router/nat with only one NIC

Tim Wunder tim
Sat Sep 25 08:05:46 PDT 2004 

On Wednesday 08 September 2004 8:14 pm, someone claiming to be David A. Bandel 
wrote:
> On Wed, 08 Sep 2004 09:21:14 -0400
>
> Tim Wunder <tim at thewunders.org> wrote:
> > Is it possible to route internal internet traffic through a server
> > that has only one NIC?
> >
> > I've only had one PC connected to the internet for quite some time and
> >
> > have it configured to route all internet traffic through squid,
> > squidguard and dansguardian. I want to add a second PC and have its
> > internet traffic routed the same way. The server that runs squid and
> > dansguardian currently has only one NIC. So far, the information I've
> > found on the 'net through googling indicates that I need to have a
> > second NIC in order to do this.
> >
> > Is there a way to do it without adding a second NIC?
>
> Yes, just get a second IP from your provider (and configure the first
> server as your proxy) or:
>
> ifconfig eth0:1 192.168.31.1
> echo 1 > /proc/sys/net/ipv4/ip_forward
> echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirect
> add any firewall stuff you want, plus you'll need:
> iptables -t nat -I POSTROUTING -s 192.168.31.0/24 -j SNAT --to-source
> xxx.xxx.xxx.xxx
>
<snip>

OK, finally getting around to trying this...

This is what I've done on my server/desktop PC running 
squid/dansguardian:
# cat  /proc/sys/net/ipv4/ip_forward
1
# cat /proc/sys/net/ipv4/conf/eth0/send_redirects
0

# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:60:97:29:68:98
          inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::260:97ff:fe29:6898/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:604932 errors:0 dropped:0 overruns:0 frame:0
          TX packets:608553 errors:0 dropped:0 overruns:0 carrier:4
          collisions:45 txqueuelen:1000
          RX bytes:327814246 (312.6 Mb)  TX bytes:273362483 (260.6 Mb)
          Interrupt:11 Base address:0xe400

eth0:1    Link encap:Ethernet  HWaddr 00:60:97:29:68:98
          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:604932 errors:0 dropped:0 overruns:0 frame:0
          TX packets:608553 errors:0 dropped:0 overruns:0 carrier:4
          collisions:45 txqueuelen:1000
          RX bytes:327814246 (312.6 Mb)  TX bytes:273362483 (260.6 Mb)
          Interrupt:11 Base address:0xe400


nat requests from 10.0.0.0/24 thru 192.168.1.2 (eth0 on the server):
# iptables -t nat -I POSTROUTING -s 10.0.0.0/24 -j SNAT --to-source 
192.168.1.2

redirect http requests thru dansguardian:
# iptables -t nat -I POSTROUTING -s 10.0.0.0/24 -j SNAT -p tcp --sport 80 
--to-source 192.168.1.2:3129

redirect squid requests thru dansguardian:
# iptables -t nat -I POSTROUTING -s 10.0.0.0/24 -j SNAT -p tcp --sport 3128 
--to-source 192.168.1.2:3129

I've also configured the server to give out IP addresses via DHCP as follows:
# cat /etc/dhcpd.conf
default-lease-time 86400;
max-lease-time 86400;
option subnet-mask 255.255.255.0;
option broadcast-address 10.0.0.255;
option routers 10.0.0.1;
option domain-name-servers 68.34.76.5, 68.34.76.6;
option domain-name "thewunders.org";
ddns-update-style ad-hoc;

subnet 10.0.0.0 netmask 255.255.255.0 {
  range 10.0.0.2 10.0.0.5;
}


On my laptop. I configured the Wireless IPW2100 card to get its IP via DHCP 
and it gets one, 10.0.0.5.
Its /etc/resolv.conf file looks like this:
# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search thewunders.org
nameserver 68.34.76.5
nameserver 68.34.76.6

More information about the Linux-users mailing list