Well, it was actually enough to share the internet connection but not enough to control how it shares the connection and speed it up. Since it was configured as a DHCP server, we are having a hard time monitoring what PC is viewing this and that. We also cannot effectively filter out "undesireable websites" via the appliance router.
So I had to go back to my old setup... NAT + Squid + Built-in Filter and now plus DHCP server. We were using Ubuntu 8.10 and I thought it would be easy after all this time I am configuring such setup. It was actually easy, except for one thing... NETWORK setup on Intrepid.
Okay, here is the setup. I have two NICs, eth0 and eth1. eth1 is connected to the Internet with a dynamic IP while eth0 is connected to the LAN and to be configured with a static IP.
I tried to use the built-in Network Manager but there seems to be a bug on it. It won't save static IP configuration after a reboot. So, eventhough I have configured eth0 with an IP of let's say 192.168.2.1... after a reboot it would still and again ask for a dynamic IP.
Darn!
Perhaps, there could be other better solutions out there for static IP to work on Network Manager but I did it on a way that I am comfortable... get my hands dirty on /etc/network/interfaces. Here it goes!
1. Disable Network Manager
sudo update-rc.d -f NetworkManager remove1.1 Open and edit /etc/network/interfaces (dynamic eth1, static eth0).
gksu gedit /etc/network/interfacesMy /etc/network/intercafes looks like this:
auto lo eth0 eth1Reboot
iface lo inet loopback
iface eth0 inet static
address 192.168.2.1
netmask 255.255.255.0
iface eth1 inet dhcp
2. Install and configure DHCP
2.1 Install
sudo apt-get install dhcp3-server2.2 Configure DHCP to provide reserved IPs to specific computers.
2.2.1 Open DHCP conf file, edit to provide ip range 192.168.2.0/24 plus reserved IPs for specific PCs.
gksu gedit /etc/dhcp3/dhcpd.confCopy, paste, and edit the following configuration according to your LAN settings (leave out the comments),
default-lease-time 600;Of course, we have more PCs but I have to cut it to three. :) To get the MAC address of each PC, issue the ifconfig command (ipconfig /all for Windows PC).
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.2.1; # This should be your Squid/NAT server
option domain-name-servers 208.67.222.222, 208.67.220.220; # These are OpenDNS settings
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.160 192.168.2.169; # Edit accordingly
}
host linksys {
hardware ethernet 00:21:29:65:7a:66;
fixed-address 192.168.2.170;
}
host ecenter1 {
hardware ethernet 00:07:e9:01:b5:dc;
fixed-address 192.168.2.171;
}
host ecenter2 {
hardware ethernet 00:07:e9:01:bc:be;
fixed-address 192.168.2.172;
}
2.2.3 Restart dhcpd for the settings to take effect.
sudo service dhcpd restart3. Configure NAT via Ipkungfu (transparent redirection will be done later)
3.1 To save space, Please just read my blogspot on this at LINK . Additional info at LINK, which was actually partially based on my blogspot too. :) Don't forget to reboot thereafter.
4. Configure squid with minimal configuration. I just lifted and edited accordingly my previous post on this:
First install squid via apt-get or synaptic:
sudo apt-get install squidAfter installation, edit Squid's configuration file:
sudo gedit /etc/squid/squid.confIn the /etc/squid/squid.conf file, search and edit the following options/tags:
#TAG:http_port
http_port 3128 transparent
#OPTION WHICH AFFECT THE CACHE SIZE
cache_mem (1/4 of the your RAM) MB
(e.g. assuming your RAM is 1Gb then its "cache_mem 250 MB")
#LOGFILE PATHNAMES AND CACHE DIRECTORIES
#cache_dir ufs /var/spool/squid 100 16 256
cache_dir diskd /cache (capacity of your /cache in MB) 16 256
(make sure /cache already exists)
#RECOMENDED MINIMUM CONFIGURATION
acl netxxx src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
(specify your network and netmask e.g. "acl mynet src 192.168.0.0/255.255.255.0)
# AND FINALLY DENY ALL OTHER ACCESS TO THE PROXY
http_access allow netxxx
(e.g. "http_access allow mynet")
#TAG:Visible_hostname
visible_hostname (yourserver name)
At the terminal, change the ownership of the existing /cache folder:
sudo chown proxy:proxy /cacheThen create swap directories at /cache:
sudo squid -zThen fireaway squid!
sudo /etc/init.d/squid start5. Enable transparent redirection via IpKungfu
5.1 Open and edit /etc/ipkungfu/redirection.conf.
gksu gedit /etc/ipkungfu/redirection.confUncomment the line that has 3128 on it.
5.2 Restart IpKungfu for settings to take effect.tcp:80:3128:internal # transparent squid proxy
sudo /etc/init.d/ipkungfu restartMy squid configuration was actually configured to filter out undesirable websites and that will be tackled on my next blogpost.
Till then!
No comments:
Post a Comment