Trish's Escape from Hardware Hell


Upgrade your RAM with the Memory Selector
Select your system and press go!     

 

Setup Masquerading for Linux Security 

This has relevance when you want to hide several computers behind one IP address so they can all access the Internet, both for convenience and security. The machine that does this can be configured as a simple packet filter, which rewrites packets coming from the original machine on the network so they look like they come from the Linux box (the reverse happens when the packets come back) or a masquerading firewall, or Proxy Server) which is much more secure and provides more facilities.

The former works just at the IP level, while the latter works at the TCP level or higher, and therefore understands protocols, hence the better security, as it tends to
use a completely separate connection for both ends, fooling the machines concerned into thinking they are actually talking to the right machines. As there is no direct connection between the two networks, more powerful machinery is required to keep things going, and you need two IP numbers for the router (i.e. ipchains) to play with.

You don't need a powerful machine for packet filtering - a 486 will do, up to about 10 machines. It needs a network card, naturally, as do all the other machines in the network, but you knew that already. At this stage, the Linux box should be talking to the Internet correctly, and each machine should be pingable from each other, that is, the network should be fully working. Here is a full list of the private IP number ranges:

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

The Linux box will therefore sit at 10.0.0.254 if you take the first one on the list.

Stuff like X isn't needed for this, so you can also use a relatively small hard drive. When installing, make sure you select the following:

pppd (dial-up Internet access)
diald (dial-on-demand)
apache/httpd (Web server)
squid (cacheing proxy server)
sendmail (message transfer agent)
fetchmail (POP3 mail retrieval)
ipop3d (POP3 server)
imapd (IMAP4 server)
samba (Windows networking - see below)
webmin (remote administration)
bind (name server)

You will notice that many of these include the letter d at the end, which means they are daemons and therefore lurk around in memory while the machine is on.


This is an article from  Phil Croucher, author of  Communications and Networks. Phil has a way of explaining in "plain" English. The information is well presented and is well above A+ standard.


"The BIOS Companion" Home Page

Weekly Tweaks Archive

Performance and Communication Articles

 

HOME APPLE / MACINTOSH ARTICLES BUILD / UPGRADE
CDROM / AUDIO COMPANY CONTACT CPU / CHIPSETS DOWNLOAD
DRIVERS DISCUSSION EXTRAS FULL INFO SITES
HARD DRIVES HELP FORUM JUMPER SETTINGS MEMORY
MISCELLANEOUS MODEMS / SERIAL PORTS MONITORS / GRAPHICS MOTHERBOARD / BIOS
NETWORK OPERATING SYSTEMS OPTIMIZE PORTABLES
PRINTERS / SCANNERS PS/2 - OS/2 PUBLICATIONS SCSI
WEEKLY TWEAKS ADD LINK AWARDS CONTACT
GUESTBOOK MISSING CHILDREN MY LINKS WEB DESIGN

Deleting Temporary Files Painlessly

SEARCH hardwarehell.com


    search tips

Search Help Forum

Updated 07/06/04

2004 Trish's Escape from Hardware Hell -- Privacy Statement
A NetSavy Site