"Ashley T. Howes" wrote:
I was wondering if someone could point me in the right direction.
We currently have a network of several computers setup with a router for internet access. Each machine is setup with an internal IP address (in the 192.168. range), with each machine pointing to the router as the gateway.
I now want to route all internet access through a Linux box (so the IP address of the Linux box becomes the gateway for other machines). The Linux box will forward the TCP/IP packets to the router if, and only if, the IP address of the source machine is within an 'allowed' list. If the machine's IP address is not within the allowed list, the request for internet access is disallowed. Any returned internet traffic will pass transparently through the Linux box and back to the requesting machine.
In a way I guess this is an internal firewall, or a proxy (although my experience in this field is limited, so the application of these words may be incorrect)?
yep, we have done this several times before, you need to look the ipchains (2.2) or iptables (2.4) packages and IP masquarading in the kernel, this will do exactly what you want...
What tools are available for me to implement this in Linux? I guess the Linux box will need 2 ethernet cards, one for incoming traffic (from internal machines) and one for outgoing (to the router). Where is the best place to look for configuring Linux to do this?
see the IP masquerading howto, you don't need two ethernet cards though, it can be done with a single card/interface, I have it here at home with 4 machines on ethernet running to a gateway with a modem hanging off it..
Finally, it would be really cool if I would log the amount of access from each internal machine (in Mb of traffic transferred).
see the mrtg pacakge on freshmeat...
Sz