I'm setting up a box in my LAN to act as a transparent Squid proxy
server with squidGuard to filter out porn and other things that the kids
might stumble into.
The box will sit between the router and the clients - like this:
World
|
|
Router w/ builtin FW (local assigned ip 192.168.10.254)
| (gets ISP DHCP ip for WAN and does NAT)
|
|
new proxy server (called sumida - has 2 NICs)
|
/\
clients on a hub
With that background, are these /etc/network/interfaces entries correct
for the proxy server I call 'sumida'?
-------------------------
sumida:/etc/network# more interfaces
auto lo
iface lo inet loopback
# interface to world (cable goes nic to router)
auto eth0
iface eth0 inet static
address 192.168.10.150
netmask 255.255.255.0
network 192.168.10.0
broadcast 192.168.10.255
gateway 192.168.10.254
# interface to LAN (cable goes nic to hub)
auto eth1
iface eth1 inet static
address 10.0.0.254
netmask 255.0.0.0
network 10.0.0.0
broadcast 10.0.0.255
__________________________
It seems conceptually correct to me, yet I continue to wonder whether
eth1 needs a gateway entry. I guess not though, because when I try to
add one, it doesn't take.
In addition to these entries, I've changed /etc/network/options
ip_forward=yes, and manually executed "echo 1 >
/proc/sys/net/ipv4/ip_forward". I haven't done anything with iptables
yet as it's my understanding that with these settings it should forward.
Problem is though, it doesn't forward. From a client I am able to ping
10.0.0.254 but I am not able to ping an outside, internet address.
What am I missing? I'm quite prepared to say "duh". Thanks, Kevin
--
Kevin Coyner
mailto: kevin@rustybear.com
GnuPG key: 1024D/8CE11941
Attachment:
pgpteekS_6wAh.pgp
Description: PGP signature