I am just new in the networking world and I am learning to administer a Linux network. I wanted to offer everyone in my office access to the internet with one telephone connection. I don't know anything at all about proxy servers, but I've been told I need one. I don't know which one to use...can you help? I only have 5 computers in my office. Unless you can think of another idea.

ip masquerading basically makes every computer directly connected to the internet. That's a good analogy to use to describe the level of security if you "just" set up ip masquerading. a HTTP proxy would be more secure, I'm not sure how hard it is to set them up.

Geoff

SnowFox,

IP Masquarading is also known as a "Transparent Proxy", or out in the rest of the Unix world as NAT (Network Address Translation). The first description is what it functions as, second is how it accomplishes it.

The main advantage of a transparent proxy (like IP Masquerading) is that none of the machines behind it have to know that they're being proxied. It works not only for the web, but for all outgoing TCP services eg, ssh, telnet, irc (although an insmod is required for CTCPs and such).

On the other hand, if you just want to do web proxying, and possibly caching, you can have a look at apache's mod_proxy, or squid.

A third option is socks (www.socks.nec.com if it's not included in your distro).. Socks is, in a sense, a compromise between the first two - it can be used for connection-based TCP services, but it does have a proxy daemon that runs on the gateway host.

For socks or a web proxy, you need to configure your web browsers to use the proxy. Some programs can include socks support (for instance, ssh can be compiled to use socks), and socks supplies a wrapper called 'runsocks' for those that don't.

Which one would you recommend for what I am trying to accomplish? Security is an issue. How unsecure is ip masquerading? What's the process to set that up?

I wouldn't consider IP Masquerading inherently less secure than a web proxy. The risks involved are essentially the same - misconfiguring so as to allow people from outside your LAN to use them as if they were on your LAN.

As for recommendations, you can't really get much easier than ip masquerading. Once you've compiled a kernel for it, there are 2 commands that you need to type in (and once tested, put in your init scripts) to make it work for your local network. A nice thing about all of this is you can use all of them together if you want, and switch between any of them at will without shelling out a dime for software. http://discussions.linuxplanet.com//wink.gif

[This message has been edited by ninjaz (edited 05-27-99).]

Thanks Geoff and ninjaz!! Do you have any place you would recommend where I could go to find out how to set this up?

I'd suggest the IP Masquerade mini HOWTO at http://MetaLab.unc.edu/LDP/HOWTO/mini/

when you share a connection, (or even alone),
it's very handy/fast to have a caching proxy running:

http://squid.nlanr.net

also very handy to filter out doubleclick and other spam