I am fairly new to Linux and I am interested in setting up Linux to work as a proxy server. If anyone has interesting information, tips, or even an established procedure for doing this, please let me know. It would be greatly appreaciated.

Setting up Linux to act as a proxy server is pretty easy.

First you have to recompile your kernel with IP masquerading enabled. You also must enable "transparent proxy".

Once you've rebuilt and installed the new kernel(including the modules) to enable proxying you need to run ipfwadm
The following commands should enable it(you might want to place them in /etc/rc.d/rc.local or something)

/sbin/ipfwadm -F -p deny

/sbin/ipfwadm -F -a accept -m -S 192.168.1.0/24 -D 0.0.0.0/0.0.0.0


where 192.168.1.0 is the network number for your LAN.

ssinger is quite right to mention ipfwadm, it
is excellent for proxies under 2.0.x series
kernels.
There are detailed instructions on using ipfwadm as a proxy in the Firewall HOWTO which you will find in any 'HOWTO' documentation package bundle.

For the newer kernels there is a new firewalling / proxying package called
ipchains. See http://www.rustcorp.com/linux/ipchains for more details including the new and excellent ipchains howto which I cannot recommend enough.

vorsprung,
FYI: should be [B] with the "B"s being lowercase. Not trying to be anal or anything. http://www.linuxplanet.com/discussion/smile.gif

Be sure when you set up to have a good firewall or such....my son and I were rooted ( hacked ) twice in one week and are now using secure shell and haven't had a problem since.....stay close to Eccentric , he's big time help in LINUX....just don't say "hacked" around him...it's "rooted" in the Linux world... : )

was working on a computer today that had ip masquerading set up. the client was complaining that the modem wasn't timing out like intended and automatically disconnecting - it just stayed online. So I take a look around and sure enough there seems to be somebody on the network dropping a few packets that are sent out to the net. netstat -M mentioned something about the ISP's nameserver being contacted on the netbios port so it seems that one or more of the windows machines are broadcasting netbios packets which are being sent out to the net... Windows! *rolls eyes*. I left it with them, they're going to deinstall netbios or something, talk it over with the guy who's doing the NT server in their office.

I don't know why they needed ip masquerading, if it was me I would have just installed a HTTP proxy and been done with it, that would be more secure too :P

Geoff

If you don't want the netbios packets to go out to be passed through the masquarding host you could try setting up a rule to deny forwarding of packets on the netbios port.

If it's the DNS lookups that are causing your problem a caching name server might help. That way lookups for hostnames in select domains could be handelled at the linux box and not forwarded to your ISP's nameserver.

yeah i was thinking about the nameserver option...

and i promised these people to fix it tomorrow morning. am I out of my mind or something? I still have nfi what the problem is. oh well.

I have very little Linux experience but I have more questions about linux proxies.

Which is the best one to use? I've heard about DeleGate, secure shell, and seeing as how I just bought redhat I thought there might be a package that I could install to enable the proxy service but I can't find it(if it exits).

What is IP masquerading?