Paul Tansom Paul@whaletales.co.uk writes:
[...]
Haven't checked the ALUG site for connection details yet, but I have one available volunteer so far, and if I can get my home machine configured in time, and juggle the necessary time in I may be able to join myself. So fingers crossed we should be able to talk techie with you :-)
Ugh, I've just had a bad attack of Real Life(tm) and I'm not confident that this will be a success if we do it now, because I haven't promoted this through the channels that I wanted to. All my ALUG time is currently being taken up with trying to straighten out the blasted website (Martyn, where are you?).
If we could postpone it to the second Monday in January (the 8th), then I'll try to get the word out properly. The bot for placing questions by those who can't guarantee a presence should be available from some time on the afternoon of Friday the 5th. I'll be backing up the questions at regular intervals just in case UEA drops off the net.
Of course, you (like all ALUG members) are more than welcome to join in the usual chat on Monday evening at 2000 on eu.openprojects.net #alug. It would be lovely to meet some more of the newbies and have a big attendance for what will probably be the last opportunity before Christmas.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
In article 873dfpljpj.fsf_-_@cloaked.freeserve.co.uk, MJ Ray markj@cloaked.freeserve.co.uk writes
Paul Tansom Paul@whaletales.co.uk writes:
[...]
Haven't checked the ALUG site for connection details yet, but I have one available volunteer so far, and if I can get my home machine configured in time, and juggle the necessary time in I may be able to join myself. So fingers crossed we should be able to talk techie with you :-)
Ugh, I've just had a bad attack of Real Life(tm) and I'm not confident that this will be a success if we do it now, because I haven't promoted this through the channels that I wanted to. All my ALUG time is currently being taken up with trying to straighten out the blasted website (Martyn, where are you?).
If we could postpone it to the second Monday in January (the 8th), then I'll try to get the word out properly. The bot for placing questions by those who can't guarantee a presence should be available from some time on the afternoon of Friday the 5th. I'll be backing up the questions at regular intervals just in case UEA drops off the net.
Of course, you (like all ALUG members) are more than welcome to join in the usual chat on Monday evening at 2000 on eu.openprojects.net #alug. It would be lovely to meet some more of the newbies and have a big attendance for what will probably be the last opportunity before Christmas.
No problems, I should even be able to chat from Linux by then! I have just downloaded a Windows client specially =:o I'll see if I can get a stronger contingent of people available, and may even have my own box working and be able to speak from experience :-) Only trouble is I may have to do the Christmas shopping now :-(
Paul Tansom: Talking to penguins can be inTUXicating, whereas talking to windows is only 1 step away from talking to the wall! - --- Smoothwall project home page: http://www.smoothwall.org/ Smoothwall project community contact: community@smoothwall.org
I was wondering if someone could point me in the right direction.
We currently have a network of several computers setup with a router for internet access. Each machine is setup with an internal IP address (in the 192.168. range), with each machine pointing to the router as the gateway.
I now want to route all internet access through a Linux box (so the IP address of the Linux box becomes the gateway for other machines). The Linux box will forward the TCP/IP packets to the router if, and only if, the IP address of the source machine is within an 'allowed' list. If the machine's IP address is not within the allowed list, the request for internet access is disallowed. Any returned internet traffic will pass transparently through the Linux box and back to the requesting machine.
In a way I guess this is an internal firewall, or a proxy (although my experience in this field is limited, so the application of these words may be incorrect)?
What tools are available for me to implement this in Linux? I guess the Linux box will need 2 ethernet cards, one for incoming traffic (from internal machines) and one for outgoing (to the router). Where is the best place to look for configuring Linux to do this?
Finally, it would be really cool if I would log the amount of access from each internal machine (in Mb of traffic transferred).
Thanks for your help,
Ashley
Dr. Ashley T. Howes PhD Web Developer Email: ashley@blueskyresearch.net Web: http://www.ashleyhowes.com
"Once you have flown, you will walk the earth with your eyes turned skyward, for there you have been, and there you long to return"
"Ashley T. Howes" wrote:
I was wondering if someone could point me in the right direction.
We currently have a network of several computers setup with a router for internet access. Each machine is setup with an internal IP address (in the 192.168. range), with each machine pointing to the router as the gateway.
I now want to route all internet access through a Linux box (so the IP address of the Linux box becomes the gateway for other machines). The Linux box will forward the TCP/IP packets to the router if, and only if, the IP address of the source machine is within an 'allowed' list. If the machine's IP address is not within the allowed list, the request for internet access is disallowed. Any returned internet traffic will pass transparently through the Linux box and back to the requesting machine.
In a way I guess this is an internal firewall, or a proxy (although my experience in this field is limited, so the application of these words may be incorrect)?
yep, we have done this several times before, you need to look the ipchains (2.2) or iptables (2.4) packages and IP masquarading in the kernel, this will do exactly what you want...
What tools are available for me to implement this in Linux? I guess the Linux box will need 2 ethernet cards, one for incoming traffic (from internal machines) and one for outgoing (to the router). Where is the best place to look for configuring Linux to do this?
see the IP masquerading howto, you don't need two ethernet cards though, it can be done with a single card/interface, I have it here at home with 4 machines on ethernet running to a gateway with a modem hanging off it..
Finally, it would be really cool if I would log the amount of access from each internal machine (in Mb of traffic transferred).
see the mrtg pacakge on freshmeat...
Sz
"Ashley T. Howes" wrote: <snip>
What tools are available for me to implement this in Linux? I guess the Linux box will need 2 ethernet cards, one for incoming traffic (from internal machines) and one for outgoing (to the router). Where is the best place to look for configuring Linux to do this?
IPchains under kernel 2.2 or IPTables under 2.4, what you want to do is masquerade connections through the firewall so they appear to be coming from the gateway onto the internet, you then want to configure the firewalling rules to only forward packets based on IP address and of course secure your network from traffic coming from the other direction.
The tools to do this are included with most (all?) distros you will want to read the IP Masquerade How-to the IP-Chains How-to the O'reilly book building internet firewalls may help give more background if you get really stuck.
There is also a tool that you can get from www.pmfirewall.com called pointman firewall that sets up things for you automagically but it got things wrong in my case and I had to do some tinkering but may be helpful for looking at the output to get an idea of what your trying to do.
Finally, it would be really cool if I would log the amount of access from each internal machine (in Mb of traffic transferred).
As Neill says MRTG let you know bandwidth usage, but you will need to get some SNMP tools and I'm not sure if it will be able to extract the relevant information based on IP address as you require though.
Adam
-
Adam Bower -
Ashley T. Howes -
MJ Ray -
Neill Newman -
Paul Tansom