[ Brrrrmko @ 23.01.2007. 15:07 ] @
Pozdrav Ljudi!

Instalirao sam Debian woody 30r4 sa kernelom 2.2.20. Prema uputstvu http://www.aboutdebian.com/proxy2.htm odradio sam sve sto treba, ali ne radi ili nesto ne radim kako treba. U "masini" su dve ethernet kartice. Jedna za povezivanje na internet preko bezicnog providera, a druga za internu mrezu. Sve je lepo konfigurisano sto se tice mreznih karti. Pingovanje u internoj mrezi radi i internet na drugoj mreznoj kartici takodje radi, znaci da konfiguracija proxy-ja ne valja.


Evo skripte proxy.sh,a posle toga i ono sto mi izbacuje kad je pokrenem sa "/etc/init.d/proxy.sh":

#!/bin/sh

# IPCHAINS PROXY script for the Linux 2.2 kernel.
# This script is a derivitive of the script presented in
# the IP Masquerade HOWTO page at:
# www.tldp.org/HOWTO/IP-Masquera...tronger-firewall-examples.html
# It was simplified to coincide with the configuration of
# the sample system presented in the Guides section of
# www.aboutdebian.com
#
# PLEASE SET THE USER VARIABLES
# IN SECTIONS A AND B OR C

echo -e "\n\nSETTING UP IPCHAINS PROXY..."


# === SECTION A
# ----------- FOR EVERYONE


# SET THE _NETWORK_ ADDRESS OF YOUR INTERNAL NETWORK
# The default value below is for a 192.168.0.0 network.
# Note that the "/24" is a network mask of 255.255.255.0
# (meaning 24 bits - three octets - set to 1s). Similarly,
# a network mask of 255.255.0.0 would be "/16".
# Note that this is a NETWORK address - not the
# IP address of a specific device on the network.
# Enter the internal network's (or subnet's) network
# address for the INTLAN variable:

INTLAN="172.16.0.0/16"


# SET THE INTERFACE DESIGNATION FOR THE NIC CONNECTED TO YOUR INTERNAL NETWORK
# The default value below is for "eth0". This value
# could also be "eth1" if you have TWO NICs in your system.
# You can use the ifconfig command to list the interfaces
# on your system. The internal interface will likely have
# have an address that is in one of the private IP
address
# ranges.
# Note that this is an interface DESIGNATION - not
# the IP address of the interface.
# Enter the internal interface's designation for the
# INTIF variable:

INTIF="eth0"


# SET THE INTERFACE DESIGNATION FOR YOUR "EXTERNAL" (INTERNET) CONNECTION
# The default value below is "ppp0" which is appropriate
# for a MODEM connection.
# If you have two NICs in your system change this value
# to "eth0" or "eth1" (whichever is opposite of the value
# set for INTIF above).
# Note that this is an interface DESIGNATION - not
# the IP address of the interface.
# Enter the external interface's designation for the
# EXTIF variable:

EXTIF="eth1"



# ! ! ! ! ! Use ONLY Section B *OR* Section C depending on
# ! ! ! ! the type of Internet connection you have.



# === SECTION B
# ----------- FOR THOSE WITH STATIC PUBLIC IP ADDRESSES


# SET YOUR EXTERNAL IP ADDRESS
# If you specified a NIC (i.e. "eth0" or "eth1" for
# the external interface (EXTIF) variable above,
# AND if that external NIC is configured with a
# static, public IP address (assigned by your ISP),
# UNCOMMENT the following EXTIP line and enter the
# IP address for the EXTIP variable:
# EXTIP="your.static.IP.address"

# === SECTION C
# ---------- DIAL-UP MODEM, AND RESIDENTIAL CABLE-MODEM/DSL (Dynamic IP) USERS


# SET YOUR EXTERNAL INTERFACE FOR DYNAMIC IP ADDRESSING
# If you get your IP address dynamically from SLIP, PPP,
# BOOTP, or DHCP, UNCOMMENT the FOUR commands below.
# (No values have to be entered.)
# Note that if you are uncommenting these lines then
# the EXTIP line in Section B must be commented out.

echo " Enabling Dynamic IP Addressing..."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
/sbin/ipchains -A input -j ACCEPT -i $EXTIF -s 0/0 67 -d 0/0 68 -p udp
EXTIP="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"


# -------- No more variable setting beyond this point --------


echo " Loading required IPMASQ kernel modules..."

/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio

echo " Enabling IP forwarding..."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo " Enabling IP Defragmentation..."
echo "1" > /proc/sys/net/ipv4/ip_always_defrag

# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
# 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users)

echo " Setting default timers..."
/sbin/ipchains -M -S 7200 10 160

echo " Internal interface: $INTIF"
echo " Internal network IP address is: $INTLAN"
echo " External interface: $EXTIF"
echo " External interface IP address is: $EXTIP"


echo " Clearing any existing rules and setting default policy..."
/sbin/ipchains -P input ACCEPT
/sbin/ipchains -P output ACCEPT
/sbin/ipchains -P forward REJECT
/sbin/ipchains -F input
/sbin/ipchains -F output
/sbin/ipchains -F forward

echo " Enabling IPMASQ functionality on $EXTIF..."
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i $EXTIF -s $INTLAN -j MASQ

echo -e " Proxy server rule loading complete\n\n"


Kad pokrenem /etc/init.d/proxy.sh, izbacuje ovo:


SETING UP IPCHAINS PROXY...

/etc/init.d/proxy.sh: address: command not found

Enabling Dynamic IP Addressing...
Loading required IPMASQ kernel modules...
Enabling IP forwarding...
Enabling IP Defragmentation...
Setting default timers...
Internal interface: eth0
Internal network IP address is: 172.16.0.0/16
External interface: eth1
External interface IP address is: moja.dinamicka.ip.adresa
Clearing any existing rules and setting default policy...
Enabling IPMASQ functionality on eth1...
Proxy server rule loading complete

To je to. Pomoc?
[ VRider @ 23.01.2007. 15:41 ] @
Kako bi bilo da stavis nesto sto nije sa kraja proslog milenijuma, za pocetak?
[ Miroslav Strugarevic @ 23.01.2007. 19:11 ] @
Može Woody da se instalira i sa 2.4 kernelom. Komanda: linux24 kao boot parametar pri instalaciji.
[ Brrrrmko @ 24.01.2007. 16:22 ] @
Hvala na interesovanju!

Preinstalirao sam Woody-ja sa kernelom 2.4.18 i odradio sve po uputstvu za ovaj kernel.

Sada mi ne prijavljuje onu gresku: /etc/init.d/proxy.sh: address: command not found.

Sve je u redu. Prihvata public IP adresu i prijavljuje je normalno pri izvrsavanju skripte proxy.sh.

Sa drugog racunara u mrezi (winXP) pingujem ip adresu i interne i eksterne mrezne kartice.

Kad pokrenem: "tracert www.yahoo.com" (sa winXP racunara) izbaci:

"unable to resolve target system name www.yahoo.com", kao da nije dobar DNS ,mada sumnjam, jer pri konektovanju na internet debian povuce DNS adrese i ubaci ih u resolv.conf, sto sam i proverio u resolv.conf, a i na sajtu "DNS stuff,tools..." mi prijavljuje iste adrese za DNS.

Kad probam sa: "tracert 66.249.89.99" da zaobidjem DNS, izbaci mi samo prvu liniju, tj. ip adresu i hostname proxy-ja (ip interne mrezne karte debian racunara), a posle toga "zvezdice".

Na winXP racunaru je sve podeseno: ip adresa, subnet mask, default gateway, 2 DNS adrese (iz resolv.conf), ali nece da proradi.

Sta sad?
[ anrxc @ 24.01.2007. 17:17 ] @
Citat:
Brrrrmko: Preinstalirao sam Woody-ja sa kernelom 2.4.18.

Sada mozes koristiti iptables za koji ces vjerujem naci mnogo vise NAT uputa i primjera.

Citat:
Brrrrmko: Sada mi ne prijavljuje onu gresku: /etc/init.d/proxy.sh: address: command not found.

Pogledaj liniju 40 u skripti i povuci je u prethodni red.

[ Brrrrmko @ 24.01.2007. 18:31 ] @
U pravu si, nisam video to, ali sad sam instalirao sa kernelom 2.4.18 i to je resheno.

Pokusavajuci da uspostavim internet konekciju, palo mi na pamet da probam sa VPN konekcijom, i to radi? Nije mi jasno zasto internet nece da proradi, kad VPN konekcija radi preko proxy-ja (debian racunara)?
[ rj444 @ 20.02.2007. 00:22 ] @
Kao DNS server na XP-u podesi IP adresu Debian racunara, a ne DNS servere koje Debian vidi. Mada i tako treba da radi, mozda ti na firewall-u nije otvoren port 53 za outbound konekcije da bi mogao da vrsis DNS upite tom spoljnom DNS serveru.