Skip to main content


Showing posts from July, 2004

Masquerading y Squid

1) NAT (Masquerading)
You need NAT in order to use a single computer as a masquerading
gateway and share a single external connection to all the computers in
your lan. This method simply masks the IP packets coming from your lan
computers (while trying to communicate to the internet) as they where
generated by the gateway itself. This way simplyfies the sharing but
doesn't provide any kind of authentication and user control. With
Linux you use IPTABLES (and IPCHAINS if you have a <2.4 kernel).

2) HTTP/S Proxy
A proxy does something similar to NAT (as seen by the user), taking in
charge the job related to HTTP, HTTPS and FTP traffic (what your
browser do). It's totally different at a technical level because a
http proxy does not translate any packet at all, it simply receives
requests from the clients (the browsers of your lan), it requests then
the same resource from internet creating totally different kind of
packets, receives the answers from internet and sends properly

Habilitación de linux para internet gateway

Los siguientes comandos sirven para establecer un Linux box para servir de Internet Gateway

iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
wvdial New PPPDx

1) En la línea 5, el interface ppp0 se refiere al interface de salida (hacia Internet), en este caso es ppp0 porque está diseñado para un ISDN, si fuera ADSL habría que poner el eth1

2) En la línea 6 el eth0 se refiere al interface hacia la LAN.
3) La línea 7 es para habilitar el ip forwarding del Linux box