Proxy help w/Linux and one or two NIC cards?

My network setup at home consists of a Linksys broadband gateway/router
connected to Comcast and several machines branching off of it. I have
Debian Woody installed on one box, and port forwarding enabled on the
Linksys to point to the Debian box to reflect the open incoming proxy
port.

Now, I have never set up a proxy, but I know it should not be that
difficult. I thought I might be able to get away with one NIC. Since I
seem to keep missing something in Squid, and I've bookmarked some good web
sites describing Squid's options in detail, also found the firewall-howto
which has indicated (reminded me) of the possible need for two NICs, so I
scrounged and installed a second NIC.

If someone already has Squid, or any other proxy server running on a
Linux [Debian] box, please email me the config so I can at least learn
from it. Also please educate if I still need two NICs, unless the config
shows.

My internal addressing is static 192.168 for all machines, which include
the two NICs in the proxy box.

Thanks for any help, and the hand-holding. I'm eager to learn.

Scott

On 02 Jan 2005 13:41:30 GMT, (E-Mail Removed) (Scott Ehrlich) wrote:

>
>My network setup at home consists of a Linksys broadband gateway/router
>connected to Comcast and several machines branching off of it. I have
>Debian Woody installed on one box, and port forwarding enabled on the
>Linksys to point to the Debian box to reflect the open incoming proxy
>port.
Normally the idea of a proxy (and also firewall) is to physically
disconnect the LAN from the internet unless you do not just want
accelerator mode of your proxy. The topology of your net is not quite
clear to me. Perhaps you can also setup your Linksys just to talk to
your Woody and none else but I feel uneasy thinking about it.

>Now, I have never set up a proxy, but I know it should not be that
>difficult. I thought I might be able to get away with one NIC. Since I
>seem to keep missing something in Squid, and I've bookmarked some good web
>sites describing Squid's options in detail, also found the firewall-howto
>which has indicated (reminded me) of the possible need for two NICs, so I
>scrounged and installed a second NIC.
If your woody box should act as a firewall/proxy which is the better
idea, then you should use two NICs. One connects to Linksys and the
other connects via an internal switch to your local machines. Set the
IP-address to say 192.168.0.2/24 for external and 192.168.1.1/24 for
internal and setup the routing table accordingly.
By all this your LAN cannot see the router and *must* go via your
woody. You can then use iptables to block all traffic but DNS and the
proxy port and do not forwarding at all except via your BIND or
dnsmasq and your proxy.
Always think about which service should be offered where. Example:
The proxy port 3128 must be opened towards the LAN to the external.
DNS port 53 too and so on.
But if you want to use ssh via dyndns from external then open port 22
towards the INET.

>If someone already has Squid, or any other proxy server running on a
>Linux [Debian] box, please email me the config so I can at least learn
>from it. Also please educate if I still need two NICs, unless the config
>shows.
Take the squid.conf example, disable all peer parameters (you have
none), then you can set disk and memory space options and thats it.
Squid.conf is *very* well documented. It really runs out of the box if
you can access internet from your woody already. Remember: What you
cannot do from woody you cannot do from internet. So set your router
frowards etc correctly.

HTH,

Tobias