58081/22537|unix.stackexchange.com]] for this tip. 
 + 
 +Or permanently by adding the following to ''/etc/sysctl.conf''. Again, be on the safe side and explicitly name your interfaces: 
 <code> <code>
 net/ipv4/conf/all/accept_redirects = 0 net/ipv4/conf/all/accept_redirects = 0
 net/ipv4/conf/all/send_redirects = 0 net/ipv4/conf/all/send_redirects = 0
 +net/ipv4/conf/eth0/accept_redirects = 0
 +net/ipv4/conf/eth0/send_redirects = 0
 </code> </code>
  
 See http://www.itsyourip.com/Security/how-to-disable-icmp-redirects-in-linux-for-security-redhatdebianubuntususe-tested/ See http://www.itsyourip.com/Security/how-to-disable-icmp-redirects-in-linux-for-security-redhatdebianubuntususe-tested/
- 
 ==== DNS Service ==== ==== DNS Service ====
 <code>sudo aptitude install bind9</code> <code>sudo aptitude install bind9</code>
Line 465: Line 468:
     flowid :1     flowid :1
 </code> </code>
 +
 +==== Transparent Web Proxy ====
 +
 +<code>sudo aptitude install squid</code> to install Squid v2.7.
 +
 +Then edit ''/etc/squid/squid.conf'' so that
 +  - the ''http_port'' tag is set to ''http_port 3128 transparent''
 +  - the ''http_access allow localnet'' is uncommented
 +
 +Restart Squid (''sudo service squid restart'') and then foribly redirect web traffic to the proxy:
 +
 +<code>iptables -t nat -A PREROUTING ! -d 192.168.0.0/16 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128</code>
  
 ===== The 1 NIC problem ===== ===== The 1 NIC problem =====
unix/gateway.txt · Last modified: 2018/10/04 14:37 by robm

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki